Cybersecurity in South African Health IT





Join us on the 16th of January 2017 for a #hcsmSA Twitter chat about Global Cybersecurity and Health IT as a lead up to the HIMSS 2017 conference (#HIMSS17) in Orlando, USA.

Vanessa Carter

Date: 16/01/2017
Time: 18:00 SAST | 11:00 EST | 16:00 GMT

Hashtag to use: #hcsmSA
How to participate 



questionsStart your answers with T1, T2, T3, T4 or CT for transcript purposes after the moderator prompts.

T1: Who is behind health IT cyber attacks and why?

T2: What sort of medical devices and data are at risk and how?
(e.g.: wearables, drones, sensors, mobile apps, robotics, sensors, digital platforms, medical records)

T3: Why is it important to globalise cyber security policy in health IT?

T4: What makes us vulnerable to cyber attacks, especially in developing countries?
(e.g. policy, corruption, shortage of health IT personnel; i.e.: cybersecurity workforce)

T5: What measures could citizens or governments take to improve cyber security?

CT: Closing Thoughts – What do you think is important to add to this conversation?

Community Etiquette

  1. Twitter chats are public. Even though you are using a tool like “”, all of your tweets will still show up on your Twitter profile timeline.
  2. Respect other members of the community. This is a place for sharing ideas unobjectively and our focus is about collaborating for change. Good etiquette is part of the Twitter Terms and Conditions of use and any disrespectful behaviour can be reported. This includes spamming.
  3. Don’t be afraid to lurk. Participation is encouraged even if the topic is not within your expertise your perspective still matters.
  4. Visit to check out the analytics and transcript which is open to everyone in e-Health R&D.
  5. If you don’t understand a question from the moderator, don’t be afraid to speak up and ask for clarity.
  6. Use this opportunity to network with other stakeholders by following them on Twitter.
  7. When entering the chat, first introduce yourself and what you do.
  8. If you agree with a members comments, go ahead and retweet them to show support.
  9. The chat runs for 60 minutes, but you can join in at any time during the conversation.

hcsmSA is open to all stakeholders in healthcare, both locally and globally. We model our topics around the UN Sustainable Development Goals (SDG’s) and believe that inclusivism and diversity are the future denominators of ethical, 21st-Century ICT design research.
We invite patient advocates, NPO’s, doctors, nurses, IT developers, marketing companies, policy-makers, event organisers, journalists, academia, payers, caregivers, pharma, entrepreneurs, scientists and anyone else wishing to contribute towards Sustainable Health Development globally.


Why is Cybersecurity important to Health IT?
We are heading into the age of information, where knowledge and data will be key, especially in our health management, therefore cyber risks resulting from interconnectivity to the internet and enterprise systems must be taken seriously as we increasingly add devices and people. An article explains the Medical Internet of Things (mIoT) as “medical devices and applications that connect to health IT systems through online computer networks”.  Those digital medical devices range from mobile apps, ingestible sensors, EHR, digital platforms, robotic and bionic prosthetics, robotic surgical equipment such as the Da Vinci systems, Bioprinters, wearables and even Smart clothing. A Bizcommunity article even made an interesting suggestion about drone-jacking. Drones will be a major contributor towards improving access to medicines in rural Africa and globally as demonstrated in this video.

One of the main exhibition areas at the upcoming HIMSS17 health IT conference in Orlando is focused on cybersecurity. Watch the video below and read their latest 2016 HIMSS Cybersecurity Survey. As a social media ambassador, the hcsmSA moderator (@_FaceSA) will be sharing live updates during the 19th – 23rd of February 2017. Be sure to follow her for curated news or on the event hashtag #HIMSS17.

Video courtesy of HIMSS and healthcareITnews


Globalisation of Health IT and Cybersecurity
Health, alongside Industry R&D in many sectors, relies on the use of personal data. The “promise” of big data for medicine and wellbeing is that the mining of such data will revolutionise healthcare in the same way that other sectors have been impacted by understanding consumer behaviour at various scales. The ownership of this data, however, imposes stringent ethical standards on the user, and there are currently several attempts to provide stronger regulatory frameworks around the collection, deployment and dissemination of such data. The most sustained and stringent version of these frameworks is developing in the EU, titled, the General Data Protection Regulation (GDPR). The GDPR entails a single set of data protection and privacy rules across many sectors and is aimed at empowering (and protecting) the citizens as data subjects, as well as establishing legal certainty for business based on clear, uniform rules. The GDPR will apply to all organisations in and outside the EU that deal with the personal data of EU individuals. The regulation entered into force on 24 May 2016 and will apply from 25 May 2018.

These concerns have been driven by high-profile and very significant security lapses in the private sector and a persistent interest by government to gather as much data as possible, seemingly by any means, to respond to security threats real and more remote. Health-related data is seen to be especially sensitive to a variety of serious concerns and outright abuse, such as privacy issues, understanding of and granting consent in ethically-challenging contexts and maintaining data to allow for further research and as a check against scientific fraud. Some of the questions for consideration include (1) striking a balance between risks (such as privacy concerns) and benefits (better care), in terms of the richness of data vs its minimization; (2) the differences and relationships between publicly funded and privately funded and corporate research, especially as is usually the case in health-related work when these three modes are significantly mixed; (3) the complexities surrounding how data ownership and the rights and duties of access to, and control of data, are granted and/or able to be revoked by research participants; (4) the relations between data providers, data controllers (and co-controllers in the projects with multiple partners) and data processors; and (5) the relation between new regulatory frameworks, such as GDPR and older codes of research and clinical conduct, such as the Clinical Trial Regulation and various disciplinary ethical frameworks.

Expert contribution by Dr. Jamie Saris, Senior Lecturer in the Department of Anthropology, NUI Maynooth. – (Medical Anthropology, Global Health Expert)


Cybersecurity and the Sustainability (SDG’s)
Referring to an article explaining the United Nations Global Cybersecurity Index, the Director of ITU’s Telecommunication Development Bureau, Brahima Sanou, told the Dubai forum: “In embracing technological progress, cyber security must form an integral and invisible part of that process. Unfortunately, cyber security is not yet at the core of many national and industrial technology strategies.”

A recent article from the Internet Society suggests that a collaborative security approach building trust in online services is essential to the Internet’s continued growth. People need confidence that their data are secure and the networks and services they use reliable if they are to take full advantage of the Internet. Businesses and development stakeholders need data security and network reliability, particularly when delivering important services such as those concerned with health or financial transfers. ISOC has called for a collaborative security approach to internet security, built on fundamental human rights and internet properties, collective responsibility, agile responses based on expertise and consensus, and local action to address global challenges.

A Stanford University research group further suggests that IoT-powered smart cities stand better chances of becoming healthier cities but the responsibility of laying the digital groundwork falls squarely on the shoulders of cyber security professionals.

Pharmaceutical R&D
The Pharma IoT concept involves digitalization of medical products and related care processes using smart connected medical devices and IT services (web, mobile, apps, etc.) during drug development, clinical trials and patient care. The outcomes of Pharma IoT in development and clinical trials can employ combinations of advanced technologies and services to create totally new kinds of disease treatment possibilities.

According to a recent Forbes article, the popularity of wearables and biosensors in the clinical trial research and development area is expanding. With the recent Obama signing of the 21st Century Cures Act to accelerate Precision Medicine, some say this market is expected to reach USD 661.74 Billion by 2021. Patients are highly favourable about this controversial Act for obvious reasons which include acceleration of innovative and personalised treatments.

It is well-known that attacks on the critical infrastructure of the chemical and pharmaceutical industry are high on the priority list of cyber-criminals and cyber-terrorist groups. Therefore, critical attention would have to be placed on security measures to protect patients and providers.

What can e-citizens do to stay safe?
One good example is available in an article written by the Department of Health and Human Services USA which provides a 10 point checklist for good practice and also suggests that the weakest link in any computer system is the user. However, it shouldn’t only be a user’s concern, in many instances, innovation is so fast paced that these integral security measures are overlooked by developers, policy makers and government. In a sensitive economic area like human health our lives may depend on it.

panel-expertsTzvi Brivik tzvi-brivik
Director and Partner
Malcolm Lyons and Brivik Attorneys, South Africa

Established in Johannesburg in 1965 Malcolm Lyons founded the first legal firm in South Africa to specialise in Personal Injury Law.

Recognised as leading lawyers in South Africa with an unrivalled reputation for obtaining high levels of compensation for victims of accidents, medical malpractice or hospital negligence and for effectively handling unfair labour practices.

The firm has been responsible for some historic legal decisions, there include;
– The court decision giving the right to a mother to sue for damages for the wrongful birth of her severely injured child.
– The rights of over 3000 South African victims of asbestos disease whose cases proceeded in the U.K

The practice has 6 lawyers and 2 candidate attorney and is associated with firms in Europe and the USA who work with us to handle overseas claims. We attend national and international medical, medico-legal, personal injury and labour congresses. We have lectured on third party insurance and personal injury law for the Association of Law Societies since 1981.

Malcolm Lyons & Brivik Incorporated is pleased to advise that they offer healthcare practice support insofar as electronic process and communication in healthcare concerned.




Dr. Nick van Terheyden,
Chief Medical Officer,
NTT Data Services
Healthcare & Life Science

Dr. Nick is the Chief Medical Officer for NTT DATA Services Healthcare & Life Sciences (HCLS) business, where he is responsible for providing strategic insight to help NTT DATA advance its support of healthcare organisations, medical professionals and patients through information-enabled healthcare. He helps NTT DATA’s global healthcare customers develop a strategy and apply technology to achieve an IT environment that is interconnected, efficient and patient-focused.

Dr. Nick brings a distinctive blend of medical practitioner and business strategist, both national and international, to the realm of healthcare technology. A graduate of the Royal Free Hospital School of Medicine, University of London, Dr. Nick is a pioneering creator in the evolution of healthcare technology. After several years as a medical practitioner in London and Australia, he joined an international who’s who in healthcare, academia and business, in the development of the first electronic medical record in the early 1990’s and later, as a business leader in one of the first speech recognition Internet companies.

His rare combination of patience, creativity, skill and intrinsic business ethics has led him to a diverse career in healthcare with some of the most prestigious hospitals, consulting firms, and technology companies. He is a member of the HIMSS mHealth Committee where he pays attention not just to processes and systems, but to people. His ability to speak in terms people can actually understand makes him a sought-out speaker on the practical and futuristic use of healthcare technology and how it can cost-effectively improve patient care.

In addition to writing and lecturing on futuristic trends in healthcare technology, his advice and counsel is sought by hospitals, physicians and other allied healthcare professionals — all of whom are trying to figure out how to integrate and use technology to make the healthcare system work from the perspectives of quality and financial success.




Director of Privacy and Security, HIMSS North America

Ms. Kim is the Director of Privacy and Security at the Healthcare Information and Management Systems Society (HIMSS) North America. Ms. Kim’s roles include threat analyst, legal analyst, industry thought-leader, collaborator, and liaison, with a focus on health information privacy and information security.

Ms. Kim is a member of the Healthcare and Public Health Sector (HPH) Coordinating Council Cybersecurity Working Group and the SANS Institute Securing the Human Healthcare advisory board.
Ms. Kim is a licensed attorney in the District of Columbia and the Commonwealth of Pennsylvania and a registered patent attorney with the United States Patent and Trademark Office. Ms. Kim is an AV peer review rated attorney in the fields of healthcare and intellectual property law.

Monthly Cybersecurity Reports