Aclean bill of health instant messaging

Dan Boddington, systems engineer at StarLeaf, discusses the dangers of using insecure messaging, and asks if the increase in its use is putting patients’ information at risk.

Social media is the modern medicine for wagging tongues and communal chat. It is the panacea for a digitally hungry generation and a platform for participation that globally pulses every second with voice and video calls, image sharing, and messaging. However, used for the wrong purposes, it can leave medical professionals with a big headache – a major data breach. So, as pressures on the health service are

intensifying to diagnose and communicate more quickly, are we in danger of creating a data-dystopian society, which is putting patients’ information at risk?

What’s the problem?

According to research undertaken by BMJ Innovations, WhatsApp is used by 97% of doctors to routinely send patient data without gaining consent, albeit that 68% were ironically concerned about sharing information in such a public way. This is a worrying trend given that information security is paramount today and that recent Public Health Sector cyber-attacks have devasted systems with ransomware and malicious botnets. Falling foul of data security can be a bitter pill to swallow. With the EU’s General Data Protection Regulation (GDPR) having the

Vulnerabilities within messaging services raise serious concerns around end-to-end encryption on platforms, such as WhatsApp, and the data- in-transit security on phones and servers must comply with NHS security and privacy standards.

MAY 2019

power to bite with hefty fines, being non- compliant will be damaging to both reputation and finances. Today, people are empowered cybercitizens who can enforce the ‘Right to be Forgotten’ and demand consent before their sensitive information is shared, stored, and used for commercial purposes. Vulnerabilities within messaging services raise serious concerns around end-to-end encryption on platforms, such as WhatsApp, and the data-in-transit security on phones and servers must comply with NHS security and privacy standards. Smart hackers choose to target these platforms because they contain weak security, which acts as an open door to steal valuable biomedical data to commit identity fraud. Once a cybercriminal has built a profile of an innocent victim, it is possible to use this information to access their bank accounts, on-line shopping channels, and even government held information. Another concern for healthcare services is the potential for data misuse by staff that leave their job at the organisation. If they have been using WhatsApp on their personal devices to send and receive patient data, they will still have access to this data when they leave the organisation. This could constitute a serious breach of data privacy regulations, and open patients up to their data being misused. A secure, integrated messaging platform managed by IT staff could prevent this kind of data breach, by ensuring that employees cannot access this data once they have left the organisation. The British General Medical Council (BGMC) clearly states: “The standards expected of doctors do not change because they are communicating through social media rather than face to face or through other traditional media.” Patient confidentiality and safety are of paramount importance. Heads of medial centres and their IT departments recognise the need for effective messaging services, but have stressed that free apps are not appropriate for professional use. Dealing with data confidentiality does not have to be complex. Robust solutions with intelligently


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72