Opinion: Interoperability – What every cybercriminal is waiting for

Interoperability is one of the biggest issues facing healthcare providers today as far as technology goes. In fact, one of the most scathing criticisms of major healthcare IT suppliers is that their solutions don’t play nicely together and that’s a problem. We want to shift patient care into the community, develop integrated care systems and focus on population health rather than just treating the sick. None of these things can happen without interoperability.

Now, we’re getting there slowly but surely and as policy and procurement mandates get given teeth then suppliers will start to realise that it’s in their commercial interests to alter their behaviours. However, my job isn’t to preach about the benefits of interoperability but to tell you about the other side of the coin –  how interoperability can break healthcare.

Let me caveat this by saying that this isn’t an excuse for suppliers or anyone else to push back against interoperability and a more open ecosystem but a warning about what needs to be done to make sure that new risks aren’t ignored that could derail the benefits. With that out of the way, what we need to accept is that the security across NHS trusts still has a fair way to go before it can be considered mature. I would suggest that the general digital maturity across all trusts far outweighs security maturity which means the average trust is increasingly dependent on digital systems for its core workflows but not proportionally capable enough to secure those dependencies.

Now, let’s take the concept of interoperability to its logical conclusion which involves independent trusts within a region being able to share all kinds of clinical and operational information to manage regional services effectively and safely. Perhaps that’s what an Integrated Care System should do? Let’s extend that capability so that any trust in the country can connect directly to specialist centres of excellence outside of their regions like a paediatric or eye hospital which in turn need to be able to communicate with every possible referral source. That’s just healthcare providers connecting seamlessly so how about we add another layer – the general public. Everyone has NHS applications or third-party supplier solutions that are used to access or outsource NHS services which connect not only with centralised systems but which double back into local trust IT systems. We haven’t even got to IoT medical devices yet.

How many of these services do you think are likely to have exploitable vulnerabilities?

How hard would it be to get into this ultimate healthcare network of networks?

How fast could an attacker spread malware through the links between all these organisations? Faster than we can respond?

This is the inevitable place that interoperability will take us and we have to be prepared because the clinical risks and the scope for operational disruption will be on a totally different scale than we have previously experienced. At this stage, the NHS is a national security issue as far as I am concerned and everyone involved in its digital transformation has to plan, prepare and deliver with that level of risk in mind.

Dr Saif Abed is the founding partner of health IT consultancy firm AbedGraham. He will be speaking at the HIMSS and Health 2.0 European conference taking place in Helsinki, Finland on 12 June in the Healthcare and Cybersecurity, a New Frontier workshop. The opinions in this piece are Dr Abed’s and don’t necessarily reflect the opinions of Healthcare IT News or HIMSS.

Source: Read Full Article