Misunderstanding IT: Hospital cybersecurity and IT problems reach the courts


  • Harold Thimbleby




The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital information technology (IT) systems and management to provide reliable evidence and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors — all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises both the provision of effective care and legal processes.

This paper includes recommendations, the most urgent being that hospitals (the UK National Health System (‘NHS’) and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Keeping up-to-date with legal issues relating to IT generally, as well as keeping up-to-date with cybersecurity measures should be routine.

The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight.

Index words: National Health Service, United Kingdom, State Medicine, cybersecurity, information technology, medical ethics