Digitalization has breathed new life into qualitative healthcare service delivery, yet the reverse side exists. Explore both the opportunities and challenges with Planet 9.
Digital transformation is a building block for improving healthcare efficiency in the age of new healthcare issues. Digitalization advocates a patient-centered approach, optimizes healthcare-related policies and processes, streamlines operations, and contributes to building trust among all healthcare stakeholders. Although digital transformation in healthcare is much slower compared to other industries, it already shows positive results. Hence, medical workers now successfully utilize electronic health records (EHR), special software, and even artificial intelligence when making critical medical decisions. At the same time, patients can resolve simple medical issues just in several clicks on their cell phones. However, alongside multiple advantages and opportunities, digitalization has also brought new cybersecurity issues. For instance, surgeries and other medical procedures have never been so dependent on technologies before, and even the slightest disruption can result in a system collapse. The COVID-19 outbreak has made healthcare even more susceptible to different cyber threats since healthcare entities increasingly become targets of more sophisticated cyberattacks.
The US healthcare system is now on the midway of digital transformation, which implies developing and widespread use of mobile health apps, EHR, wearable devices, telemedicine, and personalized medicine. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 accelerated the U.S. healthcare revolution by motivating healthcare entities to use EHR and other technological advancements across the United States. HITECH started with electronic records and aimed to push healthcare providers to use digital data more sophisticatedly. For instance, healthcare providers and their patients now can exchange electronic medical records and extend them with software to help make better clinical decisions. HITECH innovations allowed the employment of electronic records in a more robust and valuable manner while encouraging developers to use open, industry-led data standards.
Many IT and health experts advocate accelerating digital transformation within the healthcare environment, claiming that technologies economize money and make healthcare transactions more efficient. Technologies facilitate access to healthcare, expand the network of available healthcare providers, and allow patients to take advantage of specialists in other states. At the same time, advanced technological solutions help healthcare professionals to make clinical decisions and care for patients.
Sure enough, patients now resolve simple healthcare issues such as appointments, prescription renewals, referrals, or brief consultations by using e-mail or web messaging instead of telephone calls or in-office visits for simple matters. Both patients and doctors take advantage of the availability of electronic prescriptions. Finally, doctors now use the full spectrum of supporting resources such as digital diagnostic systems, decision-support software, telemedicine, and computer-aided self-help tools. In this way, technologies increase resources for self-care, enhance emotional support through electronic support groups, and improve knowledge regarding particular medical problems.
Although technology is referred to generally as a positive phenomenon, many challenges with its application in healthcare exist. The severity of challenges ranges from “dehumanizing” of the healthcare branch to more severe digital security issues that endanger human privacy, well-being, and even life. Now, the focus of this article is shifting to another side of digitalization – the increasing number of cybersecurity challenges.
Unfortunately, malicious actors often leverage technological advancements in healthcare to attack the infrastructure. The cyberattacks discussed below occurred in different hospitals and geographical locations, but all caused disruptions in healthcare environments and threatened human lives. They compromised digital infrastructures on which the hospitals relied, forced the postponement and even cancellation of hundreds of surgeries, and limited the hospitals’ capacity to treat their patients. To better understand the severity of cyberattacks in the healthcare industry, let’s explore several cases together.
In March 2020, at the height of the coronavirus pandemic, Brno Hospital, one of the main COVID-19 testing centers in the Czech Republic, was attacked by ransomware. The infection was gradually replicating, so the hospital systems started to fail, and the administration decided to shut down all the machines. The ransomware attack hindered the hospital’s operations as there were no database systems for storing data; hence, staff had to make their notes manually. Such disruption slowed the hospital’s working routine and endangered lives since the hospital was forced to cancel appointments, postpone surgeries, and even relocate patients to other hospitals.
In September 2020, powerful ransomware attacked a Hospital in Dusseldorf, disabling computer systems and breaching essential medical data. The attack compromised the hospital’s digital infrastructure used to coordinate doctors, beds, and treatment. Due to such a disruption, clinicians could not access patient’s medical records and were forced to postpone hundreds of operations and other essential procedures. The attack has also halved the hospital’s capacity to treat patients, so stopping new admissions was necessary to protect those already admitted. In these unstable conditions, emergency patients were relocated elsewhere. A woman who needed urgent treatment died while doctors attempted to transfer her to another hospital. Although hackers are not officially blamed for the woman’s death, from the medical point of view, the attack might have a decisive role in the accident due to “the inability to receive necessary emergency medical care.” Thus, the woman’s death might be rightfully considered the first known case of a life being lost due to a hacking attack.
On October 29, 2020, medical workers at the University of Vermont Medical Cancer Center were in the middle of preparing their patients for chemotherapy infusions when hackers infected the hospitals’ operating systems with ransomware. Initially, the attack disrupted all operations and blocked access to medical records. The medical staff were forced to fall back on written notes to access vital information and reconstruct chemotherapy protocols from memory. This process was extremely time- and resource-intense. In addition, restoring data from memory was not safe because the clinicians could make mistakes and mix up critical data. In the next few days, medical staff attempted to prioritize patients, postpone the chemotherapy infusions, and were forced to send away hundreds of cancer patients. The incident had a devastating effect on cancer patients because they were unaware of when and how they would get treated. The hospital’s electronic medical record system was restored nearly a month after the cyberattack.
The above and many other cybersecurity events show that alongside multiple opportunities for healthcare improvement, technologies may cause harm to healthcare systems and endanger patients’ lives. In joint with medical experts, computer scientists defined the main digital challenges that make the healthcare environment susceptible to a wide range of cybersecurity threats. Let’s explore these challenges with Planet 9!
Digital transformation enabled clinicians to access medical data from everywhere. At the same time, the COVID-19 outbreak has made remote working an integral element of health care service delivery. Nowadays, clinicians broadly rely on enterprise remote desktop protocols and virtual private networks (VPN) to access their internal networks. Unfortunately, many remote desktop protocols lack firewall, allowlist, multi-factor authentication, and other protective mechanisms, making the organization’s systems susceptible to cyberattacks and data breaches. The recent examples of ransomware attacks proved that health care systems have become highly vulnerable due to the inappropriate protection of their remote work environment.
Various patient-monitoring equipment that hospitals use to support their operations is often unpatched while connected to the internet or other legacy-dispersed networks. Furthermore, the COVID-19 pandemic prompted hospitals to use internet of things (IoT) devices intensively, which resulted in an increasing number of personal devices used to perform work from home. Hospitals often integrate new endpoint devices with outdated or unsupported operating systems, thereby increasing cybersecurity vulnerability. On the one hand, tight integration across the hospitals’ IT environment makes the organization more agile. Still, on the other hand, it makes healthcare IT systems more susceptible to cybersecurity risks.
A large part of information security incidents in healthcare is related to human error. Focusing on saving lives while adjusting to new environments and technologies, clinicians are more likely to make errors. In addition to this, a stressful working environment makes medical workers vulnerable to falling into malicious trickery. Unfortunately, the healthcare sector lacks resources and root cause analysis to prevent human errors related to security incidents. Although some efforts have been made to minimize the frequency of human errors, such approaches have not been widely adopted.
Low security awareness is not the last place among healthcare cybersecurity challenges. During the COVID-19 pandemic, cybercriminals constantly exploit people’s unawareness, anxiety, and workloads to compromise the networks and take financial advantage of cybersecurity incidents. Unfortunately, medical staff are unaware of the consequences of certain behaviors, while hospitals and other healthcare entities lack policies to manage clinicians’ behavior. Undoubtedly, the healthcare sector must possess increased cybersecurity awareness because it is necessary not only to secure themselves but to protect their patients from being victims of cybercrime.
The healthcare sector lacks sophisticated data protection mechanisms in comparison to other industries. The critical security risks challenging healthcare continuity are vendor dependence, inappropriate encryption configurations, and difficulties with ePHI transactions. To minimize the risk of cybersecurity threats, healthcare organizations should develop their resilience and capacity to recover from incidents and learn from mistakes in order to maintain business continuity. For this purpose, business continuity plans must be developed in every healthcare organization.
A common challenge within the healthcare setting is a substantial time lag between the occurrence and detection of an attack. This lag aids perpetrators by providing them with extra time to conduct lateral movement. Many healthcare organizations do not have secure backup mechanisms in place, making them even more vulnerable in case of any cyber incident. To address this challenge, healthcare cybersecurity should be a team effort, with all staff members being held accountable for cybersecurity.
To conclude, the digital transformation in healthcare is a fundamental building block for improving healthcare efficiency in the age of new healthcare issues, such as COVID-19. Moving digital, the healthcare industry supports modernization and a patient-centered approach at all levels of healthcare service delivery. Among the main advancements that digital transformation brought to healthcare are electronic health records (EHR), artificial intelligence, digital diagnostic systems, decision-support software, telemedicine, and computer-aided self-help tools. All these advancements provide clinicians with comprehensive decision-making strategies while making healthcare more accessible to patients. However, digital transformation in healthcare also has its challenges, felt incredibly sharp at the height of COVID-19. Thus, being equipped with advanced technological solutions, the modern healthcare system still lacks digital awareness and is highly dependent on the human factor.
Planet 9 strongly encourages all healthcare entities to accumulate new digital knowledge, spread cybersecurity awareness, and look for best practices and regulations to secure the healthcare systems from new and existing digital threats. If you have any questions regarding how to secure your healthcare system, consult our team. We’ll be happy to assist.