How safe are your client's medical records?

Poor cybersecurity can have catastrophic consequences. Recent cyber breaches have wreaked havoc for two household names.

The M&S hack caused around £300 million in lost profits, and the theft of customer data. The Jaguar Land Rover cyberattack, however, was the most damaging in British history, with an estimated cost to the British economy of £1.9 billion. If Jaguar Land Rover had not been bailed out by the government, the company would have collapsed.

The healthcare industry suffers some of the highest volumes of cyberattacks and remains vulnerable. The Information Commissioner’s Office (ICO) issued a fine of just over £6m to a major NHS IT provider after a cyberattack in August 2022, which saw medical records belonging to 82,946 people stolen by hackers who launched a ransomware attack.

Did you know that some Medical Reporting Organisations still manage claimants' medical records in unencrypted ‘open’ platforms such as Dropbox or WeTransfer? Their staff access those reports through self-selected passwords that rarely, if ever, change. These sites are an open door to hackers with potentially disastrous consequences.

Any organisation handling sensitive medical records should, as a minimum, use a customised end-to-end encrypted portal for all transfers of records. Their staff should use randomly generated ‘one time’ passwords and multifactor authentication for access. Reports should be created and edited within a cybersecure portal, and nothing should ever be downloaded to an unsecure machine or site. All temporary and local copies of medical records should be securely deleted after completion of the report and there should be regular reviews of access logs and compliance.

You can see our cybersecurity policy and SOPs at www.medmost.co.uk/cybersecurity. We think it’s the best in the business.