CybelAngel comment on NHS sharing patient data
Following the news that the NHS will be sharing patient data with third parties, David Sygula, Senior Cybersecurity Analyst at CybelAngel shares the following words:
‘This move from the NHS provides some strong benefits from an academic research standpoint. An initiative like this could have been useful in better controlling the magnitude of the pandemic, and all research work that goes with it.
However, data collection on this scale is creating a new set of risks for individuals, where their Personal Health Information (PHI) is exposed to third-party data breaches. The extent of the unsecured database problem is growing. It’s not simply an NHS issue, but the NHS’ third, fourth or further removed parties too, and how they will ensure the data is securely handled by all suppliers involved. These security policies and processes absolutely need to be planned well in advance and details shared with both third parties and individuals.
Several mechanisms must be put in place, starting with the anonymization of data, as data leaks will inevitably happen. Security researchers, attackers, and rogue states have all put in place processes to identify unsecured databases and will rapidly find leaked information. That’s the default assumption we should start with. It’s about making sure patients are not personally exposed in case of a breach, while setting up the appropriate monitoring tools to look for exposed data among the supply chain’.