Maksim Kabakou - Fotolia
Labour's first cyber priority must be the NHS
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government
Of the five missions outlined by Keir Starmer’s government in the King’s Speech on 17 July 2024, one stands out above all others in the minds of the UK public: ‘Building an NHS fit for the future.’
According to a recent Ipsos poll of 1,001 adults in Great Britain, 69% of respondents say that this mission is the most important to them. This is way ahead of the second-place response, ‘Making Britain’s streets safe,’ cited by just 35% as their top priority. It ranks far higher than the other three missions, which focus on economic growth (26%), clean energy (19%) and childhood opportunities (19%).
As a security specialist, this finding is striking because, without a significant rethink of how data relating to patients and their care is secured and managed, these longed-for improvements in NHS services remain frustratingly out of reach.
A better picture
Of course, I recognise that improved cyber security and better data management are only part of a far wider picture. And that picture isn’t a pretty one, featuring countless backlogs and delays resulting from years of underinvestment.
But hear me out. The UK public wants better care and patient outcomes from the NHS. I believe that if NHS resources - from appointments with consultants to the availability of MRI and CT scans - were more effectively shared across NHS trusts, then an uplift in patient outcomes would surely follow. A patient waiting months for surgery in Manchester, for example, might be more than willing to travel to Sheffield if it allowed them to have their operation more quickly.
But for this scenario to work, data would also need to be shared more effectively across NHS trusts. And it’s no secret that current cyber security practices within the health service aren’t in alignment with that approach. Vast quantities of structured and unstructured data reside across a wide range of back-end systems, each allocated a particular purpose, whether that’s electronic health records, laboratory results, medical images and so on.
Most NHS cyber security teams, as under-resourced and under-equipped as they are, must focus on locking down every system used by their specific trust to the best of their abilities, using a portfolio of different and often outdated security technologies. It’s an untenable situation and often proves inadequate when tackling security threats, as demonstrated by last summer’s cyber attacks on London hospitals, which disrupted services and compromised patient data.
The Computer Weekly Security Think Tank on cyber policy
Index, search, analyse
So, how would I propose tackling threats to NHS data in a way that would support a ‘shared services’ approach that might work better for patients?
First, cyber security defences within the health service need to be fortified, there’s no question about that. The NHS needs to get serious about proactive responses to threats rather than sticking to the traditional defensive approach. Tools that can be used to search for data residing in disparate data stores and analyse it in real time should be deployed in threat detection and response, boosting visibility and enabling teams to spot and shut down any suspicious activity.
Second, these tools should be used to ‘surface’ NHS data, displaying it to authorised users via a ‘single pane of glass’ but leaving it in the protected source systems where it resides. In this way, it can be safely viewed alongside relevant data from other source systems and across other NHS trusts, enabling staff to ‘match’ a patient facing a long wait for an appointment in one town or city with an available service in a nearby location.
Most importantly, I believe that all this could be achieved within the NHS with minimal incremental spend. After all, it’s no secret that NHS spending is likely to remain a tricky subject, regardless of the new government’s best intentions. In the run-up to the General Election, political parties were warned by charity and think tank the Health Foundation that the NHS in England would need an extra £38bn by the end of the next parliament to cut the care backlog and end long treatment delays. The new government’s current spending plan falls woefully short of this target.
Beyond the NHS, I can see this kind of approach working well in several other sectors, such as education, housing, policing and prison reform. In fact, it’s already revolutionising the way that many government agencies worldwide interact with data, helping decision-makers extract value from their back-end data stores and tackle agency-specific challenges.
Across the board, Starmer’s government must deliver on its promises to improve public services with very little funding at its disposal. The new government needs to think smarter. It must do more with less – and in this respect, a new and improved approach to securing and managing data could be a powerful weapon.
Adam Button is EMEA field CTO for security at Elastic.