Jump to content

Search the hub

Showing results for tags 'Cybersecurity'.

More search options

  • Search By Tags

    Start to type the tag you want to use, then select from the list.

  • Search By Author

Content Type


  • All
    • Commissioning, service provision and innovation in health and care
    • Coronavirus (COVID-19)
    • Culture
    • Improving patient safety
    • Investigations, risk management and legal issues
    • Leadership for patient safety
    • Organisations linked to patient safety (UK and beyond)
    • Patient engagement
    • Patient safety in health and care
    • Patient Safety Learning
    • Professionalising patient safety
    • Research, data and insight
    • Miscellaneous


  • Commissioning, service provision and innovation in health and care
    • Commissioning and funding patient safety
    • Digital health and care service provision
    • Health records and plans
    • Innovation programmes in health and care
    • Climate change/sustainability
  • Coronavirus (COVID-19)
    • Blogs
    • Data, research and statistics
    • Frontline insights during the pandemic
    • Good practice and useful resources
    • Guidance
    • Mental health
    • Exit strategies
    • Patient recovery
    • Questions around Government governance
  • Culture
    • Bullying and fear
    • Good practice
    • Occupational health and safety
    • Safety culture programmes
    • Second victim
    • Speak Up Guardians
    • Staff safety
    • Whistle blowing
  • Improving patient safety
    • Clinical governance and audits
    • Design for safety
    • Disasters averted/near misses
    • Equipment and facilities
    • Error traps
    • Health inequalities
    • Human factors (improving human performance in care delivery)
    • Improving systems of care
    • Implementation of improvements
    • International development and humanitarian
    • Safety stories
    • Stories from the front line
    • Workforce and resources
  • Investigations, risk management and legal issues
    • Investigations and complaints
    • Risk management and legal issues
  • Leadership for patient safety
    • Business case for patient safety
    • Boards
    • Clinical leadership
    • Exec teams
    • Inquiries
    • International reports
    • National/Governmental
    • Patient Safety Commissioner
    • Quality and safety reports
    • Techniques
    • Other
  • Organisations linked to patient safety (UK and beyond)
    • Government and ALB direction and guidance
    • International patient safety
    • Regulators and their regulations
  • Patient engagement
    • Consent and privacy
    • Harmed care patient pathways/post-incident pathways
    • How to engage for patient safety
    • Keeping patients safe
    • Patient-centred care
    • Patient Safety Partners
    • Patient stories
  • Patient safety in health and care
    • Care settings
    • Conditions
    • Diagnosis
    • High risk areas
    • Learning disabilities
    • Medication
    • Mental health
    • Men's health
    • Patient management
    • Social care
    • Transitions of care
    • Women's health
  • Patient Safety Learning
    • Patient Safety Learning campaigns
    • Patient Safety Learning documents
    • 2-minute Tuesdays
    • Patient Safety Learning Annual Conference 2019
    • Patient Safety Learning Annual Conference 2018
    • Patient Safety Learning Awards 2019
    • Patient Safety Learning Interviews
    • Patient Safety Learning webinars
  • Professionalising patient safety
    • Accreditation for patient safety
    • Competency framework
    • Medical students
    • Patient safety standards
    • Training & education
  • Research, data and insight
    • Data and insight
    • Research
  • Miscellaneous


  • News

Find results in...

Find results that contain...

Date Created

  • Start

Last updated

  • Start

Filter by number of...


  • Start



First name

Last name


Join a private group (if appropriate)

About me



Found 36 results
  1. Content Article
    In May 2021, the Irish public health service was the target of a cyber-attack. The response by the health service resulted in the widespread removal of access to ICT systems. While services including radiology, diagnostics, maternity and oncology were prioritised for reinstatement, recovery efforts continued for over four months. This study describes the response of health service staff to the loss of ICT systems and the risk mitigation measures introduced to safely continue health services. It also explores the resilience displayed by frontline staff whose rapid and innovative response ensured continuity of safe patient care.
  2. Event
    Developing trust when it comes to the employment of AI-driven healthcare is a complex challenge, and one that’s easy to get wrong. Daniel Morris, Partner at Bevan Brittan, Mahesh Hariharan, Founder and CEO of Zupervise, and Surabhi Srivastava, Commercial VP of Qure.ai, will together explore the importance of trust in AI-driven healthcare, and how effective governance can help build trust between patients & providers. They will discuss topics such as: data provenance; algorithmic transparency; and the role of human oversight in ensuring patient safety and data security. Register
  3. Content Article
    The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks. In 2022, 707 data breeches occurred in the US, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).  To help healthcare organisations address this growing patient safety concern, The Joint Commission has issued this Sentinel Event Alert that focuses on risks associated with cyberattacks and provides recommendations on how healthcare organizations can prepare to deliver safe patient care in the event of a cyberattack. 
  4. News Article
    Two ambulance trusts have been left without a working electronic patient care record system for a week after a cyber attack affecting its Swedish-based supplier. Staff at South Western Ambulance Service Foundation Trust and South Central Ambulance Service FT have been working on paper since the MobiMed system – supplied by the firm Ortivus – went down last Tuesday. More than 1,700 ambulances and clinical workstations use the system, according to the company. One employee told HSJ some staff were struggling with a paper-based system which meant they had less information on patients. ”We can’t do summary care record searches or see previous call information,” the staff member said. SWASFT sent a message to staff on Friday saying the system was likely to be down “for a prolonged period”. Read full story (paywalled) Source: HSJ, 25 July 2023
  5. Event
    Through multidisciplinary lectures from expert speakers and lively panel discussions, this Royal Society of Medicine conference will look at the current cybersecurity threats facing health and care organisations and examine the progress made by healthcare institutions since 2017 in rising to the challenge of cybersecurity. We will focus on the issues facing the NHS today and the steps that NHS organisations should take to protect themselves. Attendees will learn how cybercriminals and hostile nation-states pose a threat to patient safety and trust. Delegates will hear from NHSX, NHS Digital and key organisations that combat cyber threats daily. They will also hear directly from experts in the field about the steps they are taking to help healthcare organisations to address their issues and concerns. During this event, you will: Current cybersecurity threats faced by healthcare organisations from both cybercriminals and hostile nations. Specific risks due to online working, increasing digitalisation and prevalence of connected medical devices and artificial intelligence (e.g. data provenance). Specific risks due to the use of medical and telehealth devices in the home and community. How the NHS is equipped to deal with current and future threats. Tools and approaches to protect organisations and devices from attack. Register
  6. Content Article
    This document provides the principles, concepts, terms and definitions for health software and health IT systems, key properties of safety, effectiveness and security, across the full life cycle, from concept to decommissioning. It also identifies the transition points in the life cycle where transfers of responsibility occur, and the types of multi-lateral communication that are necessary at these transition points. This document also establishes a coherent concepts and terminology for other standards that address specific aspects of the safety, effectiveness, and security (including privacy) of health software and health IT systems.
  7. Content Article
    An overview of the industry study by MxD and IAAE between February and June 2021 funded by FDA Office of Counterterrorism and Emerging Threats. The aim of the study was to gain an initial baseline to deepen FDA’s understanding of the factors that impact a manufacturer’s decision to invest in and adopt digital technologies by illuminating both perceived and demonstrated barriers from technical, business, and regulatory perspectives, and related cybersecurity considerations.
  8. Content Article
    Mike Fell, executive director of national cybersecurity operations at NHS Digital,, discusses the WannaCry cyberattack, teaching GP surgeries to up their game and how data can save lives.
  9. News Article
    Medical devices are one major weak point in health care cybersecurity, and both the US Congress and the Food and Drug Administration took steps towards closing that gap this week —Congress with a proposed bill and the FDA with new draft guidelines for device makers on how they should build devices that are less likely to be hacked. Devices like infusion pumps or imaging machines that are connected to the internet can be targets for hacks. Those attacks can siphon off patient data or put their safety directly at risk. Experts consistently find that devices in use today have vulnerabilities that could be exploited by hackers. The new document is still just a draft, and device makers won’t start using it until it’s finalised after another round of feedback. But it includes a few significant changes from the last go-around — including an emphasis on the whole lifecycle of a device and a recommendation that manufacturers include a Software Bill of Materials (SBOM) with all new products that gives users information on the various elements that make up a device. An SBOM makes it easier for users to keep tabs on their devices. If there’s a bug or vulnerability found in a bit of software, for example, a hospital could easily check if their infusion pumps use that specific software. The FDA also put out legislative proposals around medical device cybersecurity, asking asking Congress for more explicit power to make requirements. “The intent is to enable devices to be that much more resilient to withstand the potential for cyber exploits or intrusion,” Schwartz says. Manufacturers should be able to update or patch software problems without hurting the devices’ function, she says. Read full story Source: The Verge, 8 April 2022
  10. News Article
    Doctors say it could take months to process mounting piles of medical paperwork caused by a continuing cyber-attack on an NHS supplier. One out-of-hours GP says patient care is being badly affected as staff enter a fourth week of taking care notes with pen and paper. The ransomware attack against software and services provider Advanced was first spotted on 4 August. The company says it may take another 12 weeks to get some services back online. Dr Fay Wilson, who manages an urgent-care centre in the West Midlands, says the main choke point for her team is with patient records. She said it could affect patient care "because we can't send notifications to GP practices, except by methods that don't work because they require a lot of manual handling, and we haven't got the staff to actually do the manual handling". Read full story Source: BBC News, 31 August 2022
  11. News Article
    Mental health trusts continue to suffer much disruption after a cyber attack left them unable to access their electronic patient records. Several trusts which use Advanced’s CareNotes EPR are grappling with the system being down, although the company said on Friday some progress had been made to restore the EPR. One source at an affected mental health trust said there had been “not much in the way of improvements”, while another said they feared it could be “months” before they can fully access the EPR. NHS England’s mental health director Claire Murdoch is regularly raising issue nationally, HSJ was told, as response teams work with Advanced to investigate and restore IT systems, which were taken offline after the company was hit by a cyber attack two weeks ago. Hereford and Worcestershire Health and Care Trust has told its patients they might have to “provide more detail on your medical history to ensure clinicians have the most up-to-date information”, while Oxford Health Foundation Trust warned the technical issues could cause delays to patient care. Read full story (paywalled) Source: HSJ, 21 August 2022
  12. News Article
    As the risk of cyberattacks on medical devices continues to mount, the Food and Drug Administration isn’t doing enough to ensure device makers include adequate security in their products, experts say. They charge that part of the problem is that the agency lacks the funds and the trained personnel to evaluate the cyber risk the devices carry and enforce the rules it does have on the books for approving devices. “I’ve spoken to device manufacturers, specifically product security people at device manufacturers, saying that they’ve been telling their organizations for the last year or two that they need to include cybersecurity as part of their submissions or else they’re going to get rejected,” said Mike Kijewski, CEO of medical device cybersecurity firm MedCrypt. “Yet for some of their recent submissions, they didn’t have a lot of cybersecurity documentation and they still got accepted by the FDA.” Cyberattacks remain a significant risk for healthcare companies. US patient safety group ECRI reported 173 medical device cybersecurity alerts in the past five years. The organisation warned that cybersecurity incidents don’t just disrupt business operations, but can “pose a real threat of physical harm.” For instance, ransomware attacks on hospitals can cause device outages that disrupt patient care, and at worst, put lives at risk. Read full story Source: MedTech Dive, 11 August 2022
  13. News Article
    Criminals have issued ‘demands’ to an NHS IT supplier targeted by a cyber attack, leading health chiefs to fear they have accessed confidential patient data, HSJ has learned. IT firm Advanced was targeted last week. The company provides electronic patient records to several trusts and most NHS 111 providers. Multiple government agencies – including the National Crime Agency and GCHQ – are now working to identify the extent of the damage caused by the attackers, while leaders of affected mental health trusts have warned of a “pretty desperate” situation as staff are unable to access vital patient records. In a statement issued last night, Advanced said: “With respect to potentially impacted data, our investigation is under way, and when we have more information about potential data access or exfiltration, we will update customers as appropriate.” Read full story (paywalled) Source HSJ, 11 August 2022
  14. News Article
    A cyber attack that has caused a major outage of NHS IT systems is expected to last for more than three weeks, leaving doctors unable to see patients’ notes, The Independent has learned. Mental health trusts across the country will be left unable to access patient notes for weeks, and possibly months. Oxford Health Foundation Trust has declared a critical incident over the outage, which is believed to affect dozens of trusts, and has told staff it is putting emergency plans in place. One NHS trust chief said the situation could possibly last for “months” with several mental health trusts, and there was concern among leaders that the problem is not being prioritised. In an email to staff, Oxford Health Foundation Trust chief executive Nick Broughton, said: “The cyber attack targeted systems used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings, triage, out-of-hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the Trust." The NHS director said: “The whole thing is down. It’s really alarming…we’re carrying a lot of risk as a result of it because you can’t get records and details of assessments, prescribing, key observations, medical mental health act observations. You can’t see any of it…Staff are going to have to write everything down and input it later.” They added: “There is increased risk to patients. We’re finding hard to discharge people, for example to housing providers, because we can’t access records.” Read full story Source: The Independent, 11 August 2022
  15. News Article
    Many NHS 111 services are without a crucial IT system for several days, after a cyber attack on a software supplier. Providers had to move to pen-and-paper yesterday, and have been unable to access patient records. Adastra – which is used by 85% of NHS 111 providers – went offline at 7am on Thursday. It was still affected as of Sunday, and staff were told it may not be online for several days. Advanced, which supplies Adastra, confirmed on Friday evening the incident was caused by a cyberattck, but says it managed to limit the damage to a small number of its servers. It was reported on Saturday that the attack is thought to have been by a criminal group trying to extort money — so-called ransomware — rather than an attack by a group linked to a state/government. As well as NHS 111, the system is used by some GP out-of-hours services and has also been marketed to urgent care providers. NHS 111 services have had to use lists of protocols when answering calls and write details down, rather than the software automatically implementing the protocols. One briefing note from commissioners in London, seen by HSJ, described the issue as a “total system outage” for NHS 111, and said “likely delays for patients… will continue throughout the weekend and potentially over next week”. Read full story (paywalled) Source: HSJ, 8 August 2022
  16. News Article
    The government has failed to meet most of its own deadlines for commitments to improve how the NHS uses data, including developing a cybersecurity strategy, HSJ can reveal. The delays include work to store and analyse patient data more securely, building public trust in the NHS’ use of patient data, and agreeing national strategies on cybersecurity and cloud technology. The strategy and its commitments were published following the Goldacre Review, which called for an overhaul of how NHS patient data is collected, stored and used. It came after the government was forced to indefinitely halt a controversial plan to collect all GP-held patient data in 2021, which resembled the fate of a similar data scheme in 2016. Several data projects have also come under scrutiny from doctors and campaigners in recent years, such as NHS England’s procurement of a new Federated Data Platform and a much-criticised trust’s data-sharing scheme with a credit rating company. Read full story (paywalled) Source: HSJ, 28 February 2023
  17. News Article
    Following the Advanced cyber attack in August 2022, Phil Huggins has revealed to a Digital Health Rewired audience that the NHS has “seen no clinical impact or significant clinical harm”, after a review to be released in the near future. The national chief information security officer for health and care at NHS England was speaking alongside a panel on the Cyber Security Stage on day two of Digital Health Rewired 2023 in London. Huggins explained that although the impact of the Advanced attack was big on the system, in a clinical sense it was not particularly damaging, despite the fact that client data was confirmed to have been exfiltrated. However, Ayesha Rahim, clinical lead for digital mental health at NHS England and chief medical information officer at Surrey and Borders Partnership Foundation Trust, was also on the panel, and spoke of the huge impact the attack had on staff. “The date 4th August is imprinted in my brain”, Rahim said, which is when the attack first happened and was first reported. She explained that it is “quite difficult to fully convey the chaos this caused”, giving examples of staff having no idea what a patient’s background was and therefore having to do everything “blindfolded”. Rahim said staff could not tell if it was safe to go out on visits to mental health patients due to the lack of data and information on them, and every time a person saw a staff member they were retraumatised having to explain their past over and over, including experiences of sexual abuse. Read full story Source: Digital Health, 15 March 2023
  18. Content Article
    In 2021, cybersecurity attacks on healthcare providers in the US reached an all-time high, with one study indicating that more than 45 million people were affected by these attacks in 2021 – a 32% increase on 2020. This report published by the Office of Senator Mark R Warner outlines the risk to patient safety posed by cyberattacks and proposes ways to improve federal leadership, enhance healthcare providers' preparedness for cyber emergencies and establish minimum cyber hygiene practices for healthcare organisations.
  19. News Article
    No patient data held by mental health trusts was taken following a cyber attack this summer, NHS England has confirmed. The regulator told HSJ it had received confirmation from tech firm Advanced, which was the subject of a cyber attack in July, that no data had been breached on its Carenotes electronic patient record. The EPR is used by around a dozen mental health trusts. The process of reconnecting trusts fully back to Carenotes also started this week, after providers spent two months with limited or no access to their EPR. HSJ previously revealed that senior NHS chiefs feared patient data may have been taken or accessed by those responsible for the cyber attack, who issued ransom demands to Advanced. Since then, experts have been brought in to investigate any potential data impact following the attack. Read full story (paywalled) Source: HSJ, 21 September 2022
  20. News Article
    On Tuesday, the FBI issued a report offering recommendations to address a number of cybersecurity vulnerabilities in active medical devices stemming from outdated software, as well as the lack of security features in older hardware. Once exploited, the vulnerabilities could impact healthcare facility operations, patient safety, data confidentiality and data integrity. If a cyberattacker takes control, they can direct devices to give inaccurate readings, administer drug overdoses or otherwise endanger patient health. The FBI noted in its briefing that a mid-year healthcare cybersecurity analysis found that equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps. Routine challenges include the use of standardised configurations, specialised configurations – including a substantial number of managed devices on a network – and the inability to upgrade device security features, according to the FBI's announcement. The agency further adds that research has found an average of 6.2 vulnerabilities per medical device and that 40% of medical devices at the end-of-life stage offer little to no security patches or upgrades. Read full story Source: Healthcare IT News, 13 September 2022
  21. Content Article
    Hospitals and other medical organisations are being hit by a rising number of cyberattacks; ransomware strikes on healthcare doubled annually between 2016 and 2021, according to a study published in December in the Journal of the American Medical Association. After a cyberattack, hospitals are forced to cancel procedures, reroute patients to other facilities and resort to pen-and-paper record-keeping. In this article, Wall Street Journal reporter James Rundle looks at how cyberattacks and a regulatory push are increasing the pressure on medical device manufacturers to improve the security of their products.
  22. News Article
    The Government is looking to hire a new cyber security chief for the NHS and Department of Health and Social Care (DHSC), at a time of heightened risk of cyber attacks against the health service. The DHSC last month issued a job advert for a “national chief information security officer”, who will sit within the digital policy unit of NHS England’s transformation directorate. It comes at a time when the risk of cyber attacks against the NHS is increasing. Earlier this summer, an attack on an NHS electronic patient record supplier impacted several providers, including a dozen mental health trusts, with some trusts still not having recovered their service fully. Meanwhile, in February, NHSE wrote to trusts to tell them to strengthen their cyber defences in the wake of Russia’s invasion of Ukraine. Read full story (paywalled) Source: HSJ, 18 November 2022
  23. News Article
    At least half of integrated care systems (ICS) lack plans for responding to cyberattacks, at a time of increasing cyber risks, HSJ can reveal. The findings also come at a time when the threat posed by cyber attackers is “constantly evolving”, and in the wake of a recent high-profile attack on a supplier to several trusts. In August 2021, NHS England published a framework – What Good Looks Like – to set out what ICSs and member organisations must achieve to be considered digitally mature. Requirements included that all ICSs should have a system-wide plan for “maintaining robust cybersecurity” with “centralised capabilities to provide support across all organisations”. However, 20 ICSs have told HSJ they do not yet have such a cybersecurity strategy or plan in place. Nine ICSs said they did, while the remaining 13 ICSs did not respond. This is despite the NHS being subjected to a growing number of cyber attacks. In 2020-21, NHS Digital reported the health service had been targeted roughly 21 million times on a monthly basis, which marked an increase since before the pandemic. Most of these are malicious emails containing malware and are automatically blocked by cyber defence and monitoring systems. However, in August, a dozen mental health trusts and several NHS 111 and urgent care providers were badly affected by a cyber attack on one of their IT suppliers, Advanced. Several trusts have not yet regained full access to their electronic patient record three months on from the attack. Read full story (paywalled) Source: HSJ, 11 November 2022
  24. News Article
    Patient care is still being undermined at NHS mental health trusts and social care providers that were hit by a major cyber attack in August, doctors have warned. Three months after the major attack wiped out NHS systems, patients’ records are missing, safety has been compromised, and medication doses are at risk of being missed amid ongoing “chaos”, i News has been told. Dr Andrew Molodynski, mental health lead at the British Medical Association, said the prolonged systems failure has damaged care because records are “integral to patients’ safety”. Mental health patients’ records and safeguarding alerts have not been available in some trusts since 4 August, when NHS software provider, Advanced, was hit by a ransomware attack which targeted its Carenotes records system. A total of 12 NHS mental health trusts have been impacted by the cyber attack, potentially impacting tens of thousands of patients as well as social care providers. According to Advanced’s own hazard log spreadsheet, seen by i News, the risks associated with disruption to its server include “medication doses missed”, “required number of carers not met”, “basic needs not met, such as nutrition and personal care”, and “health needs not met, such as wound care and physical support”. Advanced said: “We recognise that the restoration process has taken longer than we had initially anticipated and we have sought to communicate as clearly and transparently as we have been able.” It said planned dates for restoring the system for each client has been communicated directly and that the “overall restoration programme remains on track”. Read full story Source: i News, 4 November 2022
  • Create New...