The global health crisis is accelerating the digital transformation of healthcare, bringing more venture capital investment and new partners to the sector than ever before. A recent report from Mercom Capital Group revealed that global venture capital funding for digital health companies hit a record high in the first three months of 2020, increasing 43 percent year over year to $10.3 billion. That's changing who's providing healthcare-related services, and the services themselves: Lyft announced it is integrating with Epic to allow healthcare workers to coordinate patient transportation directly from their electronic health record (HER). OptumCare physicians have conducted about 1 million digital clinical visits in 2020 so far, with more anticipated in the future. Cancer patients who used to receive cookie-cutter treatments with high failure rates, now thanks to AI's sophisticated pattern recognition, have access to personalized therapies tailored to their genetic makeup and lifestyle.
With digital transformation comes digital risk, as well as the obligation to do more to protect ourselves and our users. Hence the theme for Cybersecurity Awareness Month 2020 is "Do Your Part. #BeCyberSmart." The theme for the week of October 19 is "Securing Internet-Connected Devices in Healthcare", which is appropriate given the healthcare industry's increasing use of Internet of Things (IoT) to improve patient care, drive availability of health information, speed up provider response times and more. The number of connected devices in 2020 is predicted to hit 50 billion and continues to grow exponentially with the advent of new devices, apps, robotics and 5G networks, among other innovations.
Telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and digital third parties entering the healthcare supply chain have created many benefits, but they've also exposed the industry to additional risk. So far in 2020, 412 healthcare organizations reported to the U.S. Department of Health and Human Services (HHS) that 20,659,038 individuals have been affected by data breaches. These breaches expose healthcare providers to cyberattacks and other threats – particularly ransomware, exposing patients' private information, compromised resiliency, and expanded third-party risk – which can impact an organization's financial standing, brand and reputation, compliance posture and more. With limited resources and more time-consuming patient protocols, healthcare organizations need to focus to ensure they are benefiting from the positives of digital transformation while still managing these new risks.
Managing risk and security is usually the responsibility of a small team, but that model is only effective when the organization has collective ownership for every aspect of the organization's approach. Figure 1 below highlights four important concepts to help drive this for healthcare providers:
- Clear executive ownership should exist for risk and security to ensure these topics are front and center to the CEO and board, resources are allocated, and they are aligned to the strategic objectives of the organization.
- Expert risk, security and resiliency teams should be in place to lead with best practices, comply with standards, and maintain focus.
- These teams must integrate their risk and security management approaches to address risks holistically.
- Risk and security must also be the responsibility of end users, including providers, patients, business partners, third parties and others providing services and accessing these critical and sensitive resources.
Telemedicine is a great example and an opportunity to drive better risk and security practices. For example, patients and providers communicating virtually both have a vested interest to protect their conversation, maintain patient privacy, and ensure diagnoses are based on correct information and delivered accurately. This requires basic risk management and security hygiene that can be deployed clearly and simply by ensuring devices, wifi networks and systems are password-protected, that conversations are held in private, and that personal health information (temperature, blood pressure, etc.) relayed from patients is verified by the provider.
If everyone does their part by implementing stronger risk and security practices, the rapidly evolving world of virtual healthcare will provide better, faster and more accurate care for more patients – even in the midst of a global pandemic.