Leading GDPR Lawyer and CEO of global automated compliance platform, Naq Cyber, Nadia Kadhim warns health businesses that GDPR compliance across supply chains is as important as cyber security in protecting patient data from cyber-attacks.
A recent report from the European Union Agency for Cybersecurity (ENISA) highlights that nearly 60% of cyberattacks are targeted at the health sector. Addressing this challenge head-on is the General Data Protection Regulation (GDPR), now known as UK-GDPR, following the UK’s departure from the EU.
As one of the most comprehensive data protection regulations, GDPR lays down strict data protection guidelines for organisations handling personal data, particularly healthcare information. Its significance extends across various industries, including healthcare, where it underpins the NHS DSPT and DTAC, two frameworks which hopeful suppliers must meet to secure contracts with the NHS. Complying with GDPR is not just a legal obligation but a vital step in upholding patients’ rights to ensure their most sensitive information remains protected.
Nadia Kadhim, commented, “Failing to uphold the GDPR can have severe consequences, not only in fines and potentially lost contracts, but because it could put individuals at risk. A data breach involving patient information can lead to legal liabilities, the erosion of patient trust, and ultimately affect patient outcomes.
The effects of a medical data breach are not hypothetical. Earlier this year, several organisations, including an NHS trust, faced ICO reprimand for disclosing information which put the lives of domestic abuse victims at risk. These incidents were not the result of a cyber attack but a consequence of overlooking GDPR measures, emphasising the need for robust data protection measures.”
The increased risk to the health sector has already led to an increased demand for additional compliance measures from the NHS, hospitals, and pharmaceutical companies to ensure their suppliers meet legal and regulatory compliance requirements such as health information security and clinical risk standards.
Suppliers in the healthcare sector, including those companies providing MedTech solutions and medical devices are being asked by hospitals, care agencies, and pharmaceutical organisations to prove their compliance with standards like NHS DSPT, DTAC, DCB0129, ISO27001 and Cyber Essentials, all of which require compliance with the GDPR.
Nadia Kadhim, added, “Over half of the companies supplying hospitals, pharmaceutical organisations or the wider NHS lack basic cyber skills to protect themselves from attacks. If you are one of those suppliers, you must ensure that you don’t treat NHS DSPT, DTAC, DCB0129, GDPR and ISO27001 as paper ‘tick-the-box’ exercises. Rather, take the right measures to protect patients from real-world, far-reaching damage.”
Many firms across the health industry are utilising Naq Cyber’s automated compliance platform to meet the stringent information governance and cyber security requirements required to work with the NHS. This unique and bespoke solution automatically delivers the necessary compliance required based on location, language and sector-specific legislation, allowing companies in the medical space to not only fulfil their customers’ requirements but also turn compliance into a competitive advantage and impulse to growth.
To find out more please visit the Naq Cyber Website – Click Here