For HTN’s latest interview, we caught up with Doron Dreyer, VP of international sales at Cynerio, for a chat about the future of cyber security in the NHS.
Doron began by sharing his thoughts on the current landscape of cyber security within the NHS, and the key challenges that the sector faces.
“As with many things in the NHS, things don’t necessarily move as quickly as we’d like them to – but generally speaking we are seeing a lot of attention being focused on cyber security which is positive,” he said. “The NHS has just issued guidance on micro-segmentation for NHS networks, which includes some of Cynerio’s contribution. This type of guidance helps trusts navigate through the challenges of securing their networks better.”
“There has also been funding into cyber security at trust and ICS level – it’s good to see those resources being spent, and awareness raised in this way. I am anticipating more funding to be released in the new financial year, starting in April.”
From the next financial year, Doron added, each ICS is to have a head of cyber security; this is a “step in the right direction,” he said, “as having these roles in place will support ICSs in working together and standardising on cyber security initiatives.”
Standardisation is a key benefit of working across the system when it comes to cyber security, Doron pointed out. “It enables peers to share ideas, to share best practice, and to really get the most out of the tools and means they deploy within the different trusts. Having a global view at ICS level of the security posture of each individual NHS trust gives a lot of value. We have recently engaged with one of the ICS’s in the North to accomplish exactly that.” He added that ICS working can also lead benefits around centrally procuring solutions.
What about the challenges? “It can obviously be challenging bringing different trusts to act together,” he acknowledged. “When you bring any organisations together, there can be friction. So, getting to the level of collaboration required can be challenging, but it depends on the region and on the individual ICS too. I am optimistic at the eventual outcome.”
Getting funding centrally from NHS England can also be a challenge, Doron noted; but he shared his view that NHSE is “looking at cyber security and the standardisation required favourably and very much encouraging that collaboration, so I think the input from NHSE is positive.”
We asked Doron whether he felt that there was anything that the NHS could learn from other healthcare systems across the world in terms of the approach to cyber security. He said: “We are seeing a lot of legislation and regulation happening in the US, specifically around medical device security, that NHS England could learn from. For example, there are regulations that will not allow certain medical devices to be connected into a hospital if they haven’t been strictly scrutinised and confimed as being safe from cyber threats.”
Frameworks and guidance around cyber security are “quite different in the US, in terms of the fact that the US healthcare system is primarily private,” Doron noted, “but I think the challenges at a cyber level are actually very similar in both places. The key difference is the way that funding is spent – but I think that the UK could easily adopt some of the US’s approach in this space. Increased focus on patient data security is also common to both the US and the UK. We are addressing these concerns with our new ePHI offering.”
He added that the perceived importance of cyber security and the need to bring it to the top of the agenda is “very advanced in the US. The UK isn’t that far behind, but there is still work to be done.”
Doron moved on to speak of his hopes for the NHS around cyber security over the next year or so, including an increase in spending on cyber security.
“I would like to see more guidance around the cyber security of medical devices, and just generally more money and resources going toward cyber security. Having cyber leads in each ICS is great, but we need to make sure that these positions actually get filled – it’s quite a challenge, as there are obviously 42 roles to be filled there. But I’d really like to see it happen.”
Finally, Doron touched upon his hopes for Cynerio for the next 12 months, indicating that he would like to see continued growth in the UK market.
“I think we’ve been successful so far in the UK because we have identified specific product features that are required for NHS trusts, and I would like to continue that through our partnerships with other players within the market. We’re going to grow the team here in the UK; ultimately, we just want to continue to help NHS trusts protect against the next cyber attack.”
We’d like to thank Doron for his time in sharing this insight with us.
Cynerio recently launched, a new enhanced Healthcare Cybersecurity Platform, which seeks to address some of the key cyber security challenges that health and care organisations can face, such as limited resources, a dependence on outdated tech and constant evolution of cyber threats.