Shockingly, today we find ourselves writing an almost identical blog post only six months after we first asked this question.
In May, we wrote about the global cyber attack that crippled NHS services. To recap, the health service suffered a weekend of chaos after hackers demanding a ransom infiltrated its computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a ‘ransomware’ attack demanding payment to regain access to vital medical records.
We quickly wrote a blog post and emailed all our clients to reassure them that such an attack would be extremely unlikely due to e-clinic’s setup and security. That cyber-attack received worldwide publicity, so we were shocked to hear on Friday that a prominent cosmetic surgery clinic popular with celebrities had suffered an attack by hackers.
Cyber-attack at London clinic
London Bridge Plastic Surgery Clinic apologised after reports that hackers had stolen sensitive data including photographs of body parts of clients. The clinic, based near Marylebone in central London, said its IT experts and the Metropolitan police had found evidence of a cyber-attack and data breach. The hackers threatened to distribute the stolen images, saying: “The world has never seen a medical dump of a plastic surgeon to such degree.”
In a statement on its website, London Bridge Plastic Surgery Clinic confirmed the cyber-attack. “We took measures to block the attack immediately in order to protect patient information. Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen. We are still working to establish exactly what data has been compromised. Security and patient confidentiality has always been of the utmost important importance to us. We are profoundly sorry for any distress this data breach may cause our patients.”
We have no knowledge of the software systems which London Bridge Plastic Surgery used and we have great sympathy for their plight. We would like to once again reassure e-clinic clients of the high level of security offered by e-clinic, as well as remind our users of the security measures which they personally should be taking.
Data security in e-clinic
e-clinic has the highest security rating of any healthcare software provider. Our data centres are based in the UK, are ISO 27001 compliant and Tier 3 secured. Data is encrypted at 256 bit AES which is double the encryption rate of most connections, including those of the NHS, which is currently moving encryption to this level. In contrast, our remote application has provided 256 bit encryption for over 5 years.
Images of patients uploaded to e-clinic are separately encrypted and are only visible within e-clinic. As they are never visible outside the software as files, they could never be downloaded or copied onto another device or drive.
e-clinic’s Managing Director added: “e-clinic data is not only backed up but replicated daily across two UK based tier-3 secured data centres using a secure, private link. Our remote app is 256-bit encrypted and the whole platform is fully ISO27001 compliant. ISO27001 is the highest data security rating offered by the International Standards Organisation and this compliance is one of the primary reasons e-clinic is more expensive than most of our competitors.”
What steps should users take?
Of course, users need to play their part too. Ensure that your password is secure and frequently changed. Don’t share it with anyone else and avoid the obvious. The best passwords are memorable but not guessable, perhaps random words with a number, for example GREEN!elephant6591. Don’t save passwords to your computer unless the computer is very securely protected, and log out and exit when you leave your desk.
No software company can guarantee that your data will never be hacked or lost. However, your data is much more likely to remain safe and secure with e-clinic’s cloud-hosted package, for all the reasons we have outlined above. At e-clinic, we are very confident that the service and security we offer is head and shoulders above that of most, if not all, alternative clinic management packages available.