Healthcare Needs Protection from Its Own Innovation

Data play a critical role in healthcare relationships — whether that’s between patient and doctor, doctor and device or device and patient. Technology advancement and innovation have shifted the center of who is in charge of a patient’s healthcare. Instead of the doctor acting as the sole decision maker for a patient’s care plan, a broader consumer model has emerged in which the medical record is becoming democratized. As a result, patients and doctors are now partners in the management of care.

Stanford University School of Medicine’s annual Health Trends Report attributed this to the volume and rate at which data are being exchanged between individuals and organizations. Last year alone, the industry witnessed both technological and regulatory improvements (such as through the Global Medical Device Nomenclature) to accommodate patient data collection on medical devices that are supplied to hospitals. Providers are also being encouraged to create a more seamless experience for patients, driven by new technologies that are shifting the healthcare landscape.

This is an incredibly exciting time for the industry at large because digital transformation will undoubtedly reduce costs, empower providers and improve patient outcomes. However, these advancements present a major challenge: the burden of securing the leading edge. To date, the industry has not been able to keep up with the pace of innovation — from insecure legacy systems to hacked devices and massive breaches of patient records.

Big Tech Advancement, Bigger Security Burden

There are five disruptive trends that pose the greatest cybersecurity risks for healthcare organizations:

• Robotics have been integral to the healthcare system for decades. A great example is Intuitive’s da Vinci surgical robot allowing surgeons to perform complex procedures with improved precision and control. But the scope of work is widely increasing in the form of process automation, connecting the end-user patient with their test results and account and then answering questions via an automated chat or directing them to the appropriate resource. Imagine what could happen when medical records are hacked in transit or get into the wrong hands.

• Artificial intelligence has the potential to analyze large amounts of critical data in real time and make decisions faster than any human could. For example, AI can analyze CT scans up to 150 times faster than human radiologists and detect acute neurological events in just 1.2 seconds. If this software is not fully secure, both input and output can be manipulated, leading to error and misuse of data.

• Connected devices are storing energy more efficiently, which means they can last up to 25 years. This reduces the need to regularly replace pacemakers and insulin pumps, but it also means that these devices will rely on over-the-air updates across open networks. Devices that aren’t secured at time of manufacture pose a great threat to the patients and hospitals that use them.

• 3D printing has the potential to dramatically change the landscape for organ transplants: increased speed and precision, cost reductions and advancements in prototypes. However, 3D printers that operate on open networks may be vulnerable to sabotage, theft or device takeover.

• Big data in genetic research can lead to enormous breakthroughs and advancements in genomics. Quantum computing is also poised to advance DNA sequencing and personalized medicine. Hospitals and research organizations are tasked with protecting this data — and in many cases, traditional encryption technology is not enough.

There are clearly enormous security challenges associated with the amount of data and information that the industry will rely on as these five core technologies continue to progress.

Providers Must Lead the Charge for Industry-Wide Security Standards

There’s no doubt that communicating beyond the boundaries of hospital walls is the future. As a result, a new perioperative loop is emerging — one that includes medical device manufacturers, electronic health records services, hospitals, doctors and patients. Connected healthcare works only if it’s secured at every point in the ecosystem.

How do hospitals protect the digital identity of every patient at every point — from data to device — while embracing the changes that are critical to disrupting old processes and improving performance and results? The U.S. Food and Drug Administration recently released guidelines on medical device security as a framework for healthcare providers to plan for and remediate threats. The guidance is primarily focused on how to respond to attacks once they’ve occurred. Buts there’s also opportunity to outline sensible actions that can help prevent these same attacks before they happen.

Providers need to be the loudest voice in the demand for industry-wide security standards and best practices because they incur the greatest risk. This goes far beyond what has been issued by the FDA. These guidelines should be developed in the trenches with input from doctors, administrators and IT, in direct collaboration with solutions providers. And patient safety should remain front and center as strategies are built.

There are tremendous constraints when trying to weave disparate technologies into a secure connected system, but the healthcare ecosystem must face the challenges head-on. Hospitals shouldn’t have to scramble to implement security after deployment. Tomorrow’s healthcare leaders will be those who make improved patient well-being and data security a reality throughout a patient’s entire perioperative experience.

Kevin von Keyserling is CEO and co-founder of Keyfactor.

Related

Tech Requires Design Thinking to Improve UX & Care

How a Netflix Algorithm Can Speed Up Biological Imaging

Health Tech Can Put Patient Safety at Risk