With great technology comes great risk; hospital administrators and staff have been coming to terms with this parallel for the last couple of years, as EHR, healthcare tech, and IT infrastructure improvements have flourished, while simultaneously cyberattacks and breaches have risen in the field.
The rate of breaches is so high that, according to Julie Spitzer writing for Becker’s Hospital Review, it’s nearly exceeding the rate of one breach per day.
“In fact, the Identity Theft Resource Center found the U.S. medical and healthcare sector experienced roughly 336 data breaches as of Nov. 29th, which represents 28% of the total 1,202 breaches,” writes Spitzer. “That equates to 4.93 million records exposed, or 2.9% of the total 172 billion records that have been exposed so far in 2017.”
It’s a predicament, to say the least, but it’s not all bad. While technological disruption may have gotten the healthcare industry into this mess, it could also be the very thing that delivers the industry from it. Here’s how the AI, IoT, and cybersecurity are transforming healthcare; for better and for worse.
The IoT and wireless world around you and me
As the world grows more connected, it seems that the connections around us actually grow harder to detect. Traditionally, wireless devices such as cell phones, tablets, and laptops have been joined in cyberspace by smart refrigerators, cars, and even medical devices like pacemakers.
This technology has provided tremendous benefit to both the industry at large as well as the patients said industry serves. These benefits, however, did not come without risk. For example, cloud industry professionals at XMedius write about healthcare IT and electronic health records (EHR) systems, and the need to implement HIPAA standards as a byproduct:
“When the HIPAA act was introduced in 1996, the landscape of EHR/EMR management shifted. Whereas EHR/EMR systems offered healthcare organizations a way to lower costs, increase efficiency, reduce error, and improve patient satisfaction, HIPAA forced EHR/EMR system vendors, as well as healthcare providers and their business associates to conform to mandated security regulations. These regulations required new levels of security to protect patient health information, and, as a result, EHR system security was upgraded to include the standardization of safeguards like role-based access control, automatic data backups, audit trails, automatic log-offs, and data encryption.”
The prevalence of connectivity in the modern age is truly staggering when you get down to the nitty-gritty. Duquesne University’s online nursing resources show that 83% of doctors had adopted by EHR systems by 2015, and that expected market worth of other connected technologies is truly staggering:
- Mobile Health (mHealth) tools that help healthcare practitioners easily send or receive documents and information is expected to reach a market worth of $20.7 billion by 2019.
- Portal technology that allows patients to access their medical records and communicate wirelessly with healthcare providers is expected to reach a market worth of $2.74 billion by 2020.
- Telehealth tech that uses electronic information along with telecommunications systems to allow remote healthcare options, health-conscious learning, and other nonclinical services is expected to reach a market worth of $34.27 billion by 2020—not to mention that patients in a telehealth-equipped ICU center had a 26% lower mortality rate and were released 20% earlier.
- Automated, self-service kiosks that help to automate tasks such as hospital registration, patient identification, completion of paperwork, and payment of copays are expected to reach a market worth of $17.2 billion by 2020.
Industry professionals at Four Winds Interactive point out that digital signage alone, which makes up part of the above-mentioned “automated, self-service kiosks”, can serve as information boards, emergency response tools, hospital directory and wayfinding, and digital menu boards as well.
Cybersecurity is a new necessity
Unfortunately, the risk that comes hand-in-hand with operating within this brave, new, connected world is high. This was made glaringly apparent to the world in May of 2017, when the WannaCry Ransomware virus infected over 220,000 computers, according to Kroll OnTrack, belonging to systems including “several British hospitals, Renault-a French car maker, and the German railroad operator, Deutsche Bahn.”
Even before that incident, in early 2016, Hollywood Presbyterian Medical Center made national news by paying out $17,000 to regain control of their systems after a ransomware attack. The problem with ransomware is its namesake; the malware deploys an encryption program that locks up all of the drives on a network. Without the password to decrypt all of that data, it will be lost forever. Rather than suffer this type of a loss, many will opt to pay the ransom, usually in bitcoin or some other type of cryptocurrency.
While businesses around the world are all equally at risk, the infection of hospital systems ups the ante because human lives are on the line. Keeping backups and having proper cybersecurity is now a necessity for health administrators that truly wish to, first, do no harm. If you infected by ransomware, follow these four tips:
- Remain calm. Rash decisions could cause further data loss. For example, if you discover a ransomware infection and suddenly cut power to a server, versus powering it down properly, you could lose data in addition to the infected data.
- Check your most-recent set of backups. If they are intact and up-to-date, the data recovery becomes easier to restore to a different system.
- Never pay the ransom because attackers may not unlock your data. There are many cases of ransomware victims paying the ransom demanded and not receiving their data in return.
- Contact a specialist for advice and to explore recovery options. If you don’t have in-house experts, third-party professionals are the way to go.
Artificial intelligence to the rescue
The problem with current cybersecurity measures is that the higher you build your metaphorical “walls”, all it takes is an attacker with a taller “ladder”, so to speak, to breach your defenses. The good news is that, even though there isn’t really any good way to prevent cyberattacks, there are now ways to detect them as they happen in real-time.
Darktrace has created cybersecurity software that uses machine learning to observe a set “baseline” on a network, and then alerts users when there’s any deviation from the “norm”. Founded by ex-British spies and Cambridge University mathematicians, Darktrace is one of the world’s first instances of an “Enterprise Immune System”, or EIS for short. It seems only appropriate that the future of cybersecurity in healthcare would be referred to as an “immune system”.
“The big challenge that the whole security industry and the chief security officers have right now is that they’re always chasing yesterday’s attack,”
says Darktrace CEO Nicole Eagan in an interview with Wired.
“That is kind of the mindset the whole industry has—that if you analyze yesterday’s attack on someone else, you can help predict and prevent tomorrow’s attack on you. It’s flawed because the attackers keep changing the attack vector. Yet, companies have spent so much money on tools predicated on that false premise. Our approach is fundamentally different: This is just learning in real time what’s going on and using AI to recommend actions to take, even if the attack’s never been seen before. That’s the big transition that Darktrace is trying to get folks…to make: to be in the position of planning forward strategically about cyber risk, not reacting to the past.”
Not only is AI helping to shore up our cybersecurity deficiencies, but there’s also the nursing shortages that artificial intelligence could help to ease strain from. According to the University of San Francisco’s School of Nursing and Health Professions, in nearly half the states across the U.S., at least 20% of the population is living in a primary care Health Professional Shortage Area (HPSA). With AI like IBM’s Watson on the rise, there’s a good chance that these shortages will cause less of a strain on the system.
These are just a few of the ways that AI, the IoT, and cybersecurity is currently transforming the healthcare landscape. Healthcare administrators have a world of opportunity at their fingertips, but they also have to be wary of the inherent risks of using such technology. Stay up to date on current technology, and always remember that they’ve affected our lives for better and worse.