Will cybersecurity issues delay our progress toward digital health?

Will cybersecurity issues delay our progress toward digital health?

Will cybersecurity issues delay our progress toward digital health?

  • Posted by Jim Jordan
  • On September 6, 2022

What is digital health?

Digital health harvests data from inside and outside the health system to distill health status and promote wellness. Having the broadest view of a patient’s status, illnesses, and other health risks enable intervention before diseases advance and increases healthcare costs.

Embedded in the vision of digital health is the goal of optimizing the provider’s view of a patient within their system. A real-time healthcare system (RTHS) is a next-generation healthcare delivery system designed to optimize the hospital’s most critical clinical, business, and administrative workflows by ensuring accessible and uninterrupted access to relevant patient data. RTHS translates to a complete data profile on the population served by the health system (data) and adapts its workflows (methods) to match the community’s changing needs.

A patient-centric environment would be maximized by adding societal information and activities outside the health system to an RTHS. This decentralized digital information requires edge computing techniques. It includes collecting data from the internet-of-things (IoT) gadgets with built-in sensors whose primary function is to gather data from our immediate surroundings; that information then undergoes digitization. Think about the valuable information on your Apple Watch or other wearable devices that is not accessible by most physicians.

At the center of this digital health vision is the need to open architecture to innovations, and exchanging this information into the health system is best served in a cloud environment. Sadly, health systems have been cautious in driving aggressively toward this vision.

The first impediment: The cloud’s initial impediment was the sunk cost of IT infrastructure

Historically, the financial benefits of technology change had to be weighed against the write-offs associated with sun-setting costly IT infrastructure – resulting in longer adoption cycles. Cloud computing has accelerated the pace of change by removing these barriers helping companies become more agile and scale innovation at a previously inconceivable rate.

The second impediment: Cybersecurity issues are slowing the expansion of cloud computing

A stolen health identity is far more valuable than a stolen credit card.

I was conducting a panel on cybersecurity a few years back. One of our panel members was Joe Marks, who at the time was the Executive Director for Machine Learning and Health at Carnegie Mellon University. Joe shared that the healthcare industry is one of today’s most lucrative targets in cybercrime. One health record with personally identifying information can be used for years versus the short life of a stolen credit card. It is easy to see why they’re so sought after!

Cybercriminals are willing and eager to invest resources to gain access to healthcare information, as this information is roughly 46% more valuable to cybercriminals than credit card information. In an article by Tori Taylor titled Hackers, Breaches, and the Value of Healthcare Data, she notes a 2019 Trustwave report valuing a health record at $250 versus a credit card record at $5.40.

There is evidence hinting at this difference in identity value. According to the Federal Trade Commission, there were 1.4 million reports of identity theft in 2020. Yet, according to a report in HIPAA Journal, the number of data breaches reported to HHS showed that at least 42 million records were exposed between March 2021 and February 2022.

Although it might not be entirely accurate to assume that there were no duplicates in these breached records, assuming that they were all unique is illustrative of the scale of the problem. The U.S. population was roughly 337 million in 2021; 42 million records would be approximately 12% of the population.

In a society where many people cannot afford healthcare, healthcare identity theft enables access to healthcare services.

Years ago, my father experienced this firsthand. His physician obtained pre-authorization for a cataract procedure, and he was shocked to be denied. The insurance company records stated he had already received this exact procedure in the exact eye in Wisconsin. My father had never been to Wisconsin. The police records showed that the hospital admissions department not only had a valid ID supporting this individual, but the hospital also had a digital picture of the individual at admission. According to the police, a type of health tourism occurs with these records, and it is difficult ever to find these people. Now before we say this was years ago, it would never happen today; these criminals evolve their tactics just as quickly as we create countermeasures.

Both large and small health systems concur that Health IT security issues are a significant barrier to cloud adoption.

In an article by Health IT Security titled Small Healthcare Orgs Point to Cybersecurity As Barrier to Cloud Adoption, about 63 percent of small and midsize healthcare organizations and 50 percent of larger providers named cybersecurity a top barrier to cloud adoption.

If law enforcement agencies are continually challenged regarding finding, arresting, charging, and prosecuting cybercrimes, why would we think health systems are skilled in this area?

The standard issue here is that cybersecurity is in a continuous battle of anticipating and reacting to cybercriminals’ changing technology and tactics.

How is your organization facing this challenge?

While it’s clear that digital health offers tremendous potential for improving healthcare, cybersecurity issues could delay our progress. The good news is that organizations can take steps to improve their cybersecurity and accelerate cloud adoption. What are some things your organization is doing to improve cybersecurity?