Morten Brogger, CEO at Wire looks at the demand for telemedicine, but also the huge cyber threat this poses and highlights the critical importance of providing solutions to the market that quash this very threat.
2020 saw companies across sectors forcibly thrown into digital change management. This ‘forced digitisation’ resulting from lockdowns throughout the world has dominated headlines for months.
However, there’s another wave of digitisation afoot that hasn’t made as many headlines, though it is arguably more important - the digitisation of medicine.
The pandemic has not only left populations unable to commute to work, but for many, it has also left them without the ability to visit a doctor, nurse or other healthcare professional in person. Whether visiting a GP for a non-COVID-related health ailment, or seeing a psychiatrist or counsellor for mental health support, the pandemic has accelerated the use of telemedicine, and while it had gained some traction prior to the spread of the disease, the need for virtual visits soared during various national lockdowns. Frost and Sullivan predicts that the use of telemedicine will see a 64.3% increase this year.
Even before COVID arrived on the scene, the NHS had announced a telemedicine option as part of its digital health plan, and private healthcare companies like BetterHelp offered counselling services via video, meaning that anyone could access mental health support without the need to leave their home - something especially crucial for vulnerable or at-risk individuals.
Both the NHS and private companies ostensibly managed security around individuals’ health data with the utmost care. However, when the pandemic accelerated telemedicine to wider providers, many of them turned to reliance on consumer-engineered products video collaboration tools, which, from a security perspective, don’t have the required robustness for relaying sensitive personal health information.
Healthcare: a prime target for cybercriminals
The degree of cybercrime targeted at the healthcare sector is quite alarming. According to the
The ForgeRock Consumer Identity Breach Report 2020 issued earlier this year, the UK healthcare sector was found to be the most-at risk when it comes to cyber-attacks. Indeed, a report by Clearswift claimed that 67% of UK healthcare organisations experienced some kind of cyber security incident in 2019 alone. Unfortunately, the outlook is not encouraging. Next year, according to Cybersecurity Ventures, healthcare will suffer two to three times more cyberattacks than the average amount for other industries.
For an industry so clearly targeted by cybercriminals, ensuring that data transferred between parties in this field is of utmost importance.
Healthcare records are an attractive target for criminals because they provide comprehensive information on a person’s health background and identity, which can be sold on the dark web for substantially more than financial records. The problem in healthcare is firstly that IT systems are often outdated and have fewer cyber security protocols in place and also because that sensitive data is typically shared across a complex chain of multiple clinicians (in order for the patient to receive the best possible expert diagnosis and care). Every time confidential data is sent to a GP, a specialist consultant, laboratory or hospital, it is dependent on the security technology in place, with each of these points being potentially vulnerable to a malicious attack. Healthcare records are therefore not only more appealing because of their ‘dark web’ value, but because they are also more easily intercepted across the chain of medical partners and third parties.
Health records provided via telemedicine (including the recording and storage of private health consultations) are arguably even more confidential than data records since they document the physical and personal identity of the patient. It is therefore of paramount importance that telemedicine solutions use the technologies that will protect and assure not only their security, but also their privacy.
Indeed, privacy is another key issue. Patients will naturally be concerned about having their video consultations on file and potentially accessible to others. While healthcare providers may take every step to ensure that video files are securely protected in the recording process, they may then use third party cloud providers to store these files. Once these are then in the public cloud, this data is typically stored across a distributed infrastructure in diverse locations. So, how can telemedicine solutions providers truly be assured of the privacy of this stored data?
Telemedicine solutions for the future
Innovators in the field of telemedicine need to fully consider these issues and ensure they create new products using a ‘zero trust’ model of security to ensure that the data on their solutions is safe and digital privacy is assured. Key considerations include:
- The need for end-to-end encryption - this technology prevents data being intercepted or modified by anyone other than the sender and recipient(s). The messages are encrypted by the sender, which means third parties have no means of decrypting them and or storing them in their encrypted form - i.e. there is ‘no man in the middle’ vulnerability. Mainstream video conferencing services do not all use encryption, yet when providing secure telemedicine services for people to use from their homes or workplaces, end-to-end encryption is absolutely fundamental to security.
- Using open source technology - telemedicine tools that are transparent with how they handle sensitive data from the outset and clearly provide the inner workings of their solutions will give health providers more confidence. Platforms that are open source, can be self-hosted, and have clear privacy policies, will ultimately be more appealing to the end users who are responsible for the data being transferred on these tools.
- Ensuring comprehensive solutions - hospitals and medical staff require the IT tools that will help them to offer the best possible level of care and service to their patients. As busy professionals, they do not need to know the intricacies of the technologies involved, they simply need reassurance that these tools are entirely secure and can be trusted. Developers therefore need to consider every aspect of security when bringing new solutions to market – this includes the storage and sharing of medical (video) files. When designing systems that involve third party cloud providers, telehealth developers should provide complete transparency as to the data privacy risks involved in relying on these partners.
There is no doubt that when life does return to normal after the pandemic, virtual medical consultations will continue (alongside in-person visits), providing more convenient and more cost-effective healthcare to people wherever they live.
While they were forced into telehealth services by the pandemic, both patients and healthcare staff have now experienced the benefits to be had from this practice and will therefore be more receptive to innovative solutions in this field in the future.
However, given the current global scale of cybercrime, if developers of new telemedicine solutions fail to consider and ensure watertight security and privacy, this could lead to damaging and costly data breaches and incidents, which would mar the reputation and trust in the practice of telemedicine altogether.