Skip to main content

June 2024

Page 1

www.independent-practitioner-today.co.uk

June 2024 Issue 163

INDEPENDENT PRACTITIONER TODAY

The business journal for doctors in private practice

In this issue

How do I find the right PA?

Our Troubleshooters tackle this increasingly common question from private doctors P12

Paying by results becomes a reality

£12.50

Do you know how to protect data?

n See page 14 to read the advice from the Information Commissioner’s Office

Death is going through change

Dr Ravi Lukha on Bupa’s mission to introduce valuebased healthcare P20

Lawyer Liz Hackett explains the advent of medical examiners, who come into force this autumn P36

Data breach threats By Robin Stride Private healthcare providers have been warned to wake up to escalating data breach threats from organised criminals using a vast range of tactics on the unwary. Cyber-attacks are only one method fraudsters try to access confidential information, the audience at market analyst Laing­ Buisson’s Pr ivate Healt hcare Summit 2024 heard. Criminologist Dr Nicola Harding’s message to independent health sector businesses was stark: ‘We have to consider that this isn’t an “if”, this is now a “when”. ‘You are all a target. You have to plan as though it is going to happen because if you’re not planning, the outcomes for organisations that haven’t got a plan are far more dire.’ Her warnings came after a law firm’s report labelled the health sector as a frequent violator and top spot for data breaches in 2023, accounting for around one-in-five reported data breach cases (see story page 10). C y b e r- s e c u r i t y e x p e r t D r Harding, chief executive of We Fight Fraud, said: ‘Criminals are the creative human beings that are using their creativity to circumvent your systems and processes. What we need to get better at doing is planning and ensuring that our

Our sponsors

humans on our side are just as sharp and just as switched on as they are.’ Data was attractive to criminals because it could be used to compromise, exploit and access further revenue. ‘But we need to get away from this idea that the worst thing that can happen to us is a cyberattack. Actually, the worst thing that can happen to you guys on the whole is a data leak. ‘And a data leakage can happen in different ways. A cyber- attack is one of them, but data leakage happens with poor GDPR [General Data Protection Regulations] practices; it happens when you don’t shred documents and they end up in the wrong hands; it happens when people have conversations that should be happening in private – on the train, on the way to work – about a patient. ‘It happens when you open your laptop and you’ve got your records for the day because you’ve maybe got to travel from London up north and that’s three hours on the train when you want to get some work done. But the person next to you is looking over your shoulder at every-­ thing you’re doing.’ She added: ‘You don’t know who’s watching; you have to treat every potential piece of data like it’s the royal family’s data.’ Dr Harding said the data compromise cycle was necessary for organ-

You are all a target. You have to plan as though it is going to happen, because if you are not planning, the outcomes from organisations that haven’t got a plan are far more dire. DR NICOLA HARDING (left), Chief executive of We Fight Fraud

ised cr ime to work and t he consequences included terrorist finance, serious child sexual abuse and wars. ‘This isn’t a simple small “Oh, I forgot to shred those documents”. The consequences of it down the line can be extremely dire.’ While technology could do amazing things to prevent data breaches, her work showed it was humans who created compromise. Staff training was vital and companies should ensure they had instant response plans not just for a cyber security breach but for anything relating to data compromise. These should include their PR response, how they would talk to the public about it and regulatory expectations about what was likely to happen when people’s data was lost.

Delegates heard from an IBM 2023 report that US organisations with high levels of instant response planning and testing saved $1.49m compared to those with low levels. Only one-in-three data breaches were identified in-house. ‘Sixtyseven per cent of breaches in 2023 were reported by a benign third party or by the attackers themselves. When attackers disclosed a breach, it cost organisations nearly $1m more compared to internal detection.’ Dr Harding warned that data breaches could arise from someone walking up to their reception desk, through a phone call to staff or when someone identified their workplace because they left their lanyard on in the pub after work. n Conference reports, page 4-5


Turn static files into dynamic content formats.

Create a flipbook
June 2024 by Healthcare Today - Issuu