Pivot to Telehealth Brings New Benefits and Risks

7 32
Avatar for M.Rosenquist
Written by
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
4 years ago

The Coronavirus pandemic is changing how people receive healthcare with a shift to more remote diagnosis options being rolled out as a first line of care.  The advantages are many, but as an unfortunate result, healthcare data breaches will begin to spike once again! 

Evolution of Healthcare Benefits

Telehealth options, where patients are engaged remotely, makes a lot of sense.  If someone is feeling ill, a remote session can be setup with a medical professional for initial evaluation and diagnosis, rather than have them show up to their doctor’s office.  This capability for remote preliminary assessments enables many wonderful benefits for both the patients and the healthcare system.

Remote examinations are much more convenient for all parties.  Nobody enjoys getting ready and going to a doctor’s office, especially when feeling under-the-weather.  It is inconvenient and time-consuming.  There always seems to be a wait and sick people are not known for their patience.  Physicians are under constant pressure to reduce the delays as much as possible. 

Scheduling sessions with an accurate start-time creates a more structurally efficient use of medical resources.  In fact, the online-doctor does not need to be the primary care physician or even geographically local to the patient.  An available clinician can be paired based upon the type of ailment.  For simple issues, initial triage may be good enough for a diagnosis.  Seasonal colds, allergies, and simple infections may only require a prescription for medication that can be picked up by the patient, thereby avoiding the need for an office visit entirely.

Being sick doesn’t always happen during office hours.  During busy periods, finding an available appointment to see a doctor may take days.  For those who have children, there is always a late-night weekend fever that is nerve-racking for parents because they cannot get in to be seen by their doctor.  In many cases, the only other option is expensive emergency care.  Whereas an online care system may be able to staff resources from around the globe, covering all hours of every day, to provide initial care. 

Centralized scheduling can match available doctors with patients to reduce wait time and give doctors in the office more time with patients that need hands-on examinations.  Meeting online with a medical professional first, acts as a filter to reduce the workload on care facilities, as not everyone needs to go to the doctor’s office.

Online services may prove to be safer for everyone as well.  As the recent Covid-19 pandemic has shown, people can spread contagious ailments in doctor’s offices.  Care providers and other patients are at risk.  Remote assessments eliminate the chances of further transmission across patients and staff.

Telehealth is much more convenient for all parties, represents an improved model of efficiency for medical resources, reduces the spread of contagious ailments, and allows for a decentralized approach to care that could allow for round-the-clock appointments!  This may be the next evolution of the modern healthcare system.

The Data Risks Emerge

Such outstanding benefits and convenience will fuel a rapid adoption and in doing so, create additional risks.  Patient-doctor conversations, normally made in a private room, will be done over the internet.   Personal concerns, health measurements, diagnosis, prescriptions, and other sensitive data will be collected remotely and therefore have a greater level of exposure.  Data will be gathered, stored, and transmitted across potentially insecure systems and networks.  Patients are currently using their personal computers and phones, which may not be very protected.

Security is often left on the wayside during rapid digital transformations.  The rush to deliver and scale telehealth tools and services will stress development and testing cycles.  Often in such situations, the priority is to achieve first-mover-advantage, get products to market as soon as possible, keep costs low, or optimize for performance.  The challenges of hardening products are complex and time-consuming.  Cybersecurity is often deprioritized, ignored, or relegated to something that will be addressed ‘sometime’ in the future.

Evolution of Networks, Devices, Applications

Health data has tremendous value and has been heavily targeted in the past.  The U.S. healthcare industry has seen tremendous impacts over the past few years with massive data breaches, culminating in 2015 when about 35% of the U.S. population had their health records exposed in a single year.  Many hard lessons have been learned and as a result, cybersecurity efforts to secure the legacy healthcare data infrastructures have improved over the past half-decade.  It has been a slow process.

Rapid innovation in remote services will spawn new devices, services, interfaces, applications, and processes.  Each of which represent potential vulnerabilities for the mishandling of data or a foothold for attackers to exploit.  Without well designed, tested, and maintained security, attackers will find it easy to compromise new tools and gain access to patient data and private conversations. 

Patient's identities, locations, vitals, medications, diagnosis, and medical histories might be exposed.  Sensor data will also be vulnerable.  At first, it may be basic and limited to heart rate, blood pressure, respiration, oxygen saturation, temperature, and glucose levels.

Eventually, more advanced home healthcare devices will be commonplace, that will allow more than just vitals to be taken and sent to doctors remotely.  As testing also becomes more decentralized, new solutions may be able to scan for illegal drug use, sexually transmitted diseases, contagious virus and bacterial infections, and even include scanning devices that could detect cysts, cancers, and other diseases. 

Privacy risks rise with the increased quantity and sensitivity of data.  More solutions create greater complexities and opportunities for attackers.  In essence, the Covid-19 pandemic is driving the industry to adapt in better ways for servicing patients while simultaneously accelerating down the path where privacy is in greater jeopardy. 

Proactively Managing the Risks

The security, safety, and privacy of patients must be a priority as healthcare expands to embrace remote solutions.  Thinking that cybersecurity can be bolted-on after deployment, is a common mistake that many times results in catastrophic consequences.  Necessary investment and commitment must be established early-on for the highest positive effect.  The healthcare and insurance industries must move strategically to establish strong and sustainable protections.

10 Healthcare cybersecurity best-practices:

  1. A cybersecurity expert should be on either the Board of Directors or Advisory Board, to advise and drive corporate responsibility from the top.

  2. Have the right cybersecurity leadership to establish, oversee, and manage the program.  They must represent and communicate the risks and solutions that support the overall business objectives.

  3. Invest in proper DevOps security capabilities and integrate them into the development process.

  4. Include vigorous security testing for products and services before release and bug-bounties after

  5. All products and services must be designed to be patched, in the event new vulnerabilities are found, and fail in a manner that is safest for patients.

  6. Clearly define privacy policies and institute compliance controls that will be tested and audited.

  7. Logically link the requirements for security, privacy, and safety to the quality assurance testing and validation processes.

  8. Design solutions to persistently protect patient data at rest, in-use, and in-transit with trusted industry solutions and configurations.

  9. Have crisis response plans defined and be capable of executing them efficiently and effectively with business partners.

  10. Work with the industry community of cybersecurity professionals.  No company knows everything.  Leverage the experts.

The healthcare industry is at an important moment of change.  Tremendous benefits are within reach for patients and care providers, but the cybersecurity risks cannot be overlooked.  There is an opportunity to deliver great improvements to healthcare while properly managing the accompanying risk.  It takes leadership, forethought, and the skills to execute a strategy that will protect and respect the very patients that healthcare has vowed to help.

3
$ 0.00
Sponsors of M.Rosenquist
empty
empty
empty
Avatar for M.Rosenquist
Written by
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
4 years ago

Comments

Great article! I really want telemedicine to get more popular. It's really convenient and it should be the norm. However the security issues are real. I mean it's pretty hard to find good cybersecurity experts and something as small as a doctor's office would be able to afford one for sure :) So I think we should (as a humanity) develop more secure tools that can be just used (ok, kind of like Zoom, but a secure one :) Zoom seems to rock in the UX, but not in security, which furthers the point that finding good cybersecurity experts is very hard)

$ 0.01
4 years ago

Cybersecurity is not easy. It does help when professionals come together to create strong standards that can be applied. Collaboration is key and security is a moving target. The attackers are always evolving and we must work hard to keep pace. With healthcare being so important and valuable it will continue to be targeted by cyber threats.

$ 0.01
User's avatar M.Rosenquist
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
4 years ago

Yeah, I think it is one of the most interesting areas for hackers. You could do so much harm when you know about secret health problems of people.

$ 0.00
4 years ago

Agreed. ...now think about the future, where medicine and treatment is based on that information. So many more risks, including fraud and even life-safety!

$ 0.00
User's avatar M.Rosenquist
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
4 years ago

Yes, both scary and tempting :)

$ 0.00
4 years ago

A good analysis (again)! Very important subject as well. Being both a physician and a privacy advocate, I am often amazed at the low privacy and security level in the medical establishment in general, and when it comes to digital applications in particular. For me as a doctor, the privacy of a patient is sacrosanct.

$ 0.01
4 years ago

Thanks @Mictorrani The healthcare industry has several more iterations before it truly reaches a robust level of cybersecurity. So far, healthcare has focused on privacy (and just barely), but there are even more concerning issues as medical devices and the dispensing of medicine is moving into the digital realm. That brings real life-safety issues.

$ 0.00
User's avatar M.Rosenquist
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
4 years ago