Remote Health Technology Requires Proactive Cybersecurity Strategies

Perspective on Remote Health Technology CybersecurityImage | Unsplash.com

Innovation in healthcare is a topic I’ve followed closely over many years, especially in recent times as Covid has propelled medtech to the forefront and changed our ways of working forever.

Where previously, our ideas of medical developments would have been drug related, such as medicinal treatment for once untreatable conditions, in the past few decades we have seen innovation in healthcare significantly change to incorporate technological devices, AI, VR and robotics.

We’ve also seen significant advances across general healthcare diagnoses such as virtual consultations, at-home diagnosis products (propelled by the public’s ease in adopting at-home testing for COVID) and remote products to offer more specialised, at-home care.

Our own remote monitoring surface system, the Dyna-Form SMARTresponse is a good example of such technology. Designed to provide digital smart care for pressure ulcer prevention, the system integrates remote digital technology with an existing proven hybrid support surface to continuously monitor patients and remotely intervene when increased risk is sensed even when clinicians cannot be physically present, via the product’s uniquely designed smartphone app.

Advancing the digitalisation agenda further, in February of this year, the Government’s Department of Health and Social Care outlined plans for further technological investment in the NHS, which included targets for 75 per cent of adults in England to use the NHS App by March 2024, expanding functions on estimated waiting times and offering personalised advice. The aim of this move is to help people manage their health better by having instant access to their data, including their GP health records, as well as making it easier to order repeat prescriptions, book appointments online and register preferences for services, such as organ donation. The publication of the full digital health plan is due later this year and will rely heavily on embedding technologies and processes which will help clear the COVID backlog.

But while these global moves to bring healthcare into the 21st century are much welcomed, and the thought of receiving blood test results on your smartphone through the app is exciting, these routes also open up the very real threat of these technologies being hacked and compromised.

Cybersecurity strategies for the health technology industry

In a recent US industry report by Ipsos (sponsored by CyberMDX and Philips), healthcare was found to be one of the most targeted industries in the cybersecurity space.

We need little explanation of how disastrous and far-reaching the effects of cyberattacks on critical infrastructure can be, and before we move to a system where patient records are fully available digitally to all via smartphone, we need to ensure we have the protections in place to protect from malicious intent, ranging from large scale national attacks, to smaller, individual data protection issues.

As quoted in MedCityNews, the Ipsos survey reported that US hospitals comprise 30 per cent of all large data breaches, and in the six months prior to the report, 48 per cent of the hospitals surveyed had a shutdown related to an external hack or query. Even more worryingly, the report indicated that despite these results, only 11 per cent of the hospitals listed cybersecurity as an area of high-priority requiring investment.

However, while this may ring alarm bells about the extent to which we should rely on tech, it’s easy to forget that automated, technologically advanced systems – like those that the DHSC want to introduce, are nearly always more secure than paper-led manual inventory methods.

In fact, over 60 per cent of the organisations surveyed relied on manual methods for inventory of their devices and assets, and 65 per cent of hospital IT teams reported using manual methods for inventory calculations (7 per cent of those in the report said they use a fully manual mode for inventory) – these methods and the sheer lack of technology being used to organise client data only increases vulnerabilities.

We’re all aware, more than most, of how healthcare budgets, especially those in the public sector, are squeezed beyond their means, but for digitalisation to work well, there needs to be a significant investment in cybersecurity strategies.

We can take comfort from the work already in place and under way to strengthen cyber security in the UK healthcare sector, especially since the WannaCry ransomware attack which severely affected the NHS in 2017.

In an evaluation by the National Audit Office’s (NAO), and according to NHS England, the ransomware event affected at least 80 out of the 236 NHS trusts across England (because they were either infected by the ransomware or turned off their devices or systems as a precaution), and a further 603 primary care and other NHS organisations were also infected, including 595 GP practices.

In light of that attack, the DHSC has worked hard to strengthen its protections, including broadcasting alerts about cyber threats, providing a hotline for dealing with incidents, sharing best practice and carrying out on-site assessments; embedding Data Security Standards and providing training to raise awareness of cyber threats. At DHG, we’ve followed these methods, and engaging external cybersecurity consultants during the design and development phase of our R&D is a critical to our strategies.

But while this attack flagged the need for increased home security and was a wake-up call to healthcare organisations around the world, many in the sector still lag behind in terms of preparation, and this will be of particular concern for many I’m sure.

I for one am excited to see the next phase of digitisation in our public health sector, but the fate of its success revolves around proactive investment in keeping the service safe and deploying effective cybersecurity strategies. While it is impossible to protect against all threats, we must ensure we are as ready as we can be, and industry leaders must treat the vulnerabilities in their own technologies as one of their highest priorities.

Article by Graham Ewart, CEO , DHG (Digital Healthcare Group)