We all witnessed the NHS falling victim to a crippling ransomware attack that took out most of the major IT systems in up to 45 sites across the country including general practices. In the following days and weeks, clinical personnel were unable to access information on the central network, including patient records, x-rays, blood results and appointment information.
In order to reduce disruption and delays in treatment, doctors sought alternative methods to communicate with each other, with some choosing to use the consumer messaging service WhatsApp. In the case of the Royal London Hospital, they told its staff to use the application to share pictures of scans to help with diagnosis, suggesting it was a ‘secure and infallible way’ to decide on the best course of treatment.
However, despite this individual case, the Trust said the use of WhatsApp was ‘not in line with their policies’; the reasons for which were not disclosed. However, there are a number of assumptions that can be determined in relation to the use of consumer messaging apps to transmit sensitive personal information: