The very nature of health services has dramatically changed over the past year with patients having to wait in their cars for a temperature check by a nurse before being allowed into a doctors offices. No surprise then that telehealth now provides the dominant mode of medical consults today. Many of these changes in healthcare delivery and patient care have become the 'new normal.' This will likely continue well beyond 2021, especially as patients express their preference for virtual telehealth consults which they find more convenient, faster, better, and often cheaper than traditional in-person consultations.
The COVID crisis has also exacerbated structural financial problems across US healthcare delivery organizations (HDOs). With nearly all elective surgery on hold, and patients avoiding checkups or going anywhere near hospitals and other virus centers of the pandemic, HDOs are going broke, filing for bankruptcy protection, and furloughing staff. Security and IT staff budgets have been hit especially hard with projects put on hold indefinitely in many cases. At a time when healthcare is being targeted by international crime syndicates and pariah nation states, this is particularly alarming and should be of concern to all of us.
2020 was a pivotal year for healthcare worldwide, but in the US it marked a structural change of focus, back towards public health management, and a defining movement from 'payment by procedure' to 'payment by results' in all areas of medicine, other than perhaps emergency care which remains tactically focused.
At Cylera we expect many of the changes witnessed in 2020 to continue into 2021 and well beyond. As the COVID vaccination program begins to inoculate those most at risk, healthcare will again be forced to adapt and pivot. Pent up demand for elective procedures will be sure to open the floodgates, providing a vital source of income to a still broken US healthcare model, but many things will likely forever be changed.
Below are some of our thoughts for Q2 of 2021 and our top 4 predictions for the industry.
1. The Targeting of Healthcare by Cyber-Attackers Will Continue
The distraction of pandemic disease control and a seemingly endless stream of sick and dying has exposed HDOs to an endless flood of malware, ransomeware, and other forms of cyber attack through a lack of maintenance and patching of HIT and HIoT systems, combined with a lack of security staff.
Criminals and nation state actors know all too well the ease with which a hospital can be compromised by over-worked and distracted staff. They also know that HDOs make excellent targets for ransom, since some have already paid the extortion demanded, and that stolen PHI, PII and IP can be easily monetized on the dark web.
To combat these threats, HDOs need to play catch-up and patch-up. They need to return furloughed staff to full time and hire additional security staff to meet rising threats and a change in demand. Many should also consider the hiring of a Managed Detection and Response (MDR) service to protect their operational security in a cost beneficial leveraged staffing model. They also need to re-assess risks in light of different service delivery models using remote staff, telehealth/telemedicine, and a massive increase in the number of HIoT devices. These devices present new risks to the HDO, and will need new security tools, technologies, and approaches in order to protect patient safety, system availability, data integrity, and confidentiality.
2. Telehealth Will Continue to Gain Popularity and Adoption
The advent of pandemic diseases makes a doctor's office the last place in the world anyone would willing want to visit for fear of contracting some contagion. Therefore, doctors and their medical practices quickly pivoted to provide very similar services via telehealth and telemedicine. These were technologies readily available to doctors for many years but were slow to be adopted for wide-scale use until COVID hit; now their use is almost ubiquitous.
Born out of necessity, telehealth has provided much improved convenience and accessibility to healthcare services by the general public and has become very popular. We believe that patients will continue to demand and prefer remote medical services for most ailments, and that this will remain the norm moving forward through most of 2021 and beyond. Supported by new regulations and integrating new technologies that have been refined over the past year, the future looks bright for telehealth and other advances in medical technology.
3. Growth in Medical Device Numbers Will Increase Cybersecurity Risks
The number of medical and other HIoT devices has grown globally at 20% per annum for the better part of the past decade, but most people can be forgiven for failing to notice this change. These devices include a vast array of bedside patient monitoring and treatment systems and new AI-based diagnostic systems help improve patient care and medical outcomes. It also includes the recent growth of medical wearables such as the Apple Watch, the Fitbit, and a multitude of other systems that have taken consumer healthcare by storm. Hospital medical devices will eventually find their way into the home and into everyday life to monitor patients away from scarce hospital beds. Many of these devices supplement official medical records, adding vast amounts of data to an already bloated and data rich medical record bank. More importantly, these 'connected devices' also increase the potential attack surface for perpetrators of cyber-crime.
With the continued growth of remote medicine, all of these connected devices must be secured and monitored to prevent interference from unauthorized users. Not only can devices connecting the patient with a network present unique patient safety concerns, but they can also be used as a Trojan horse for criminals to gain access to core hospital networks for more nefarious purposes.
Cyber attacks against hospitals can be expensive and highly disruptive to patient care, health, and safety. In Q2 of 2021 we predict the continuing growth of medical and other HIoT devices along with growing efforts by attackers to develop security exploits against these defenseless IoT systems. We also predict this area of healthcare security to become increasingly important as more and more HDOs begin to understand their HIoT risks, and look for creative ways to protect themselves and their patients.
4. Budgets Will Continue to be Constrained
Covid-19 has had a devastating financial impact on Americans and their healthcare systems. In 2020 we saw a shortage of resources and razor-thin budgets. As a result of the COVID pandemic, millions of Americans have lost their jobs and health insurance. Without health insurance, many Americans will limit healthcare visits and procedures to only those absolutely necessary. Even those with health insurance will likely stay clear of medical facilities in order to avoid possible exposure until inoculated against the SARS-CoV-2 virus. Those not comfortable with telehealth will forego treatments. This in turn will result in reduced revenues for all healthcare providers, and will lead to a further decline in population health as a result. Vaccination will most probably continue through Q3 at least, so this budgetary predicament will be with us for all of 2021.
To follow our healthcare and cybersecurity predictions throughout 2021 follow Cylera on Linkedin and Twitter.