Front Page

Why Healthcare Teams Should Beware of the WhatsApp Hack

Last week’s revelations of the “cyber-surveillance” attack on WhatsApp, which deployed Israeli spy software to monitor the phones of specified users, has further highlighted the security vulnerabilities inherent in the Facebook-owned messaging app – and further illustrated its unsuitability for use in a healthcare environment.

Matt Hancock insists that doctors must abandon pagers by 2021 and instead use smart phones and apps to communicate. The risks of using consumer messaging tools for this purpose have been identified, but despite contravening strict regulations around the use of WhatsApp, Facebook Messenger, Snapchat and similar platforms, they are used extensively by smartphone-carrying doctors and nurses to communicate while at work.

An integrated approach to delivering healthcare is key to improving patient experience and outcomes, and is the main driver behind the extensive use of messaging tools in the sector. The benefits of being able to easily look up and connect with other clinicians and support staff securely in real-time can be seen across the board from hospital wards to community nursing and mental health units. With this in mind, it’s easy to see the need for an application that is designed in line with the specific compliance and security requirements of the NHS.

Surgeon and IT developer Neville Dastur comments, “The ability to coordinate colleagues and quickly source expert opinions from your smartphone is invaluable. Healthcare teams are working more collaboratively than ever before but it’s also important to know that what you’re sending is secure, maintains patient confidentiality, and complies with the right regulations. While the use of WhatsApp isn’t sanctioned, it’s convenient and people will continue to use it if other options aren’t made available.”

Having experienced the situation first hand, Dastur decided to create his own app with the help of former technology journalist and digital product manager James Flint. Together they designed a messaging service – Hospify – that would give healthcare professionals the convenience of the apps they found so useful, but with the built-in security and compliance that would allow them to communicate freely without compromising patient information or their own privacy.

“After years of reading and publishing stories about badly managed and over-priced NHS IT projects,” says Flint, “I decided to stop moaning and try and actually do something about it. Neville’s unique combination of clinical and technical skills meshed really well with my experience of building digital platforms in the mainstream media. We then worked with the team at DCSL Software to refine the technology and build out an architecture that would keep all sensitive data encrypted and safe in the users’ phones instead of on insecure servers that are vulnerable to all kinds of cyberattacks.”

According to Dastur, the latest headline-grabbing hack “was a result of a side line attack on the VoIP (Voice over Internet Protocol) library in WhatsApp. The platform clearly uses some of its users’ data for marketing purposes and following the latest attacks it seems it leaves phones on which it is installed vulnerable to being read by hostile software. At Hospify we are absolutely strict in not allowing any access to data in this way, so we haven’t had to make the security compromises that WhatsApp has.”


Join our audience of healthcare industry professionals

Join our audience of healthcare industry professionals