Cyber attacks on hospitals ‘put lives at risk’, nurses warn

At the Royal College of Nursing (RCN) Congress, being held in Newport this week, nurses reflected on the ongoing risks and benefits of digitising patient records and what needs to be done to prevent future data breaches.

“We need government to tackle this issue deadly seriously, because it is deadly serious”

Matthew Osborne

It comes as Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust this week declared a “critical incident”, after a cyber attack led to operations being cancelled and some care being redirected.

The ransomware attack was targeted at the IT services of Synnovis, a pathology partnership between the two trusts and SYNLAB, which provides medical diagnostic and testing services.

Mark Dollar, Synnovis chief executive, said: “It is still early days and we are trying to understand exactly what has happened.

“A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed.

“We are working closely with NHS trust partners to minimise the impact on patients and other service users.”

At RCN Congress, Matthew Osborne, chair of the RCN Essex branch, said the incident highlighted the “ongoing vulnerabilities in our healthcare digital infrastructure”.

Such attacks “underscore [the] urgent need for robust cyber security measures to safeguard access to information and ensure uninterrupted service delivery”, he argued.

“These attacks have jeopardised patient care, they’ve jeopardised patient data [and] they’ve put lives at risk,” he said.

Mr Osborne called for “meaningful and comprehensive” cybersecurity training for all healthcare workers and urged the government to take responsibility for the issue.

He added: “We need government to tackle this issue deadly seriously, because it is deadly serious.

“This is an international threat and requires a national response.”

Stephen Shouler, member of the RCN UK stewards committee, told congress that the recent cyber attack in London had caused patients and staff “quite a bit of distress”.

He said nurses had a “responsibility” to follow strict data principles, including handling information in a “secure and confidential manner”.

Stephen Shouler

Alongside cyber attacks, Mr Shouler noted that there had been several other breaches of patient confidentiality in recent years, with healthcare staff accessing the records of high-profile patients.

For example, three members of staff working at the London Clinic were investigated earlier this year for allegedly trying to access the Princess of Wales’ medical records.

“Nursing staff have been tempted to look at patient records for people not actually in their own care,” warned Mr Shouler.

“Breaches of patient confidentiality can trigger a disciplinary process and may lead to dismissal for gross conduct.

“They can also have the potential for criminal conviction.”

This was echoed by Helen Oatham, vice chair of the RCN Norfolk branch, who said staff were not only accessing patient records, but also their own.

“I work in a primary care talking therapy service and many of our staff, including myself, will have engaged with the service for support and treatment,” she said.

“Therefore, I know firsthand how strong the urge to read your own health record can be.”

However, Ms Oatham warned that accessing your own health record without going through the formal process could lead to “going down the disciplinary route”.

“This needs to be addressed as part of encouraging staff to think about confidentiality, and not straying beyond professional boundaries,” she added.

The topic of patient data was not all negative at RCN Congress, with many nurses joining the debate to praise how digital patient records have improved their ability to give care.

Andi Robinson, chair of the RCN Nottinghamshire branch, argued that digitised patient records were “vital for the modern-day NHS”.

He said: “Many of you have been on shift when you can’t find the [hand-written] prescription chart.

“Whereas a digital one can be accessed at your fingertips, enabling medications to be administered or enabling medications to be prescribed.”

Meanwhile, Geraint Walker, a nursing clinical informaticist in Wales, said there were “lots of benefits out there” with digital, but that “we don’t always get it right”.

He added: “We have to be mindful of data access and where the information is, especially in light of the incident yesterday in London.

“We also have to ensure that patient safety and clinical safety are maintained, and ensure systems are designed…to ensure we are creating something which helps us nurses [and] the wider nursing family and doesn’t hinder us and increase the documentation burden that we’re already experiencing.”