Digital health: medical professional viewpoints on innovation and cybersecurity

The digital transformation of healthcare will have profound socio-economic impacts by accelerating and improving patient care and processes within hospitals and care centres. For example, the optimisation of processes (digital signatures, software management, virtual assistants, etc.) can simplify and speed up health data management and hospital procedures.

As we roll faster towards a hyperconnected health system, healthcare organisations need to ensure their overall security and keep highly sensitive data safe from malicious behviour. 

With cyber-incidents and cyber-attacks cause the loss of billions of euros every year, it is critical that the healthcare industry builds a strong defence against cyber threats. It is equally important that healthcare in Europe ensures cybersecurity is human-centric, involving all major stakeholders from IT and medical staff, hospital managers and the patients themselves as a strong security posture means patients and their health data are safe from cyber-attacks.

To dive deeply into the many challenges around cybersecurity in healthcare, last September PANACEA Research co-hosted a webinar with cyberwatching.eu, zooming in on the human and legal perspectives. PANACEA coordinator, Dr Sabina Magalini from the Gemelli University Hospital Rome, shared her concerns as a medical professional as healthcare operations increasingly depend on information systems.

Key takeaways from PANACEA include:

• Legacy connected devices are “black boxes” and therefore a major risk as they were designed when cyber-attacks were not as common as they are today.
• The increasing number of connected devices both inside and outside the hospital is putting both patients and hospitals at even greater risk due to hackability.
• The threat surface of hospitals is very large because they are like “seaports”, fully open to relatives, suppliers, practically anyone.
• Healthcare organisations also need to deal with an evolving landscape of new threats. For example, hackers adding a tumour directly to a radiography exam, which can lead to unnecessary treatment on top of huge stress levels. 

Some facts and figures

Hospital structures and administrations are focalising mainly on the protection of patient data because of possible legal consequences. Here’s a sample of human and IT assets at risk.

• Cyberthreats are on the rise: there were 87 billion attacks in 2018 with 3 million targeting assisted patients.

• Data Breaches
  • PHI and PII: over 15 million health records have been compromised by data breaches in the last year.

• Ransomware:
  • Phishing with attachments.
  • Clicking on a malicious links.
  • Viewing malicious advertisement.
  • RaaS (Ransomware as a Service).

• DDoS attacks
  • While most are opportunistic and accidental, many target victims (Hospitals) for social, political, ideological or financial reasons because some issue angers cyberthreat actors. Medical operations may therefore create conditions of anger or revenge.

• Insider threats
  • insiders have legitimate access to the system so they do not have to face traditional cybersecurity defences, the best defence against these threats is by other insiders.

• Business email compromise and frauds
  • scammers pretend to be a person of power (e.g. CEO, supervisor). Very effective because they are well targeted. These threats have risen by 1300% since 2015.