Why is good UX crucial to cyber security?
The so called ‘WannaCry’ ransomware campaign that brought parts of the NHS to a standstill earlier this year, was a stark reminder that information security is of paramount importance in the healthcare industry.
As ever more medical devices and systems become part of the Internet of Things (IoT), we must ensure that security is considered at the outset of all product development. Such was the key message of ARM’s Hugo Vincent in the opening talk of Cambridge Wireless’s most recent healthcare SIG event concerning security. As Hugo stated healthcare provides an attractive target for hackers; the information that clinicians and medical practitioners store is of very high value, often on outdated or poorly maintained digital systems.
Figure 1 - UX is the key to good security (Credit: xkcd.com)
Throughout the course of the event speakers from Arm Ltd, Darktrace, InVMA, KPMG and the NHS described efforts and approaches to tackle theft of patient data and disruption to healthcare services. However, most observed that even with ever more robust encryption, multi-factor authentication and digital certificates the weakest link would continue to be the humble human being operating the device or providing the service at the point of care.
It would appear that even the best technologists, software engineers and systems architects cannot account for the behaviour of the end user. Except they can, when they consider the user experience (UX) design to be just as important as the underlying technology. If healthcare devices aren’t designed in a user-centred manner, poorly designed interfaces and ergonomics will result in products being avoided, misused, turned off or left open to vulnerability.
Equipment misuse is a serious issue in areas such as drug delivery whereby well-meaning relatives or nefarious individuals can tamper with dosage rates, causing patients to receive too much or too little medication. However, authentication technology is often determined by what is cheapest and easiest to implement rather than would what make for the best user experience. The move towards biometrics in mobile phone security has proven that there are better solutions to requiring users to remember long and complex pass phrases and pin codes.
A number of the speakers described how the ‘arms race’ between the good guys and bad guys of cyber security is leading to the development of AI based tools such as Darktrace. Historically anti-malware and security products have relied upon historical data, and familiarity with previous attack methods to protect against new ones. However, for new attacks to be effective they have to be novel and novelty is difficult to predict or characterise. Automated tools are believed by some to be the way forward, blessed with the ability to differentiate ‘normal’ from not normal and make appropriate decisions.
Whilst this sounds fantastic, AI systems are not perfect and sometimes a human being is needed to provide a second opinion or adjudicate over different recommended strategies. Therefore, the user experience of the software and the human-computer interaction (HCI) becomes a cornerstone of the success or failure of the system. This leads neatly to an emerging area of AI called XAI or ‘explainable AI’ which was mentioned during the event; in essence, a computer is able to explain its decision-making process to better allow a human to decide whether the right decision has been made. Thus, rather than AI being a ‘black box’ a human and computer can work together to improve efficiency and reduce error.
At Dovetailed we work with companies across many different and varied industries, including healthcare and security. Our user-centred and evidence based approach enables us to design and implement digital products with exemplary ease of use, efficacy and foster positive connections between products and people. Improving usability and minimising user frustration leads to better outcomes for patients, and more robust security for patient data.
Written by Robert Curtis, Principal Designer, Dovetailed