Digital transformation is a top priority across every sector of the dramatically changing healthcare industry. Rapidly emerging digital technologies are being used by healthcare organizations and healthcare-related businesses to improve patient care, compete more effectively, comply with regulations, protect sensitive electronic patient data and manage costs. As a result, healthcare providers, insurance companies, pharmaceutical companies, medical device manufacturers, ambulatory services, biotech companies, health informatics companies and their business partners (third parties) are all examining how best to apply these technologies in their own operations.
Digital transformation creates risk, as shown recently by a hospital system turning away all but the most critical patients from its three hospitals in response to its computer network being rendered unusable by a ransomware attack. The results included in the 2019 RSA® Digital Risk Report, highlight three key risks, all of which are critical in healthcare: the risk of a cyber attack, risks associated with a dynamic workforce and data privacy risk.
Cyber Attack Risk
According to the RSA Digital Risk Report, addressing cyber attack risks was one of the top priorities for healthcare organizations. This is not surprising considering healthcare is one of the top two industries most targeted by data breaches and cyber attacks. Cyber attack risk is a growing concern for many reasons including the growth of smart medical devices, the amount and availability of healthcare and patient data being created and the complexity of delivery models for patient care.
As a result, the attack surface is much more expansive and difficult to protect because the security perimeter includes a vastly expanded digital footprint, including multiple organizations, IoMT devices and business partners. And, despite more regulatory oversight and increased security investments, breaches continue to happen because of lax security hygiene in many organizations. This is consistent with findings in the RSA Digital Risk Report, that even though organizations have digital transformation efforts underway, their risk management practices don't always keep pace.
There has been a dramatic disruption to the traditional care model in which a patient visits their doctor's office or a hospital to seek medical treatment. The healthcare workforce is being augmented by technology to help meet the needs of a changing patient population. More patients are seeking care under the Affordable Care Act; at the same time, there is a shortage of physicians and medical workers. A growing number of healthcare facilities have expanded their use of telemedicine to deliver services to patients in hospitals as well as in remote locations.
Improving patient care is a primary driver of digital transformation for doctors, hospitals and other providers, and digital technology provides more options for how, when and where they provide care. Healthcare workers who serve patients in multiple locations require access to devices and data as they travel, work from home, visit patients or work across healthcare facilities.
These are only two examples of the dramatic disruption taking place in the healthcare industry. The necessary shift to a dynamic, mobile workforce exposes healthcare organizations to the risk of improper worker access and authentication. This is especially concerning when it is also difficult or impossible to effectively monitor the online activities of healthcare providers, business partners, gig workers and others across a myriad of IoMT devices.
As the healthcare industry moves towards collaborative care, the risks to patient data are significant. Collaborative care is a delivery model that involves patient data being available across large, complex healthcare environments and accessible to many users from multiple devices and locations. There are many different users of data across today's healthcare ecosystem. For example, patients want and have more control over their data and healthcare decisions; by 2020, it's estimated that 25% of all healthcare data will be collected by patients themselves, according to a study by IDC . Health practitioners and medical researchers also leverage data to improve the quality of medical decisions and patient care, such as using artificial intelligence and cognitive solutions in areas ranging from delivery of care to continuous health monitoring. Without adequate data privacy controls, the risk of personal data being lost, or patient care being put at risk grows considerably.
The healthcare industry faces other risks besides the three discussed here— including regulatory, operational, third-party risks and more. As healthcare organizations embrace the positive benefits of digital transformation, they must equally embrace security and risk management practices that enable them to successfully address the volatile, hyper-connected nature of these risks. In the increasingly connected world of digital healthcare, systems and data, each organization has a responsibility not only to shore up their own security and risk management practices, but also to contribute to the greater good of the expanded healthcare ecosystem.
# # #
Get the RSA® Digital Risk Report 2019 to learn about perceptions and attitudes towards risk in the digital world and the top critical risk challenges facing organizations in your industry. You can also use the RSA Digital Risk Index to identify your organization's risk exposure and highlight specific focus areas where you can take immediate action. This quick online assessment can help guide your strategies as you prepare to take on new digital initiatives.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity.