Healthcare is inherently a service of data and networking. Patients convey information to doctors, general practitioners consult with specialists, healthcare teams develop and execute treatment plans, pharmacists review and fill prescriptions, and patients research and communicate with peers. Improving the efficiency of this network with connected technologies can improve healthcare outcomes and quality of life, while reducing costs. It can also expose intensely personal data and devices to privacy breaches and disruption.
Networked devices and healthcare are already improving quality of life for millions. Wearable fitness technology prompts us to do more exercise and monitor what we are eating. Implanted devices dispense insulin, prevent hear fibrillations, and manage pain. Online monitoring improves patient compliance with medication and reduces hospital visits. Almost 50% of healthcare providers have integrated consumer or operational technologies into their IT systems, and continued deployments could result in $63 billion in global healthcare savings over the next 15 years.
However, widespread technology adoption is making the sector a bigger target to those looking to exploit it. Already, data security attacks are increasingly targeting healthcare payers and providers, with a 60% increase from 2013 to 2014. A report that we recently sponsored, The Healthcare Internet of Things: Rewards and Risks, explores the security challenges and societal opportunities for networked medical devices. These devices may be wearable, temporarily ingested, or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for the industry, regulators, and the medical profession to maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.
Serious Risks Require Serious Attention
The big risks to networked healthcare are personal data theft, device tampering, widespread disruption, and accidental failure. Security cannot be a bolt-on for networked healthcare and devices. It needs to be built into the ecosystem, from device to network and from communications to data center. A health network that is connected to the Internet for email, to a supplier via private network, or to patient devices exposes the whole ecosystem to network-based risks. Relying solely on traditional firewall techniques of blocking traffic or shutting down ports is insufficient and may even be counter-productive if they restrict access to information, isolate critical devices, or interrupt service delivery.
Securing healthcare networks requires management tools with the capability to inspect traffic, apply security policies, and monitor activity. Data must be appropriately protected, whether it is operational, financial, or personal. Devices and personnel need to communicate securely with each other, and encryption helps protect data in transit and at rest. User authentication and identity verification tools are needed so that both devices and people can identify the appropriate trust level of the relationship. Updates and deployments cannot disrupt essential networks and the life-critical devices they support, with a minimal impact on staffing, support levels, and costs.
One high-profile security breach could discourage the adoption of networked healthcare and its associated benefits for a decade or more. With the value of stolen healthcare data on the black market rocketing, we’re calling for technology developers and policy makers to work closer with the security sector to ensure that innovation leads to real enablement, not to opening another door to cybercrime.