Contributor: Vidya Murthy, WEMBA’42
To learn more about Vidya, click here.
Healthcare is accused of a lot of things: being inefficient, slow to change, and ineffective in adopting technology. It seems like the perfect breeding ground for disruption and new ideas - but are we sufficiently considering cybersecurity as we innovate?
State of Affairs
A look at research and development (R&D) investment in healthcare in 2018 shows that healthcare was the second most well invested industry, with a prediction that by 2020 healthcare would surpass computing/electronics R&D. While acknowledging the pandemic has indelibly changed how healthcare is valued in the foreseeable future, it should not be surprising that we see healthcare data from 2019 reached unprecedented value for exits.
With so many of the innovations focused on connectivity, cloud-based assessment, or even bluetooth-enabled functionality, why is it that healthcare cybersecurity is often only discussed as related to HIPAA? Is it the fear of showing up on the U.S. Department of Human and Health Services (HHS) wall of shame, or the headlines regularly outlining another leak of personal health records that contribute to this myth?
The truth is, healthcare cybersecurity is so much more than that, as every system that enables the delivery of care relies on secure connectivity. Think about all the medical devices that operate in healthcare delivery organizations (HDOs), or the electronic health record (EHR) system and the equipment required to monitor a patient’s home in a rural corner of the world, for example. With every assumption care providers make about how a system is designed or what users will try to do with it, we see a crack where cybercriminals can and will try to break in.
Even in the midst of a pandemic, cybercriminals have exploited that connectivity by shutting down a testing facility in the Czech Republic, attacking vaccine testing facilities, and sending more than 18 million COVID-19 related scam emails on a daily basis.
Trend of Connectivity
We often dream of healthcare innovation as changing a clinical intervention or enhancing a patient experience. Yet increasingly, this includes connecting devices with a desire to ‘do something’ with the data gathered. Increased connectivity ushers in new possibilities for clinical care, while also introducing a mandate for transparency throughout the value chain.
The convenience developed by the tech industry has seemingly filled in the need for COVID-19 socially distanced groceries, food delivery, and video chats. But the reality is, many of these services employed a common working practice in the startup world: fail early, fail fast, and fail often.
While this iterative process helped these platforms, it unfortunately does not translate into healthcare startups. When the care of a person is on the other end of a piece of technology, failing has real consequences.
While tech has made a big difference in supporting COVID-19 responses, these are all reactionary behaviors. In general, healthcare cybersecurity is not embedded into existing processes elegantly, is difficult to maximize for scalability, and, all-too-often, is not efficient.
When combined with the idea that the budget for healthcare IT as a percentage of revenue is almost twice as much as it is in other industries, yet healthcare is targeted for cybercrime 2-3 times more frequently than any other industry, it seems healthcare connectivity and cybersecurity are in need of disruption. Thankfully, and accelerated by the pandemic, these systems will be rebuilt in our lifetime. In a way, this will allow for normal functions through future “black swan” events.
Consider Cybersecurity When Innovating
Healthcare must somehow find its own standard for secure connectivity. Many of the startup idioms, such as pushing out a minimum viable product (MVP), catching a hot trend, or moving fast and breaking things, do not work in healthcare.
Last year, researchers showed that hackers can manipulate real lung CT scans and trick both practitioners and algorithms into misdiagnoses. In recent months, the mass pooling of genetic and personal health information has shown great results in care, but also introduced new privacy concerns.
Earning and maintaining trust, just like in patient care, is the only way to ensure a product will be relied upon by patients and providers.
As the pandemic has shown us, well-designed systems can enable telemedicine to be an effective and efficient alternative to treat those who do not require physical care. For this to continue once patients “have a choice” to return to in-person care, innovation in this platform will need to occur to meet patients' needs. And steps will need to be taken to ensure health disparities are not further exacerbated by the shift to virtual care due to inequality in access to the technology necessary to support telehealth appointments.
The software that will enable real-time, continuous monitoring will need to be developed in order to provide confidence the data is reliable. Vulnerable populations will directly benefit from technology that can address and understand the complex health needs of patients without introducing new risks. And in the zealous pursuit of leveraging algorithms to assist in diagnostics, focus is required to avoid or correct for the bias which can lead to incorrect conclusions and/or result in a negative impact on the equitable allocation of resources.
A recent report found unskilled hackers can breach about three out of four companies. And those who watched the Twitter hack unfold can anecdotally see that even large technology companies can be victims of cybercrime.
Developing a more secure health system isn’t just good for the short term; it will support the technology community for the next decade. To earn the title of responsible innovators, a concerted effort to address security must be made.
Contact Vidya at: [email protected]