Doctors tell us that getting a jab is the best protection against the ‘flu, even though the effectiveness of the latest vaccine is based on last winter’s strain of virus.
In this respect, health is like online security: a new mutation will always expose a gap in your defences. Our trust was recently the victim of a computer virus that had never been seen before.
We haven’t seen it since, either: within hours of the outbreak our anti-virus protection software supplier had quarantined the virus, not only for us but for all its global commercial clients too.
Was this a deliberate cyber-attack? No.
Despite loose talk in the trade about what this particular Trojan malware might do, it was not ransomware, there was no blackmail threat, our computer systems were not hacked, and no patient data was lost, stolen or affected.
Nevertheless, we took the virus extremely seriously, and checked every single clinical system, application and PC to make sure no network files were infected.
We won't ever know precisely what damage the virus could have done, because the quarantining is so effective you can't see what’s behind it.
However, the episode was a salutary reminder of the risks of opening email attachments or weblinks from unknown sources.
when I see reports that Isis hacked NHS websites to broadcast its vile propaganda, my first reaction is that, given the ageing nature of our IT infrastructure, the chances are these videos wouldn’t play on most of our computers.Jon Hibbs, director of communications and engagement, Barts Health NHS Trust
So when I see reports that Isis hacked NHS websites to broadcast its vile propaganda, my first reaction is that, given the ageing nature of our IT infrastructure, the chances are these videos wouldn’t play on most of our computers.
My second thought is, what’s the point of hacking into the NHS, other than to demonstrate that they can cause disruption?
The terrorists get an easy headline, but there’s no evidence they are after medical records, never mind that these could be compromised.
Our trust doesn’t actually hold patient data on our servers anyway.
Our clinical systems are hosted by Cerner, whose top security data centres are used by hospitals all over the world.
Our patients should have no cause for concern.
Is the NHS more vulnerable than other organisations? Sure, we have a lot of employees, so we are at the mercy of human behaviour.
There is a proportionately higher risk that someone will be tempted to surf the web at work and find something they shouldn’t - and a commensurate challenge to educate staff about appropriate online behaviour.
Yet we also have a huge number of customers, deal with a subject that affects everyone, and enjoy a higher public profile than many other institutions.
In that sense, we will always be an easy target for those who want to make a point. That’s another reason why we can’t afford to be complacent.
We will always err on the side of caution to reduce risks, even if we would rather invest the time, effort and money on what brings us into the NHS in the first place, improving patient care.
Jon Hibbs is the director of communications and engagement at Barts Health NHS Trust