Qilin, Synnovis and NHS Data
Cybercrime hits the NHS!
There used to be a time when we used to differentiate between “tech-geeks” and others. That time is long gone as almost all of us own a smartphone so we engage with technology daily. In some way, we have become “experts” as even the days of specialised phone shops are dying out as google gives us all the answers!
Patient confidentiality and technology go hand in hand. The NHS has adapted over the past 20 years to embrace the technological age. In fact, this is still going on as you might happen to work in a trust/organisation that still uses paper notes. The NHS has been a little late to the game but has got robust IT organisations aiding this “IT revolution".”
One of the most important steps the NHS took was to transfer its patient data online. This allows for better integration the tangible value of which we experience everyday. It may not be perfect, but having access to what a patients journey in hospital has been is really useful for us working in primary care!
However, recently the Russian organisation Qilin launched a severe cyberattack on the Synnovis, a company that manages the biochemistry/haematological tests done in a handful of London hospitals including Kings College Hospital and Guys & St Thomas’ Hospital. This attack has led to the stealing of key patient data including names, date of birth and blood tests results. Some of these were leaked by Qilin in exchange for payment.
Now the NHS does not have an integrated server , in the classic sense of course. Instead, it operates a number of local hubs which separately feed data into a centralised node. This means that the attack is likely to be limited to these hospitals. However, the scary thing is that any of us “end users,” in other words, those who engage with the NHS interface could be the entry point of compromising patient data.
“Your password is expired, please change it…”
Yes… It’s annoying. However, changing our passwords regularly is so, so important. Studies have shown that most of us have the same password(s) for everything and unfortunately this isn’t great practice. Changing our passwords regularly is one step, but here are some important actions we can take to protect patient data.
Make sure to log off! I’m so guilty of this but logging off after using a computer is vital. You don’t know who might tamper with your log-in after you!
Do not click “sign me in automatically.” It’s quite an instinctual thing to do nowadays but remember, if you’re on a public computer your data could be accessed by someone else
Report any phishing/spam to your NHS organisation. We occasionally get these through to our NHS emails and each organisation will have a spam email policy. I would suggesting forwarding these emails to the designated authority.
If connected to the local wifi, do not click any unrecognisable links on your own devices. As you’re linked to a cloud wifi, your device can be used as an entry point to effect the whole network
Protect your own devices. Please ensure that you have an antivirus/malware software on your phone or laptop and run a scan at regular intervals. Virus’ can be attached to the most unexpected things including PDFs, emails and website links.
This currently episode is going to be interesting to watch. Unfortunately it could lead to the leakage of significant amounts of patient data but could mean a change in how we many data. It’s a scary world.
Are You CPD Ready?
CPD is something that is always at the back of our minds and before you know it, your appraisal will be around the corner! However, why not combine your CPD with some awesome, high quality learning that will ACTUALLY make a difference to your practice? Over the next two months, we have an exciting line-up of CPD events including:
Dermatology Masterclass (07/07/2024) - 3 CPD points: We bring together the latest updates in diagnosis, assessment and management of dermatology in primary care and secondary (acute) care settings. From eczema to skin cancers, we will discuss the entire spectrum of dermatological diseases.
Palliative Care Masterclass (04/08/2024) - 3 CPD points: I’m passionate about palliative care and having recently delivered an MDT presentation on palliative care, I’ve decided to adapt it and deliver it far and wide. In this session we will discuss home visits, diagnosing end of life, liaising with palliative care services, anticipatory medications, advanced decisions and ReSPECT forms. This session is geared towards the latest standard of UK practice and will make you a more careful, effective clinician in dealing with end of life care.
Oh and please note, we are an officially licensed CPD company so your points
You can find our upcoming courses here: https://www.paretoeducation.co.uk/professionals
Check us out on our various pages
Website: www.paretoeducation.co.uk
Instagram: www.instagram.com/pareto_ed
Twitter: www.twitter.com/pareto_ed
Youtube: https://bit.ly/3DPm23c
Email: paretopaeducation@gmail.com