About The Atos Origin Alliance (AOA)

The Atos Origin Alliance (AOA) is a unique alliance, created between Atos Origin, IBM and Sopra Group to provide NHSScotland with the ultimate team, fit to support the Scottish Health Service of the future.   

The aim of the AOA is to use our extensive capability, capacity and experience to support all NHSScotland organisations in improving patient care for the people of Scotland.

The partners within the AOA have over 4,000 staff in 21 offices throughout Scotland, delivering IT services solutions to customers across the country. This includes over 350 NHSScotland dedicated individuals operating from main sites in Livingston, Dundee and Linwood.

Background

NHS Dumfries and Galloway has worked with the Atos Origin Alliance (AOA) to secure mobile patient data access. As a result, in a ground-breaking scheme, doctors and nurses in the NHS Board's hospitals have been issued with mobile devices to replace the need for hand written documents on the wards.

Mobile devices are transforming working practices in many fields and introducing new potential for efficiency, flexibility, and faster communications.

Mobile devices are transforming working practices in many fields. They enable information to be captured and accessed real-time by staff who work on the move. They introduce new potential for efficiency, flexibility, and faster communications.

Doctors and nurses on ward duty can benefit from using mobile devices to update and manage patient data fast and accurately. However, NHS Boards have to be certain that there are no security risks with such sensitive information.

NHS Dumfries and Galloway provides health care for its 148,500 citizens. It covers a large geographical area of about 2,400 square miles, and operates 10 hospitals. Patient care is a key focus area, and the Authority emphasises its importance with an 'Improving Patient Safety' initiative.

The Challenge

NHS Dumfries and Galloway had agreed a mobile device programme for its hospital doctors and nurses. A software application had been purpose-developed for use on the devices. After some initial piloting, the prototype system was found to work well on a functional level but the NHS Board then needed to assess in depth the level of security risk to patient data. Since they lacked specialist security expertise in-house, they sought a partner with the right skills from within the NHSScotland IT Services Contract.

Our Solution

The use of the AOA's specialist skills was endorsed to the NHS Board by the Scottish Government's Security Lead Officer.

We then:

• Investigated the security of each device to be used, and the risk of data loss or
  unauthorised access
• Assessed security of the application and its use of data storage on the mobile devices
• Reviewed potential security risks for staff using devices: by taking them home, or losing
  them on public transport, for example
• Recommended measures for reducing levels of risk

We looked at the following threat agents as part of the testing exercise:

• Internal NHS
• External to the NHS
• Unauthenticated users
• Authenticated users
• Trusted users

Our assessment was that predicted risks were clearly evident in a number of areas, but could be significantly reduced if our recommendations were followed.

Unencrypted transport

The software application was available over clear-text connection, without SSL or TLS encryption. Without encryption, attackers who can intercept application traffic could 'eavesdrop' on active application sessions, revealing patient data and login credentials.

We advised that:

• In the live implementation, SSLv3 or TLS was used to protect the application sessions.

Caching and screen shot security

When an application is closed on one of the devices, a screen shot is retained immediately before the application is shut down. Additionally, words typed on the device's keypad are stored in an unencrypted cache on its internal storage, so if the device was ever hacked into, patient data could potentially be acquired. The features cannot be disabled because they are integral elements of the operating system, so another solution was required.

We recommended that:

• Users of the application should be trained to build list views of their patients to reduce the need to enter names into search forms. They should not be enabled to enter patient names in any of the free-text areas of the application used for storing medical information.
• Users should log out of the application before closing it. Screen shots would then show only a blank login page.

Back up storage

Data backed up from the application was an important area of risk. If the backup was on a networked system, it was potentially vulnerable to remote access.

Our recommendation was:

• Use a password-protected, non-networked system for backup, located in a secure environment.

Security policy

Through our collaboration with the application developer during the test, the security of the application was improved and the risk of patient data compromise was greatly reduced – although it was not possible to lock the devices down to a level of security that removed all risk. A low level of risk inevitably remained, due to the mobile nature of the devices.

To further reduce this risk, we recommended that:

• The NHS Board introduced an information security policy specific to the use of mobile
  devices, with accompanying and user guideline documentation, to make explicit that:
  • The devices may not be removed from hospital premises, or connected to any other
    devices by USB, Bluetooth or wi-fi (except to connect to the NHS Dumfries and
    Galloway secure wireless network).
  • The devices may not be used to perform any functions other than those directly
    required and permitted for the use of the application.

The Benefits

As a result of the AOA report and recommendations, NHS Dumfries and Galloway piloted the project and have since begun running it as a programme which is improving speed and reliability of patient data collection. This is particularly important as shorter working hours for NHS staff has increased the number of shift handovers, potentially affecting data collection efficiency and data loss. The initiative has helped enhance NHS Dumfries and Galloway's reputation as one of the country's most progressive NHS Boards.