The intrinsic value of health information is higher than other types of data due to its inherent complexity and links to other information channels. This reality is certainly the case in the US where details of names, birth dates, policy numbers, diagnosis codes and billing information have been used by criminals to buy drugs or medical equipment which can then be resold. In addition, it is also possible to create false claims to health insurers using stolen patient details. Such frauds relating to health claims may take considerable time to detect within health systems with large numbers of such claims.
The year 2015 was disastrous for the security of US health information records where around 100 million records were illegally accessed. The most significant breach occurred at Anthem Incorporated in March 2015, where around 79 million health records were hacked. It is considered that access to the Anthem Inc system had been gained some time previously and that extensive navigation of the site had been undertaken over time to determine the data structures and information flows of the health record system.
UK security breaches
In the National Health Service in the UK, the Information Commissioner’s Office has a key role in regulating data security within the NHS, although their remit relates to data security and integrity across a wide range of information sectors. To date, there have been no reported instances of hacking into NHS patient networks, although various NHS organisations have been fined for loss of patient data due to poor management of, for example, laptops and flash drive memory pens containing patient personal data.
There is increasing awareness in the UK of the risks of computer equipment and associated instrumentation leaving the protection of an organisation without effective removal of patient data. The case of Brighton and Sussex University Hospitals NHS Trust, where disk drives designated for destruction instead found their way onto eBay, was actioned by the Information Commissioner’s Office as a serious data breach and a fine of £325,000 levied. A similar case has been raised against Surrey Health where it identified that no formal contract with a computer disposal company had been initiated.
Cyber threats
Langer1 has outlined how levels of initial guidance on inter-hospital transfer of patient data in the US has had to be revised in the light of computer criminal applications and demanded the implementation of corresponding counter-measures. In a recent review of cyber threats in healthcare, Luna et al2 identified that the greatest digital threat is that of identity theft through data breach. Other threats identified were internal and external threats, cyber-squatting and cyberterrorism.
The rapid expansion of internet domain names has increased the incidence of cyber-squatting, where conflicting domain names are deliberately registered by third parties to compromise the internet presence of existing commercial organisations. Resolution of such cases are actively being undertaken by the World Intellectual Property Organisation (WIPO). Healthcare organisations need therefore to be alert to such activities. As examples of such ‘cyber-squatting’ the site WellPoint.com of Anthem Inc in the USA was matched with we11point.com and the Empire Blue insurer site Permera.com matched with prennera.com.
Imaging formats and system architecture
The Dicom standard (Digital Imaging and Communications in Medicine)3 initially found application within radiology departments, where images from techniques such as magnetic resonance imaging and computerised tomography are captured and fused with patient identification details and image device configuration settings. The bundling together of patient identification data with the image data reduces the likelihood of patient misidentification and the incorporation and integration of configuration settings encourages consistency of follow up imaging procedures. The Dicom standard is increasingly supported by UK available ophthalmology and optometry imaging systems.
Structuring data content of patient records
Generic advice on patient record structures is available through ‘Standards for the clinical structure and content of patient records’ which has been developed within an association of all the medical professional bodies, the Academy of Medical Royal Colleges.4
In the US, the group named Integrating the Healthcare Enterprise (more widely called simply the IHE) has structured a framework of development for digital information in healthcare and eye care is one of the total of 13 listed domains. Within the ‘Eye Care’ domain there is an extensive set of documents5 which relate to the capture storage and distribution of data collected within eye care.
References to patient data management systems within ophthalmology invariably reference aspects of increased efficiency which such systems claim to provide.6 Dicom-based data and image capture systems tailored for ophthalmology use, such as Merge Eye Care Pacs (picture archiving and communication system) from Merge Healthcare, have also been developed which allow integration of a wide range of instruments into a common information system. The Forum system (from Zeiss) provides connectivity within the family of Zeiss ophthalmic systems, incorporating parameter measurement and imaging devices. Topcon has recently announced the global launch of Imagenet Connect which is a vendor-neutral ophthalmic workflow, image and data management system that connects eye care devices for structured data management. Saeed and Oleszczuk7, however, highlight issues with such Pacs systems where the available image quality of such systems may be inferior to that of original device manufacturers.
HL7 – the language of patient records
Patient records contain information in complex form based on data which can include personal identification, medical conditions and episodes of diagnosis, treatment and follow up. The HL7 (Health Level 7) system8 has evolved as a mechanism of creating elements of a patient record which are coded using defined formats in order that such information can be appropriately stored and retrieved within patient information systems. Figure 1 indicates the appearance of an element of the information content where specific headings identify information elements. In the example shown, PID relates to the patient identification segment, PD1 relates to the patient additional demographic segment, OBR relates to the observation request segment and OBX relates to the observation segment which typically depends upon clinical measurement parameters. Each segment has a standard sub division of specifically identified sub fields.
Figure 1: Example of HL7 message format
HL7 is the adopted language of information interchange between medical devices and hospital information systems. Successful integration of such technologies relies on appropriate matching of HL7 information formats between systems. In addition, work has been continuing for some time to fully integrate DICOM standards within HL7 information architectures. HL7 UK was established in the UK in 2000 to provide a UK based support forum for the HL7 standard.
A range of HL7 ‘viewer’ products are commercially available which allow HL7 data to be presented/interpreted within a readable information view.
Eichelberg and Chronaki9 describe a range of implementations of large scale electronic patient record systems in Europe within the European eStandards project, where a mix and match of available standards can be used to achieve successful systems. In this context, there is muted reference to cyber security within the framework of such standards.
Current IT formats for image storage and transfer
Larobina and Murino10 outline some of the basic concepts of medical image file formats and briefly describe the evolution of medical image formats from the original implementation of Analyze (which was developed at the end of 1980s as a format for software at the Mayo Clinic in Rochester, USA). Analyze utilises separate files for the image data, the meta data and patient identification details relating to an image. While Dicom was initially created around 1993 by the National Electric Manufacturers Association and the American College of Radiology, it did not have a significant presence in medical imaging departments until the late 1990s. Its initial key advantage was the integration of image data, meta data relating to the image and patient data within the one file structure. Within Dicom, the pixel data is typically stored as integers. Dicom facilitates several schemes for data compression, including JPEG, run-length encoding (RLE), JPEG-LS, JPEG-2000, MPEG2/MPEG4, and deflated. While JPEG-2000 provides high lossless compression ratios, it is described as an exceedingly complex algorithm to implement and can present a processing ‘bottleneck’ in image capture and storage.
It is planned to incorporate the new JPEG-XR compression standard within Dicom which will essentially provide the quality of JPEG-2000 compression but with reduced computational complexity to undertake the compression process. Significantly for JPEG-XR compression, the Dicom pixel representation would be expanded to include floating point format. This is seen as an advantage since a range of medical imaging modalities produce their initial pixel data in floating point format and conversion to integers is considered an intrinsically lossy process.
A more recently developed image file format is that of Nifti (which was developed by the National Institutes of Health for neurological images around the start of the new millennium) essentially as a progression of the Analyze format where an extended data set resolved various inconsistencies of the earlier format and added the option of a single inclusive data file. Li et al11 describe recent work in the development of a ‘Dicom to Nifti’ conversion tool which indicates that, for specific types of imaging a non-Dicom image, specialist image formats still appear to have an advantage. There has also been the development of Minc (at the Montreal Neurological Institute, stemming from research begun from around 1992) where an initial Minc1 version has been replaced by a Minc2 version for which conversion tools to and from Dicom and Nifti are available. Vincent et al12 describe recent enhancements to the capabilities of Minc 2.0.
National Cyber Security Centre
Within the UK, the recently formed National Cyber Security Centre (NCSC, a part of Government Communications Headquarters or GCHQ) is charged with providing a safe environment of information technology in the UK and has identified key sectors of involvement of industry, academia and government. There is no specific focus on health data, but the general approach to cyber security encompasses the key requirements of safeguarding health information. General awareness, however, of the role of the NCSC is low which is something of a contradiction since it is in the interests of organisations handling sensitive data for all clinicians to be aware of available resources to assist with cyber security.
One of the services of NCSC is to provide information on detected cyber threats. Inputs for this include a wide range of contacts, but also includes that of the Cybersecurity Information Sharing Partnership (CiSP) where signed up members can communicate their experiences of cyber security and receive regular updates of cyber security alerts. NCSC describes CiSP as ‘a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.’
The NCSC provides a useful source of general guidance relating to identification and minimisation of risk of cyber attacks – ‘Common cyber attacks: reducing the impact’.13 Reading the document is a rather sobering experience since it identifies the myriad of ways in which illegal access to systems can be achieved.
The death of the password as a means of ensuring system security has long been predicted, but alternative mechanisms of access verification have failed to be effectively implemented. Specific guidance from the National Cyber Security Centre on the use and management of passwords is available14 and which, in particular, outlines approaches to lessen the problem of ‘password overload’. Within this document, for example, there is a description of the key entry route to illegal access of data is through compromised passwords as outlined in table 1.
Table 1: Routes to compromise of password security
As a generic approach to cyber security, table 2 outlines the key elements referenced within the NCSC document ‘10 Steps To Cyber Security’.15 This set of topics can be readily utilised as the framework for locally developed sets of policies and procedures.
Cyber Essentials Scheme
A core document outlining a framework of cyber security is included within the document ‘Cyber Essentials Scheme’16 which is published by Her Majesty’s Government. This document cross-references a strategy of cyber security structures against a range of reference security standards which include the information technology security standards ISO/IEC 27001,17 ISO/IEC 27002,18 ISO/IEC 27003,19 ISO/IEC 2700420 and the Information Security Forum Standard of Good Practice for Information Security.21 The scheme also allows organisations and companies to submit a self-assessment of cyber security for independent validation.
Data encryption
Certification of levels of data encryption in the UK for government departments is undertaken by Caps (CESG Assisted Products Service) where CESG (Communications-Electronics Security Group) is essentially a group within GCHQ with its origins dating back to World War One. Advice is also supplied to the wider public sector – including the NHS. Specific levels of product certification are described as CAPS and CCT Mark (CCTM). Specific advice on encryption of data is available from NHS Connecting for Health.22 The guidance emphasises that a key requirement of any level of implementation of data encryption is to structure an appropriate strategy within which the various risks of data loss/hacking is identified. In addition, the very process of implementing levels of data encryption can introduce the risks of loss of data within an organisation due to inappropriate implementation/management of encryption processes.
Cloud security principles
One useful source of guidance on accessing the cloud is again via the National Cyber Security Centre23 where a total of 14 principles are identified. The most vulnerable element of such a system is identified as the secure server administration which, if compromised, can risk the theft or manipulation of large extents of data.
Information governance
There is a clear division between the technical challenges of keeping data secure from external threats and the information governance framework which controls the collection and use of personal health data within a health organisation. Key elements of legislation include the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act.
Significant additional levels of complication in information governance have been introduced with the Health and Social Care Act 2012 in order to structure the work of commissioning of services. A key strand of this general guidance is that data can be shared between health organisations where the data is used for the primary purpose of care of the specific patient, but data cannot be exchanged for secondary purposes where a patient’s identify is revealed – such as can occur within audit/research without the permission of the patient. There is significant momentum within the NHS to achieve the goal that all patient records will be paperless by 2020, as described in the key document ‘Personalised Health and Care 2020’.24
Network security
In terms of security of Wi-Fi or hardwired connections, there is always a risk that Wi-Fi devices may be installed with default passwords, so that management of such devices is a key priority across large hospital networks that may develop to have several thousand Wi-Fi connected devices as indicated by Armstrong et al.25 This calls for even tighter control of the ‘life cycle management’ of medical devices.
Summary
Cyber security is hardly a new topic, but is increasingly evident as a threat to national security and, in particular, to the reputation of healthcare organisations. The National Cyber Security Centre is a timely addition to the resources available to provide information and guidance to improve levels of cyber security though the scale of the challenge to address present and future threats is daunting.
Dr Douglas Clarkson is development and quality manager at the department of clinical physics and bio-engineering, Coventry and Warwickshire University Hospital Trust
References
1 Langer SG, Cyber-Security Issues in Healthcare Information Technology. J Digit Imaging. 2016 Oct 11. [Epub ahead of print].
2 Luna R, Rhine E, Myhra M, Sullivan R, Kruse CS. Cyber threats to health information systems: A systematic review. Technol Health Care. 2016;24(1):1-9. doi: 10.3233/THC-151102.
3 NEMA, The Dicom Standard, 2016, Available at dicom.nema.org/standard.html. Accessed 06.11.16.
4 Standards for the clinical structure and content of patient records, 2013, Academy of Medical Royal Colleges, available at rcplondon.ac.uk/projects/outputs/standards-clinical-structure-and-content-patient-records accessed 22.11.2016.
5 Integrating the Healthcare Enterprise, IHE_Eyecare_Profiles, Available at wiki.ihe.net/index.php/Profiles#IHE_Eyecare_Profiles. Accessed 02.11.16.
6 Pandit RR, Boland MV, Impact of digital imaging and communications in medicine workflow on the integration of patient demographics and ophthalmic test data. Ophthalmology 2015 Feb;122(2):227-32. doi: 10.1016/j.ophtha.2014.08.036. Epub 2014 Oct 22.
7 Saeed MU, Oleszczuk JD, Advances in retinal imaging modalities: Challenges and opportunities, World J Ophthalmol. May 12, 2016; 6(2): 10-19, doi: 10.5318/WJO.v6.i2.10.
8 HL7, 2016, Introduction to HL7 Standards Available at hl7.org/implement/standards/index.cfm?ref=nav, accessed 06.11.16.
9 Eichelberg M, Chronaki C, Large scale ehealth deployment in Europe: insights from concurrent use of standards. Stud Health Technol Inform. 2016;228:416-20.
10 Larobina M, Murino L. Medical Image File Formats. Journal of Digital Imaging. 2014;27(2):200-206. doi:10.1007/s10278-013-9657-9.
11 Li X, Morgan PS, Ashburner J, Smith J, Rorden C. The first step for neuroimaging data analysis: Dicom to Nifti conversion. J Neurosci Methods. 2016 May 1;264:47-56. doi: 10.1016/j.jneumeth.2016.03.001. Epub 2016 Mar 2.
12 Vincent RD, Neelin P, Khalili-Mahani N, et al. MINC 2.0: A Flexible Format for Multi-Modal Images. Frontiers in Neuroinformatics. 2016;10:35. doi:10.3389/fninf.2016.00035.
13 National Cyber Security Centre, 2016, Common cyber attacks: reducing the impact – Cyber Attacks White Paper January 2016, Available at ncsc.gov.uk/content/files/protected _files/guidance_files/common_cyber_attacks_ncsc.pdf. Accessed 30/10/16.
14 National Cyber Security Centre, Password Guidance: Simplifying Your Approach. Available at https://www.ncsc.gov.uk/guidance/password-guidance... Accessed 01.11.2016
15 National Cyber Security Centre, 2016, 10 steps to Cyber Security, available at: https://www.ncsc.gov.uk/guidance/10-steps-cyber-security, accessed 07.11.2016.
16 National Cyber Security Centre, 2015, Cyber essentials scheme, https://www.ncsc.gov.uk/scheme/cyber-essential, accessed 06.11.2016
17 ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements
18 ISO/IEC 27002:2013 : Information technology - Security techniques - Code of practice for information security controls
19 ISO/IEC 27003:2010 : Information technology - Security techniques - Information security management system implementation guidance
20 ISO/IEC 27004:2009 : Information technology - Security techniques - Information security management - Measurement
21 Information Security Forum, The ISF Standard of Good Practice for Information Security, 2016. Available at https://www.securityforum.org/tool/the-isf-standar... Accessed 31.10.2016
22 NHS Digital, Guidance on the implementation of encryption within NHS Organisations, available at http://systems.digital.nhs.uk/infogov/security/infrasec/iststatements/dataenc.pdf, accessed 01.11.2016
23 National Cyber Security Centre, Implementing the Cloud Security Principles, 2016, available at: https://www.ncsc.gov.uk/guidance/implementing-clou... Accessed 07.11.2016
24 HM Government, 2014, Personalised Health and Care 2020: Using Data and Technology to Transform Outcomes for Patients and Citizens, available at:- https://www.gov.uk/government/uploads/system/uploa... Accessed 06.11.2016
25 Armstrong DG, Kleidermacher DN, Klonoff DC, Slepian MJ. Cybersecurity Regulation of Wireless Devices for Performance and Assurance in the Age of “Medjacking.” Journal of Diabetes Science and Technology. 2016;10(2):435-438. doi:10.1177/1932296815602100.