*This article was originally writte by Morten Brogger, CEO at Wire, for Med-Tech Innovation * 2020 saw companies across sectors forcibly thrown into digital change management. This ‘forced digitisation’ resulting from lockdowns throughout the world has dominated headlines for months.
However, there’s another wave of digitisation afoot that hasn’t made as many headlines, though it is arguably more important - the digitisation of medicine.
Whether visiting a GP for a non-COVID-related health ailment, or seeing a psychiatrist or counsellor for mental health support, the pandemic has accelerated the use of telemedicine, and while it had gained some traction prior to the spread of the disease, the need for virtual visits soared during various national lockdowns. Frost and Sullivan predicts that the use of telemedicine will see a 64.3% increase this year.
Both the NHS and private companies ostensibly managed security around individuals’ health data with the utmost care. However, when the pandemic accelerated telemedicine to wider providers, many of them turned to reliance on consumer-engineered products video collaboration tools, which, from a security perspective, don’t have the required robustness for relaying sensitive personal health information.
The degree of cybercrime targeted at the healthcare sector is quite alarming. According to The ForgeRock Consumer Identity Breach Report 2020 issued earlier this year, the UK healthcare sector was found to be the most-at risk when it comes to cyber-attacks. Indeed, a report by Clearswift claimed that 67% of UK healthcare organisations experienced some kind of cyber security incident in 2019 alone. Unfortunately, the outlook is not encouraging. Next year, according to Cybersecurity Ventures, healthcare will suffer two to three times more cyberattacks than the average amount for other industries.
For an industry so clearly targeted by cybercriminals, ensuring that data transferred between parties in this field is of utmost importance.
Healthcare records are an attractive target for criminals because they provide comprehensive information on a person’s health background and identity, which can be sold on the dark web for substantially more than financial records. The problem in healthcare is firstly that IT systems are often outdated and have fewer cyber security protocols in place and also because that sensitive data is typically shared across a complex chain of multiple clinicians (in order for the patient to receive the best possible expert diagnosis and care). Every time confidential data is sent to a GP, a specialist consultant, laboratory or hospital, it is dependent on the security technology in place, with each of these points being potentially vulnerable to a malicious attack.
Privacy is another key issue. Patients will naturally be concerned about having their video consultations on file and potentially accessible to others. While healthcare providers may take every step to ensure that video files are securely protected in the recording process, they may then use third party cloud providers to store these files. Once these are then in the public cloud, this data is typically stored across a distributed infrastructure in diverse locations. So, how can telemedicine solutions providers truly be assured of the privacy of this stored data?
Innovators in the field of telemedicine need to fully consider these issues and ensure they create new products using a ‘zero trust’ model of security to ensure that the data on their solutions is safe and digital privacy is assured. Key considerations include:
The need for end-to-end encryption - this technology prevents data being intercepted or modified by anyone other than the sender and recipient(s). Mainstream video conferencing services do not all use encryption, yet when providing secure telemedicine services for people to use from their homes or workplaces, end-to-end encryption is absolutely fundamental to security.
Using open source technology - telemedicine tools that are transparent with how they handle sensitive data from the outset and clearly provide the inner workings of their solutions will give health providers more confidence. Platforms that are open source, can be self-hosted, and have clear privacy policies, will ultimately be more appealing to the end users who are responsible for the data being transferred on these tools.
Ensuring comprehensive solutions - hospitals and medical staff require the IT tools that will help them to offer the best possible level of care and service to their patients. As busy professionals, they do not need to know the intricacies of the technologies involved, they simply need reassurance that these tools are entirely secure and can be trusted. When designing systems that involve third party cloud providers, telehealth developers should provide complete transparency as to the data privacy risks involved in relying on these partners.
There is no doubt that when life does return to normal after the pandemic, virtual medical consultations will continue (alongside in-person visits), providing more convenient and more cost-effective healthcare to people wherever they live.
However, given the current global scale of cybercrime, if developers of new telemedicine solutions fail to consider and ensure watertight security and privacy, this could lead to damaging and costly data breaches and incidents, which would mar the reputation and trust in the practice of telemedicine altogether.