Public Services > Healthcare

Can’t we all, please, get behind a safe NHS…?

Published 30 June 2017

BCS director for policy and community David Evans explains the launch of a Blueprint for cyber security in health and care, creating a broad coalition of organisations that can work together to build a cyber-safe NHS


The recent General Election has shown that whatever else the public hold dear to their hearts, the NHS is still right up there. Political parties of all persuasions tinker with it at their peril.

That’s why, when the Wannacry ransomware attack brought many hospitals to a grind halt, leading to ambulances being turned-away, and operations being cancelled, there was, quite rightly, huge public concern.

For those who’d never heard of ransomware, the mainstream media leapt in with their explanations. The airwaves filled with ‘experts’ explaining what had happened and, as ever, being asked to point the finger of blame.

Compare and contrast that with the medical professionals who provide such great care; the doctors and nurses who are themselves professionally accountable for your care. They understand collective capability; the duty to share, to work together, to ensure that when one person knows how to save a life, that everyone knows. There is a default professional expectation that protecting the public comes above everything else.

But it’s all very different if you work in IT and information security in the NHS. They are what Professor Ross Anderson, a world-leading security expert from Cambridge University, unkindly describes as ‘well-intentioned amateurs’.

Management assurances that NHS systems are secure don’t amount to much. As we’ve seen, when the IT goes wrong the NHS is plunged into chaos, and it is to the credit of those ‘well-intentioned’ people working in IT that it doesn’t happen more often.

Professor Anderson’s point is not that the people in the NHS are less intelligent or incapable, but that there is no structural way of ensuring that they know how to do the right thing. Ross doesn’t, however, provide much basis for hope of a better world, and that is where I believe we differ. I know many of those working in health and care, those working in cyber, and they – like most of their fellow human beings – care about what they do and want to do better. They lack both a self-applied expectation that we can work together, and they lack a public expectation. What’s been totally lacking from most informed commentary is that we can work together to do better.

When it comes to cyber security, and IT more generally, we can – we need to – demand that a basic level of practice is universal across everything that matters to the public. After all, we expect it from nurses who are on a fraction of the pay of their cyber colleagues!

This is why we have launched our Blueprint for a cyber safe NHS , and why in response Professor Dame Ann Dowling, President of the Royal Academy of Engineering (of which Ross is a respected Fellow), said on behalf of that institution:

“[We] welcome its vision of collaborative working and adds its [The RAEng’s] voice to the call to put the public first in this endeavour”

It is certainly the case that cyber security practice evolves more quickly than fitting of a cannula, but keeping your systems patched and up to date as a basic process has not changed massively in the last 10 years (other than it has become easier).

What we need is a visible, recognised cadre of accountable informatics professionals in the NHS (as well as across the whole public sector). We need those professionals to be self-governing, public-focused, but accountable individually and collectively to the public they serve; you, and me. That’s why we have professional bodies, and this is the function that is performed by the General Medical Council, Royal College of Physicians and so on for Doctors. For IT and security we have bodies like BCS, the IET, and a number of others. From a wide range of commercial organisations, people leading in the NHS, from charities representing patients, we’ve had huge support for this top to bottom. This is based not on an organisational objective or a policy decision, but on a basic human desire to make a difference, to protect what matters to all of us.

We’ve had broad support for our plans from bodies such as The Institute of Engineering and Technology, the Royal Academy of Engineering, the Royal College of Nursing, expert technology corporations such as BT, IBM and Microsoft, a range of charities and others who support and represent patients, such as Barnardo’s, the Patients Association and Macmillan Cancer Support, as well as leaders in the NHS, and on an institutional basis the Digital Health & Care Institute Scotland and NHS Wales. A broad and diverse group, but one which is determined to put the needs of the public first.

Today, in launching the report, we are asking – challenging actually - the professional community to step up, get involved as real professionals, and be part of a systemic solution. This is not rocket science. This is an opportunity to establish our worth to the public, and to show to patients that their hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world.

David Evans is director for Policy and Community at BCS, The Chartered Institute for IT

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.