Data-Driven Health Care: Reaping Benefits Without Risking a Breach

As we approach the next decade of the 21st century, the fusion of the healthcare and technology markets shows no signs of slowing down. New devices, smartphone applications and software solutions already seem ubiquitous—what healthcare provider wouldn’t want to improve patient care, deliver better healthcare outcomes and offer tools to improve efficiency for their doctors and nurses?

However, the nature of data management in health care presents a unique set of challenges and a responsibility to protect patients. In addition, healthcare data holds great value, making it a highly desirable target for attackers. Threats include targeted grabs of patient data to crippling whole hospital infrastructures, all of which have detrimental impact.

Most new devices and software solutions are being produced by a range of vendors and suppliers. And the users are many—from the nurse checking bloods, the patient monitoring glucose levels at home to the doctor analyzing radiology scans. These come together to create a highly complex digital infrastructure, with the integration of new technology breakthroughs set to increase data volumes in healthcare by 48% annually.

As healthcare is now more vulnerable to cybersecurity attacks from connected devices than ever, is it possible to bring the benefits of technology to patients whilst effectively managing security? New cybersecurity theory could provide an answer, but it’s first necessary to understand the technologies in use, what kind of data is being produced and how this data is stored and processed.

Shifting to Digital Devices to Improve Care

The innovations driving these new technologies generally focus on improving clinical outcomes and reducing costs by making patient interaction, monitoring and remote treatment easier. It’s no surprise that many public health systems have been quick to integrate these new technologies into diagnostics, treatment and aftercare.

Improvements in voice recognition and chatbot technology have been helping to reshape first-line diagnostics and care. Patients can now access medical advice, access reports and manage prescriptions without the hassle of going to the doctor. And progress with healthcare providers moving quickly: Amazon’s Alexa is now HIPAA-compliant in the U.S. and the UK’s NHS have announced plans to expand their use of Babylon Health, a smartphone app that offers online consultations.

At-home care is an increasingly popular way to better manage chronic conditions such as diabetes and heart disease. The ECG heart monitor available on the Apple Watch is FDA approved to automatically monitor and send data to healthcare providers. Other applications require patients to input their vital stats through a smartphone app, so doctors can monitor conditions without the need for costly appointments.

Finally, we are seeing a range of low-cost and mobile solutions to improve access to technologies and expertise for physicians. Butterfly IQ have developed a portable ultrasound to deliver quick and high-res scans on the go and Proximie uses AR technology to allow clinical specialists to remotely join operating theatres anywhere in the world.

The Complexities of Healthcare Data

The clinical benefits these technologies present are impressive, but each time a new product is integrated into a health system, a new data security challenge emerges. Each product will generate and process data in some way, all of which have the potential to create significant vulnerabilities in a cybersecurity infrastructure.

To function as a healthcare tool, these new devices and applications must process some form of biometric data by design. If this is not done securely, the patient’s personal information and the clinic data being recorded risk being exposed. Additionally, these devices need to interact with the healthcare system to transmit information back and forth, creating many potential backdoor entry points that need to be managed.

The majority of all medical imaging scans are now processed digitally post-acquisition to enable more efficient storage and transfer of the records. It also allows applying computational modelling and image analysis techniques to improve diagnosis. With its ability to provide non-invasive diagnosis for a range of diseases, the demand for medical imaging is only increasing. Once digitized this valuable resource is at risk of being hacked, or even directly manipulated if a cyber breach occurs.

Paving the way for innovative new treatments and breakthroughs, research studies and clinical trials are an important element to add to the cybersecurity defence strategy. Any study that directly involves patients is subject to stringent protection methods, with data usually being anonymized both to protect patients and remove bias in studies. But, it’s possible to re-identify patients from research data, creating another opportunity for a major exposure in healthcare if access falls into the wrong hands.

Healthcare Data Banks and the Growth of the Cloud

As the demand for technology grows, better and more efficient ways of processing and storing the vast volumes of data are required. These need to be fast, secure and compliant with healthcare and data regulations. As a response, the use of cloud storage in health care is becoming more common, offering a way to save both money and physical space.

Whilst attractive, every interaction between onsite and cloud-based infrastructure requires monitoring and management to ensure data is protected and vulnerabilities are not created for either network. The surge in connected devices only adds to the complexity of the situation. Cybersecurity and IT teams are no longer limited to looking after staff and onsite practices, but must also consider all the patient users. The digital practices of patients can’t be controlled in the same way as staff interactions, meaning public network access, infected devices and other notorious bad practices can begin to creep in.

The methods used to store data will depend on the size of the hospital and practices of healthcare providers from country to country, but with the cloud-computing sector in healthcare set to grow by 20% between 2019 – 2025, an integration onsite and cloud-based solutions form the most likely future scenario.

Building a Secure Infrastructure for Modern Health Care

Despite the many benefits these new technologies bring, healthcare providers must be aware of how, why and where data relating to their patients is being collected. As soon as a third-party technology is part of clinical practice—the duty of care lies with the healthcare system to ensure their patients are being properly protected and practices adhere to clinical and data regulations.

But, with a complex web of onsite storage, cloud computing and multiple user groups, the number of interactions skyrockets. Collaborations with third-party vendors means there are some elements outside of direct control while still falling into the healthcare providers’ remit of responsibility. The amount of manpower required to tackle data management and security at this scale and level of complexity quickly outweighs any cost-saving benefits these technologies promise to deliver.

Automation technologies are highly useful in this scenario. They can be applied to manage tasks that don’t require manual intervention, such as software updates, in addition to running screening and detection. This allows teams to manage health care without generating a steep increase in staffing costs. For automation to be effective, healthcare providers need to coordinate all activity linked to their technology infrastructure, best achieved through a software management platform.

In the field of cybersecurity, security orchestration, automation and response (SOAR) platforms have been growing increasingly popular for their ability to secure complex technology infrastructures presented in many sectors. By implementing such security platforms, health care can utilize connected devices to their full potential, while guaranteeing the safety of its digital infrastructure and network.

Faiz Shuja

Avatar photo

Faiz Shuja

Over sixteen years of experience in designing, implementing, and managing secure technology infrastructures. Currently Co-founder for SIRP. SIRP is a Security Orchestration, Automation and Response (SOAR) platform that helps organizations effectively manage their security operations with Incident Management, Threat Intelligence, Vulnerability Management and Risk Management modules.

faiz-shuja has 2 posts and counting.See all posts by faiz-shuja