The NHS is, in principle, a beautiful organisation. It is there to provide Britons with healthcare free at the point of use, enabling millions upon millions to rest easy in the knowledge that their health is a national priority. But the government has not been treating the NHS kindly, and an unlikely result is materialising in the form of cyber-unreadiness. But how is it that UK healthcare is a magnet for cybercrime?
Healthcare and Cyber
Healthcare is not an inherently technological field, but technology has stitched itself into healthcare and healthcare innovation. The digital revolution had an indelible impact on the rate at which new drugs and treatments could be trialled, to say nothing of research and development into new diagnostic and surgical tools. But another undeniably impactful corner of healthcare technology is the clerical side.
Computer technology and data-sharing have become vital aspects of the administrative side of healthcare. Information of all kinds can be saved, stored, shared and otherwise engaged with for the betterment of patient care and experiences – but herein, partly, lies the issue.
It is exactly that information which is of high value to cybercriminals – that information, of course, being patient data. Data is a new commodity in a digital techno-futurist landscape, where sensitive and private information about otherwise private citizens can be used in multiple ways. Verifiable contact information can be used by scammers to widen their potential audience, or by identity fraudsters to enable fraudulent activity. Sensitive information can even become tools for blackmail and other more brazen forms of fraud.
Dated, Non-Central Systems
Stealing such data from NHS systems might sound high-risk from the outside, and would indeed be considered as such – were it not for the intervening factor that is the state of the NHS’ digital infrastructure. Due to systemic government underfunding, working in tandem with administrative bloat, NHS systems are often reliant on dated technology.
The upgrading of critical systems across the NHS has been underway for some time, but it remains an unfortunate fact that many systems still rely on programmes and operating systems that predate Windows XP – presenting golden opportunities for cybercriminals to infiltrate. This is made all the easier by the non-centralised manner in which systems are interlinked, reducing the likelihood of a meaningful national security programme being implemented.
Access and Training
But the issues facing the NHS in this regard are not limited to the technologies themselves. In most cases, the weak links for cybercrime are not the programmes holding data, but rather the people that have access to them in the first place. Cybercriminals will always take the path of least resistance to secure their bounty, and it is often easier to ‘phish’ an ill-trained administrative staff member into giving up passwords than it is to ‘hack’ into a government system. For this reason, cyber-training is an essential concern.