October is Cybersecurity Awareness Month, follow the conversation and do your part #BeCyberSmart.
Follow us this month as we engage our health IT community in cybersecurity awareness as we are all trying to meet the new challenges of working from home and through the pandemic.
This is week 4 and the theme is The Future of Connected Devices.
We ask our experts: What do you see in the future for healthcare and connected devices?
It’s estimated that 60 billion connected devices will be in the hands of consumers and businesses by 2025, ensuring greater connectivity among the public, and creating more opportunities for essential industries like healthcare to have a more substantial presence in people’s lives. The benefits of connected technologies are immense, but their ubiquity will also open the door for cybercrime to spread and for bad actors to take advantage of the average user for malicious intent. This is why Cybersecurity Awareness Month’s mission to raise awareness and educate people about how to best protect themselves in an increasingly connected world is so important – not just in October, but every month. Creating more visibility around the threats we face online each day can help people take ownership of their personal security and collectively work together to create a safe cyber space for everyone to participate in.
IoT devices are continuing to evolve. Although many devices can provide recreational-level readings for their users, these would not normally be considered reliable at-home medical devices. Also, most IoT device data remains outside of EMRs. Today we buy cars based on an insurance safety rating. Tomorrow, we need to be able to purchase an IoT medical tracking device based on a similar public-friendly rating system. Common interfaces will need to be part of that rating system. With a combination of public-friendly ratings, the ability for patient health solutions to be built on common interfaces, patient collected healthcare data can become part of a patient’s health journey. This will obviously create a large amount of data. New uses of this type of data will open new opportunities for better healthcare. Some of these could include better symptom identification with AI/machine learning systems, technical advancements in remote monitoring device design and decision making assistance for busy care providers.
Technologies that can extend the utilization of medical device data will be key to advancing patient management. As more devices are connected, more data can be liberated and made available to frontline caregivers. Seeing data in its basic form is only marginally useful, mainly driving workflow efficiencies but stopping short of revealing meaningful insight. The greater value of medical device data can be fulfilled by sharing it with hospital systems and applications. Our responsibility, as a provider of both device integration technologies and medical data solutions, is to ensure that the hospital network remains secure while the number of connected devices and systems grows. Given that many devices in use today were not originally designed with connectivity in mind, data security was not a top priority, which is why integration solutions need to provide a layer of security between connected devices and the network. Ensured security will accelerate the next phase of connectivity, which we anticipate will be device and system interoperability.
Even prior to the COVID19 pandemic pushing care into the community and home was already happening, but with this additional acceleration we will see an even faster expansion of Internet of Medical Things (IoMT) and connected devices further expanding the security threats. Home based connection and management are frequently under protected and less well managed without professional resources making the demand for security to be built in and the default position even more pressing and essential to protect the individuals, the network, the connections and data.
Healthcare providers need to partner with telemedicine infrastructure providers to build in security and risk assessment as they develop, manufacture and ship equipment, applications and updates. With a pro-active approach to security, we can better harden systems against threats and slow-down or prevent attackers from successfully executing attack campaigns like ransomware.
I can’t predict the future beyond saying it won’t be what we have today, and we will not go back to what we had before. But because of what we’ve been through (COVID-19), I am hopeful that the “next normal” should be what we should have always been doing in security: Providing the appropriate controls and training to support the business and its changing operating model. That will be regardless of technology, regardless of point of care, regardless of the care delivery model. We must consider the patient first going forward, as well as the care givers and we must have privacy and security built-in, up front. Trying to add those after the fact in the hyper-connected, hyper-speed world coming at us, will fail all of us.
Overall, digitization is changing healthcare’s risk surface. New and evolving threat vectors and attack techniques are making patient data more vulnerable to breaches. The explosion of medical IoT devices is rapidly expanding that risk and encryption is key in securing device security. New risks and vulnerabilities will inevitably rise over a device’s lifecycle, which is why manufacturers must ensure the integrity of its security through cryptographic algorithms that can allow secure device updates without putting patients at risk. Essentially, it’s the idea of creating an encrypted tunnel that allows healthcare practitioners access while keeping hackers out.
The industry is learning, though, that “tried and true” is the best approach to securing life-critical medical data. This isn’t an area to test new technology. In twenty years, technology like blockchain may very well have withstood the test of time to become what cryptography tools like PKI (public key infrastructure) are today: a rock-solid, time-tested technology to reduce device, hospital and patient risk.