The Harvard Business Review (HBR) and medical device manufacturer Medtronic recently completed a virtual forum series on Healthcare and the Pandemic.  This three-part series looked at a variety of topics; one of the more applicable topics to our customers was the current and future state of technology like telehealth.   

There’s been an almost exponential explosion of telemedicine by healthcare systems from pre-COVID levels.  This change happened almost overnight as COVID-19 spread.  As a result of quarantines and states closing, health systems stopped seeing many patients in person. In the HBR Forum sessions, health system participants shared statistics of the rapid growth in telehealth visits*. 

 

Approximate Number of Telemedicine Visits 

Health System 

Pre-COVID 

Post-COVID 

Mayo Clinic  

40/day  

3,000/day  

Johns Hopkins Health System  

100/day  

8,000/day  

Northwell Health  

A few hundred/day  

6,000/day  

Lehigh Valley Health Network  

~1,000 total  

~200,000  

Spectrum Health  

40,000 in 2019  

110,000 (First 6 mo of 2020)  

*Health Care and the Pandemic Virtual Forum Series, Harvard Business Review and Medtronic November 2020 

In addition to telemedicine increases over typical consumer-based devices like tablets and phones, there was a concomitant increase in the use of technology for remote patient monitoring. These technologies using sensors and Internet of Medical Things (IoMT) make it possible for healthcare personnel to remotely measure patients’ vital signs like heart rate, respiratory rate, oxygen saturation, blood pressure, and much more.   

These sensors and their ability to connect to Healthcare IT systems have increased the number of cyber risks within the healthcare sector, such as telehealth device flaws, insider threats, and the rise of targeted cyberattacks.   

These concerns were a subject of a recent American Medical Association report that brings scrutiny on digital health technologies like telemedicine.  Cyber-attacks that disrupt patient care and pose a risk to patient safety, such as ransomware attacks, are of the greatest concern. Successful ransomware attacks can cripple a healthcare provider by preventing access to medical records and disabling mission critical systems which may result in delaying patient care.  We have seen the impact of ransomware attacks on a hospital system in Düsseldorf, Germany that resulted in a rerouting of an ambulance that contributed to a patient’s death.   

Device Authority provides our customers the capability to secure IoMT devices and the data from those devices.  Three of the most common concerns we hear from our customers are:  

  • We want to be able to provision and secure devices automatically and at scale,   

  • We can’t afford to send field engineers into our healthcare customers facilities to update and rotate certificates manually, 

  • With telehealth increasing almost exponentially, how can we secure thousands of telehealth sensors from a central location? 

Conclusions from the reports above suggest it is important for health systems to lock in efficiencies like device security and data encryption at scale and provide security lifecycle management. Technology will continue to play a critical role in the ongoing transformation of healthcare including sensors, monitoring technologies, and more. These technologies produce an ever-increasing attack surface for healthcare data collection and indeed massive amounts of data that require encryption prior to analysis. The HBR report states that; “Automation technologies [like securing devices according to policies] will improve operational efficiency by streamlining labor-intensive back-office tasks”. 

Additionally, the data and communication must be protected from tampering – which could have serious (even fatal) repercussions. Communication must be secured from all potential errors and protect patient health information (PHI). This is an especially important point given that data hijackings are growing and becoming more expensive.   

To get a copy of the HBR/Medtronic report, please click here.

Paul de Curnou