Is cyber security a massively under-estimated problem in healthcare, or one that is massively over-hyped? Where does the truth sit?
Fear, Uncertainty and Doubt – in case you were wondering how that acronym unfolded – is plentiful both in politics and the broader media. Which is why we get Chancellor George Osborne warning that if ISIS successfully attacked hospitals online “the impact could be measured not just in terms of economic damage but of lives lost”; even though there is no evidence to suggest the terrorist outfit is targeting them. The atmosphere of FUD is unhelpful, because it makes it hard to judge the real risk. This was shown very clearly in Digital Health’s first NHS IT Leadership Survey, which concluded that cyber security was something of a ‘marmite’ issue for the senior IT managers and clinicians who took part. A quarter of IT directors thought cyber security issues were a ‘big threat’ and ‘high risk’, and just under a fifth of chief clinical information officers thought the same. But around 10% of both groups thought that security risks were ‘overstated.’; and the same proportion said they just didn’t know.