Freely subscribe to our NEWSLETTER

Kevin Curran, IEEE senior member and professor of cybersecurity at the University of Ulster believes there should be greater visibility and accountability with regards to the use of our healthcare data:

“Whilst this is a step in the right direction, moving health records online will naturally raise some concerns. Any systems which provide externally facing data must be robust in their authentication mechanisms and have protections in place to limit the security risks of web-based applications. The move to an online an app does seem like a natural progression, however there is a difference between having computerised records within our healthcare IT infrastructure and having those records reside on a public facing server. Having records inhouse limits the range and type of access – its far more difficult for remote hackers.

“There are techniques that healthcare organisations can use to reduce the risk of future data breaches. One way is to make it ‘opt in’, so patients have the choice to decide whether their medical information is moved to a public facing service so that they can access it. However, those who do not opt in or download the app instead should have their records hosted in a non-public-facing cloud service. This way, if a data breach does occur, those who never used the app, or not wanted to, will not have had their details released.

“Developing a secure and robust web application is incredibly hard. Of course, the teams involved in this transformation will be aiming to deliver a secure and reliable service, of that there can be no question. However, the cyber security strategy will need to be extensive.”