If the Iranian government can take down one of the wealthiest oil companies in the world, could they do the same to the NHS prescription system, asks Peter Kelly…

Here are some interesting questions. Has the electronic prescription system (the spine) ever been attacked by a foreign hostile nation? If it was, would we, the public, be told about it?

How much money is being spent to protect the security and integrity of the system? What are the projected security costs over the next five, 10, 20 years, etc? Is there any threshold of cost that makes the system unaffordable?

I love the electronic transfer of prescriptions (ETP) system. It makes prescriptions easier and quicker to dispense, easier to read and much easier to claim. The convenience of the system is fantastic. Occasionally the system goes down. In my experience, it is never for too long.

I think the longest was a few hours. I work in a bricks-and-mortar pharmacy close to a doctor’s surgery. When ETP went down, we informed patients and the surgeries and told them to print tokens. We dispensed the tokens as if they were prescriptions and then when the system was back up and running, we ran the ETPs through. We were in a position to do this due to our geographical proximity to the surgeries.

If we were a centrally located dispensing hub, hundreds of miles from the surgeries we were dispensing from, this would not have been possible, but the system only went down for a few hours so it didn’t matter. But what if the system went down for a week?

At the minute, while this situation would be extremely stressful, there are probably enough bricks-and-mortar shops close enough to surgeries to work through this. Will that always be the case?

What is ‘zero-day vulnerability’?

According to Google, a zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit or zero-day attack.

A zero day is basically a weakness in the code that, if found by a hacker, can give the hacker an opportunity to alter the system. In some cases, a zero day can allow the hacker or hackers to take complete control of the system and alter it in any way they want or even completely erase or dismantle the system. Let me give you an example.

In the New York Times best-selling book, This is how they tell me the world ends – the cyberweapons arms race, Nicole Perlroth details a cyber-attack by the Iranian government on the Saudi Arabian state-owned national oil company Saudi Aramco. In 2012, the oil company was attack by the Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens.

The virus erased data on three-quarters of Aramco’s PCs and the company was forced to shut down its network and destroy 30,000 computers. If the Iranian government can take down one of the wealthiest oil companies in the world, can they take down the NHS prescription system?

The world is at war. We are always at war but currently it is more pronounced. With Russia’s invasion of Ukraine, Hamas’s terrorist attack on Israel, Israel’s military operation to destroy Hamas in Gaza, Hezbollah firing rockets at Israel, Yemeni’s Houthi forces attacking ships in the Red Sea – the world appears to be dividing into two clear sides.

Britain has very obvious hostile enemies and some of them are very proficient at cyberwar. Russia, China, North Korea and Iran have all showed skill in cyber warfare and the brazenness to attack. This means that you have to pay for cyber security.

The problem with paying for cyber security is how much is enough? Can you ever afford not to pay? Wages within the NHS have not kept pace with inflation and everyone feels underpaid. The government has told junior doctors they cannot give them the pay rise they are looking for because they cannot afford it.

I think that in pharmacy, we are sleepwalking into an infrastructure that will consist of less bricks-and-mortar stores and more a network that is digital and centralised. In theory, this should produce a more cost-effective system due to efficiency savings but that ignores the reality that we will live in a hostile world.

And digital infrastructure is much easier to attack and destroy than physical infrastructure. I also believe that the costs of protecting this system will become extortionate, leaving less money to pay wages for frontline workers, creating more tension, disruption and disharmony within the system.

Now let’s look at those questions again. Has the ETP system ever been attacked by a foreign hostile state? And if it ever is, will the public be told? How much is currently being spent protecting the system?

What are the future predicted costs of protecting the system? Is there any cost threshold that makes the system unaffordable? Junior doctors want a 35 per cent pay rise but the government sees that as unaffordable.

And yet if cyber security companies ask for pay rises, what percentage will be deemed unaffordable?

Peter Kelly is a community pharmacist based in London and a stand-up comedian.