NHS cyber attack: Change needed to protect valuable yet vulnerable hospital IT systems

By Weizi Vicky Li, Informatics Research Centre, Henley Business School

With healthcare service scopes expanding, healthcare processes changing and technologies evolving over time, many systems need improvement or they become vulnerable to cyber-attacks. This is especially true in hospitals, where most legacy systems provide critical  information and essential support for business operations with a lot of sensitive data.

Information systems and intranet/internet have been implemented in NHS hospitals for more than 30 years. Early systems implemented in the NHS include Patient Administration System, GP systems, Pathology laboratory systems, radiology and PACS systems, nursing and care planning systems, theatre systems etc.

The threats lie in the fact that many of the legacy systems have long been integrated into the core business and healthcare service processes, and therefore cannot be simply scrapped. In short, those legacy systems are valuable as well as vulnerable.

Continue reading

Justice, security and secrecy

Law, Terrorism and the Right to Know (LTRK) is an ESRC and AHRC funded project led by Dr Lawrence McNamara in the School of Law. The project explores democratic traditions of open justice, media freedom and the contemporary demands of security. In January 2012, Lawrence and research assistant Sam McIntosh submitted a response to a Government consultation and to a Parliamentary Human Rights Committee inquiry into the Justice and Security Green Paper.

When seven former Guantanamo Bay detainees took legal action against the British Security Services, alleging complicity in their detention and mistreatment abroad, their claim for damages would inevitably involve a very public examination of UK security policy and practices. Relevant material would be disclosed to the claimants and considered in open court.

 The Government asked the court to use special procedures which would allow sensitive evidence to be considered in the absence of the claimants and the public. Disclosure, it was said, would damage national security. Conceding the case would avoid disclosure but would unjustifiably tarnish the security services. When the Court of Appeal held the law did not allow for secret evidence in civil proceedings, the Government settled the actions with payments to the claimants. However, wanting to ensure that it would in future be able use special procedures, the Government took two major steps.

First, it appealed the legal issue to the Supreme Court. In Al Rawi v The Security Service the Court held that the common law did not permit the use of special procedures in ordinary civil claims. Legislation would be required to open up that option.

As such, the second and now more significant path has been to set about legislating. To that end, in late 2011 the Government published a Green Paper on Justice and Security as part of a public consultation on how best to protect sensitive evidence.

The Green Paper proposes the introduction of Closed Material Procedures (CMPs) in all civil proceedings and inquests where sensitive information might arise. CMPs are already well established in some areas. They have been used for a decade in the Special Immigration Appeals Commission (SIAC) which hears matters such as appeals against deportations ordered on security grounds.

Under CMPs, judges and government representatives are security cleared. When sensitive evidence arises, the court goes into ‘closed session’ with the public, press and non-government parties (and their lawyers) excluded from the court. Security-cleared ‘Special Advocates’ are appointed to represent the non-government party’s interests during closed hearings. However, once the Special Advocates have seen the sensitive evidence, they cannot consult with or obtain instructions from those whose interests they represent.

The advantage of CMP is that, in theory, all relevant evidence can be considered by the judge. But there are also significant disadvantages to CMPs. A frequent criticism is that non-government parties are severely disadvantaged because they are unable to see, and therefore properly challenge, closed evidence which goes against their case. That is, while CMPs may mean that more evidence is considered, that evidence is less rigorously tested. Among the fiercest critics of CMPs are the Special Advocates who work within them. However, CMPs also have further very negative implications for the general public’s interest in judicial proceedings being conducted in open court and in accordance with the principles of open justice.

The LTRK response to the Green Paper takes issue with the Green Paper’s failure to adequately explore two key questions. First, the Green Paper seems to simply accept that CMPs are an essentially satisfactory way of ensuring justice between the parties, despite this being at odds with criticisms from Parliament’s Joint Committee on Human Rights and Special Advocates. Secondly, the Green Paper fails to seriously consider the implications that CMPs will have for open justice and ignores the real damage that their introduction could do to what Lord Brown in the Supreme Court has described as “the integrity of the judicial process and the reputation of English justice”.

Recognising that the Government appears determined to make CMP available in civil proceedings, the LTRK response goes on to suggest certain safeguards that may limit its impact on open justice. These focus on procedural checks to ensure that such proceedings are only used in truly exceptional circumstances and counter any trend towards their normalisation. Our response suggests that the criteria for engaging CMP should explicitly include the need to consider the benefits of justice being carried out openly and the harm done to the public interest of closed proceedings. It also suggests, for example, that media interests should be represented when courts consider the use of CMP.

The LTRK project will continue to examine the move towards legislation and the implications of proposals as they develop. Our website has regular updates.

www.reading.ac.uk/LTRK/