Richard Staynings with Michele Griffith MD, President of ISfTeH. |
The 'International Society for Telemedicine & eHealth' held its annual conference in San Jose, CA today and the author was proud to be invited to speak on the subject of 'cybersecurity as an enabler of new remote medical services'.
Remote patient services whether telehealth consults with a primary care physician, post operative recovery from home to free up needed hospital beds, or the right of patients to die in their own home (embodied in law in many jurisdictions now), requires a different approach to patient data protection, privacy and security. Indeed, many of the new services envisaged as part of improvements to patient care for the future, will require careful examination to ensure that these do not expose provider medical networks to undue risks. Personalized medicine looks set to transform patient well-being and intervention outcomes but if providers are to store and process patients' DNA then they need to do a much better job of protecting that information than they do protecting current personal health information.
Regulation across multiple jurisdictions requires that the confidentiality (privacy) of electronic patient information (ePHI) be protected, yet from a risk perspective loss of confidentiality although still important, is minor compared to the loss of health data integrity (the changing of a medical record) or the loss of availability (patients unable to receive an X-ray or CT scan while in the Emergency Room).
With multiple hospitals being attacked with ransomware every week today, the risks for providers are obviously great. Although the costs of loss (lost revenue) can be massive, (Scripps Health is reported to have lost $112.7 million in revenue following its ransomware attack in 2021), the impact to patients for protracted downtime caused by a cyber attack can be life threatening, impacting patient safety, morbidity and even mortality, as we have seen from some prior ransomware attacks. Cyber-criminal activity by extortionists is literally killing people. Cyber attacks against the 'availability' of health services can be devastating to patients in need of radiotherapy or chemotherapy when those services are denied them. The same is true for those in need of Emergency Care or those giving birth when health IT and IoT are unavailable and being held to ransom.
The conference heard that it is important to balance 'confidentiality',
'integrity' and 'availability' of health information that together form
what is known as the CIA triad. It also heard that a more
risk-based-approach is required if providers are to get in front of managing the
proliferation of new AI and ML based technologies, clinical applications and medical
devices.
A full copy of the author's deck can be found here.
A full copy of the author's deck can be found here.
Attendees, speakers and panelists came from all over the world and were drawn from many different medical disciplines and specialties. This was the first international conference of the ISfTeH since COVID-19 locked down many countries and prevented international travel.
Original stories and articles may be republished without charge provided that attribution is provided to the source and author. Articles written for, and published first elsewhere, are subject to the republishing terms and conditions of the host site.