Special Report: Data Security | Digital Health

With technology changing the way health related information is stored, the importance of having good data security has never been more important. Andrea Downey investigates.

As technology in healthcare settings becomes more prominent, so too has the need for robust data security. As the way patient data is used and stored has moved away from more analogue means such as paper filing systems, the approach to data security must also change.

For Johan Åtting, chief information security officer (CISO) at Sectra, security simply cannot be an afterthought.

“A key concept that we use at Sectra is ‘security by design and by default’, security cannot be effectively added to a product or system afterwards, it has to be within focus from the design of a product throughout the building, testing and deployment of the product,’ he says.

“At Sectra, security architects are involved from the very start of the design of a product, and every development team has a security champion that ensures that security is considered in every aspect of development and testing.”

Åtting goes on to explain the importance of merging clinical and technological ideas – one cannot have a securely designed piece of health tech if there has been no clinical input. Put simply, it would render the technology moot.

“Security has to be balanced with clinical effectiveness and usability. If we implement security in a sub-optimal way it could hinder the usability or the clinical effectiveness of the product,” he explains.

Managing and protecting data

Darren James, technical lead at security software company Specops, offers a similar outlook. He stresses it is “imperative” for NHS trusts to properly manage and protect patient data.

“We’ve seen more and more attacks in recent years using the supply chain to gain access to a target organisations data. Healthcare, and in particular an organisation the size of the NHS, is particularly vulnerable due to the number of users, endpoints and systems that are currently in use,” he says.

“Therefore, it is imperative that NHS trusts make the right choice when selecting solutions that have access to patient and staff data and look in depth where and how that data…