Wanted: clinicians with digital and leadership skillsBMJ 2017; 358 doi: https://doi.org/10.1136/bmj.j3382 (Published 13 July 2017) Cite this as: BMJ 2017;358:j3382
Health systems around the world are still recovering from the fallout of May’s cyberattack (doi:10.1136/bmj.j2357). The WannaCry malware didn’t specifically target healthcare, say Guy Martin and colleagues (doi:10.1136/bmj.j3179), but healthcare is uniquely vulnerable to such attacks. Rich in valuable data, it’s one of the most targeted sectors globally: four fifths of US healthcare organisations and up to half of NHS trusts say they were hit in the past year. Chronic underinvestment in information technology makes healthcare a soft target, say Martin and colleagues. So too do fragmented governance, a lack of clarity over who is responsible for cybersecurity, and pressure to devote limited funds to direct care of patients.
With ransom payments, and a value on the “dark web” of $50 for an individual medical record, money has been the main motive so far. Records can contain enough personal information for anyone to open bank accounts and obtain a passport. But more sinister motives are also emerging, including disruption, political action, and malicious harm to patients. Martin and colleagues warn of hackers taking control of insulin pumps and other wearable and mobile devices. And when patients’ data are compromised, public trust is undermined, making people more reluctant to share their data with clinicians and researchers.
Clearly, there’s a high cost attached to doing nothing. So how can we become more cyber-resilient? The remedies lie in seeing cybersecurity as central to patient safety and public trust, the authors say. Organisations need to be made accountable, but for this we need common security standards and quality metrics, and clear lines of responsibility and ownership. The US Congress has set up a task force to look into cybersecurity in the healthcare sector.
For the UK, the authors look to NHS Digital, an arm’s length body of the Department of Health for England, to take the lead and develop a national prevention strategy. But there is also room, and an urgent need, for clinicians to take on digital leadership roles, says the NHS’s medical director, Bruce Keogh, writing with colleagues (doi:10.1136/bmj.j3295). People with the right combination of clinical, digital, and leadership skills are in short supply. To grow more of these rare and valuable people, otherwise known as chief clinical information officers (CCIOs), we need fully accredited dual career paths, and they need professional recognition and positions of authority. The new NHS Digital Academy and Faculty of Clinical Informatics should help.