Conference Paper/Proceeding/Abstract 2113 views 629 downloads
Cybersecurity problems in a typical hospital (and probably in all of them)
Harold Thimbleby 
Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium, Pages: 415 - 439
Swansea University Author:
Harold Thimbleby
-
PDF | Version of Record
Download (2.84MB)
Abstract
A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highl...
| Published in: | Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium |
|---|---|
| ISSN: | 9781540796288 |
| Published: |
Developments in System Safety Engineering [SCSC-135]
2017
|
| Online Access: |
Check full text
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa32502 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| first_indexed |
2017-03-20T14:08:28Z |
|---|---|
| last_indexed |
2018-02-09T05:20:28Z |
| id |
cronfa32502 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0"?><rfc1807><datestamp>2017-05-21T10:09:29.9019427</datestamp><bib-version>v2</bib-version><id>32502</id><entry>2017-03-20</entry><title>Cybersecurity problems in a typical hospital (and probably in all of them)</title><swanseaauthors><author><sid>c12beb0ab0e333a9a512589d411d17f3</sid><ORCID>0000-0003-2222-4243</ORCID><firstname>Harold</firstname><surname>Thimbleby</surname><name>Harold Thimbleby</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2017-03-20</date><deptcode>FGSEN</deptcode><abstract>A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance.</abstract><type>Conference Paper/Proceeding/Abstract</type><journal>Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium</journal><paginationStart>415</paginationStart><paginationEnd>439</paginationEnd><publisher>Developments in System Safety Engineering [SCSC-135]</publisher><issnPrint>9781540796288</issnPrint><keywords>Cybersecurity, healthcare IT</keywords><publishedDay>9</publishedDay><publishedMonth>2</publishedMonth><publishedYear>2017</publishedYear><publishedDate>2017-02-09</publishedDate><doi/><url>http://harold.thimbleby.net/NICE/SSS17cybersecurity.pdf</url><notes/><college>COLLEGE NANME</college><department>Science and Engineering - Faculty</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>FGSEN</DepartmentCode><institution>Swansea University</institution><apcterm/><lastEdited>2017-05-21T10:09:29.9019427</lastEdited><Created>2017-03-20T09:11:36.6680897</Created><authors><author><firstname>Harold</firstname><surname>Thimbleby</surname><orcid>0000-0003-2222-4243</orcid><order>1</order></author></authors><documents><document><filename>0032502-20032017091806.pdf</filename><originalFilename>SSS17cybersecurity.pdf</originalFilename><uploaded>2017-03-20T09:18:06.5030000</uploaded><type>Output</type><contentLength>2952603</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><embargoDate>2017-03-20T00:00:00.0000000</embargoDate><copyrightCorrect>true</copyrightCorrect><language>eng</language></document></documents><OutputDurs/></rfc1807> |
| spelling |
2017-05-21T10:09:29.9019427 v2 32502 2017-03-20 Cybersecurity problems in a typical hospital (and probably in all of them) c12beb0ab0e333a9a512589d411d17f3 0000-0003-2222-4243 Harold Thimbleby Harold Thimbleby true false 2017-03-20 FGSEN A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance. Conference Paper/Proceeding/Abstract Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium 415 439 Developments in System Safety Engineering [SCSC-135] 9781540796288 Cybersecurity, healthcare IT 9 2 2017 2017-02-09 http://harold.thimbleby.net/NICE/SSS17cybersecurity.pdf COLLEGE NANME Science and Engineering - Faculty COLLEGE CODE FGSEN Swansea University 2017-05-21T10:09:29.9019427 2017-03-20T09:11:36.6680897 Harold Thimbleby 0000-0003-2222-4243 1 0032502-20032017091806.pdf SSS17cybersecurity.pdf 2017-03-20T09:18:06.5030000 Output 2952603 application/pdf Version of Record true 2017-03-20T00:00:00.0000000 true eng |
| title |
Cybersecurity problems in a typical hospital (and probably in all of them) |
| spellingShingle |
Cybersecurity problems in a typical hospital (and probably in all of them) Harold Thimbleby |
| title_short |
Cybersecurity problems in a typical hospital (and probably in all of them) |
| title_full |
Cybersecurity problems in a typical hospital (and probably in all of them) |
| title_fullStr |
Cybersecurity problems in a typical hospital (and probably in all of them) |
| title_full_unstemmed |
Cybersecurity problems in a typical hospital (and probably in all of them) |
| title_sort |
Cybersecurity problems in a typical hospital (and probably in all of them) |
| author_id_str_mv |
c12beb0ab0e333a9a512589d411d17f3 |
| author_id_fullname_str_mv |
c12beb0ab0e333a9a512589d411d17f3_***_Harold Thimbleby |
| author |
Harold Thimbleby |
| author2 |
Harold Thimbleby |
| format |
Conference Paper/Proceeding/Abstract |
| container_title |
Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium |
| container_start_page |
415 |
| publishDate |
2017 |
| institution |
Swansea University |
| issn |
9781540796288 |
| publisher |
Developments in System Safety Engineering [SCSC-135] |
| url |
http://harold.thimbleby.net/NICE/SSS17cybersecurity.pdf |
| document_store_str |
1 |
| active_str |
0 |
| description |
A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance. |
| published_date |
2017-02-09T03:39:50Z |
| _version_ |
1763751797738962944 |
| score |
11.037056 |