Cybersecurity in health is an urgent patient safety concern: We can learn from existing patient safety improvement strategies to address it

Abstract

Introduction Cybersecurity is a patient safety concern. Recent cyberattacks on healthcare institutions around the world have shown the risks to patients: from delayed treatment as hospitals and clinics are shutdown, to the threat of harm from the theft of personal data, to patient death. The recent Covid-19 pandemic has further increased cyber-attacks on health organisations. In low- and middle-income countries (LMICs) digital health, including the use of health informatics systems and electronic health records, is an increasing part of the health agenda as national governments move to scale up healthcare on the path to achieving Universal Health Coverage. Frontline healthcare workers are often warned of the dangers of data mismanagement and are advised to take precautions to ensure data is safe. However, as many workers are already overstretched with conflicting administrative priorities, cybersecurity risks are going unnoticed. Discussion In this commentary we argue that future education and training interventions for frontline healthcare workers on cybersecurity in LMICs can benefit from lessons learned from other areas of patient safety. Validated interventions, including education and awareness programmes and other simple tools, exist which can offer guidance on how cybersecurity awareness and education may be scaled up in frontline healthcare facilities, without adding an unacceptable burden to staff. Conclusions Efforts to develop frontline interventions on cybersecurity that can be easily implemented and sustained are essential to ensure patient safety is a top priority in a digitally reliant health system.