David Newell, Gemserv’s Head of Health, and Ian Davis, Gemserv’s Head of Information Security examine some of the threats – both cyber and physical – that could be faced as the huge inoculation campaign against the coronavirus gets underway.
AFTER nine months of home working and furlough anxiety, of banana bread and Zoom quizzes, we could all be forgiven for getting very excited about the regulator’s approval for Pfizer and BioNTech’s vaccine. The coronavirus pandemic has not only taken its toll on our health and our economy, but also on our nerves.
Yet, amid all the anticipation, are we overlooking the security pitfalls of this unprecedented event? A nationwide immunisation programme has never been attempted on this scale – and it raises a host of questions.
Over the coming weeks and months, healthcare officials and government experts will be keeping a close eye on challenges ranging from activism against mass vaccination through to the protection of personal data and the continuity of vaccination delivery. Distributing vaccines is a tough enough task without adding extra complications.
Activism against mass vaccination
Some experts have suggested a vaccination rate above 80% is needed to contain the virus and so there’s a serious threat from antivax campaigns spreading disinformation, which could limit uptake.
The UK Government has no legal power to force people to be vaccinated and introducing emergency legislation to make the vaccine compulsory could be counter-productive by alienating doubters. Instead, the success of the inoculation programme will depend on public confidence in the vaccine.
With public confidence already undermined by track and trace and the excel gate, confidence could be further undermined by anti-vaxers spreading false information. We have seen stories spreading already – like the vaccination programme is being used for intelligence gathering or to insert nanotechnology into people – or by activists portraying the lifesaving rollout as a challenge to civil liberties. Let us not forget the simple reality of ignorant social media users sharing content without thought is equally as dangerous.
The threat is very real. Activists in Europe have used aggressive techniques – both in person and online – to disrupt national rollouts. There are concerns that activists might try to disrupt the vaccination programme by using “hackers for hire” to block access to healthcare information systems or by mounting physical attacks against distribution infrastructure, as we saw with the burning of 5G masts during spring’s lockdown.
There are also threats from other nations; IBM warned hackers, although the identity remains unclear, the sophistication of their methods indicated a nation state – had tried to attack the “cold chain” needed to store Pfizer’s vaccine. The revelation followed the UK warning in July that Russian intelligence had targeted Oxford’s vaccine research, while the United States has pointed the finger at China, and Microsoft has highlighted threats from North Korea. Is it inevitable that cyber breaches will increase as vaccine production begins?
Challenges to the protection of personal data
Data protection is strong throughout most of the NHS. It would be easy to assume personal data protection during the vaccination rollout would not be compromised and would simply follow established, business-as-usual procedures.
Yet there are some areas that will need extra attention; for example, the former healthcare workers who are hired to administer the jabs will need to be brought up to speed on recent changes to data security practice. Workers’ data training may not be checked in the rush to hire enough staff.
Then there are the physical considerations too. Temporary vaccination centres are unlikely to have established, hardened data systems – can the NHS furnish these sites with secure data processing systems in the time required?
We have already seen that information governance in its widest sense has been a causality of rapidly implemented technology solution during the pandemic. The most visible case being the inappropriate use of spreadsheets to consolidate and report test data. This proved to be inaccurate in the extreme. This simply can’t be acceptable during the vaccination programme.
Continuity of vaccine delivery
Finally, the scale of the programme and the challenges posed by vaccine handling will present a continuity headache for those trying to get in excess of 100 million doses to the population during 2021. Pfizer’s vaccine must be stored at
-70C, which means personnel will be needed who are trained to handle super-chilled products.
There’s no room for errors with time-sensitive transport – any delays in delivery from Belgium or during onward transportation could compromise the doses this includes the potential impact of the outcome of Brexit negotiations. Packs can be stored in dry ice for up to ten days, and then a further five days in fridges of between 2C and 8C, but there are still logistical challenges to prevent wasting phials.
Two doses of Pfizer’s jab need to be administered at least three weeks apart, creating a challenge for data processing systems. The right number of doses need to be available at the right centres at exactly the right time.
None of these challenges are insurmountable. Yet they illustrate the complexity of rolling out the vaccine – and why the health service’s data security processes and procedures need to be ready to cope.
To read David Newell’s other blogs on Covid-19 and the vaccine, please click links below: