The High Stakes of Connected Devices and Artificial Intelligence in Healthcare Privacy

We've talked about how technology is shaping the new age of virtual healthcare and all the inherent risks of these new systems. At IDX, we want to make it easy for healthcare organizations and their customers to navigate the virtual world and the benefits it has to offer without jeopardizing their privacy and personal health data. To achieve this goal, we need to understand the gaps between these cutting-edge technologies and the potential cybersecurity risks involved to protect customers against emerging threats.

Two of the fastest-growing trends in telemedicine are connected devices and artificial intelligence. These data-driven innovations mean healthcare providers can access information about their patients and, in some cases, treat them from anywhere in the world. Supercharged analytics engines can assist with diagnostics, care management, and even predictive medicine. Healthcare organizations stand to benefit from serious cost savings by implementing these technologies. AI applications are poised to save the U.S. healthcare industry $150 billion by 2026 alone.

But what about all the risks that shadow these advancements?

We already know the ongoing war with cyber criminals has heated up in the wake of the COVID-19 pandemic. A dramatic rise in remote working and a boom in telehealth have attracted some of the most significant ransomware attacks against healthcare companies in recent history. Record-setting data breaches involving patient health information make consumers more vulnerable to things like medical identity theft, and third-party telehealth apps may be profiting from the sale of consumer health data.

Digging into these layers of risk, we find connected health devices are vulnerable to cybersecurity threats in a more personal and dangerous way than previously imagined. All the data collected through these technologies also means more sensitive patient information is available for hackers to steal. As security experts sound the alarm for the prioritization of cybersecurity enhancements, more healthcare organizations are working with their customers to broaden the scope of security solutions they use for connected devices and virtual healthcare overall.

The vulnerabilities of connected medical devices – what could go wrong?

Wearable medical devices like heart rate sensors and oximeters can give doctors a higher resolution of data, providing better insights into their patients’ health over time. These devices are useful for assessing health risks in real-time and incentivizing good behaviors like exercise. Preventative care via wearable technology could also help save the healthcare system up to $7 billion a year, so it’s no wonder healthcare organizations are eager to embrace them.

Internal medical devices like insulin pumps and pacemakers have joined the Internet of Things (IoT) world as well, allowing doctors to perform check-ins remotely. These home monitoring solutions reduce the need for in-clinic follow-up visits and increase patient satisfaction.

Unfortunately, remote capabilities also mean vulnerabilities. Implantable medical devices transmit data via wireless antennas, and that data is rarely encrypted. How secure are these medical devices – especially the implantable devices patients depend on for their well-being, even their lives? That’s a question the FDA is also interested in answering. Having made little progress since releasing their Medical Device Safety Action Plan in 2018, the FDA has recently appointed its first medical device cybersecurity chief, Ken Fu.

The potential for threat actors to create havoc should they hack into these devices cannot be overstated. IBM found a vulnerability in insulin pumps that would allow hackers to control them remotely. What could a criminal do with that kind of control? For one, they could change the dosages of medication being administered without a patient’s knowledge. Pacemakers could be exploited to run at the wrong rates, forced into depleting their battery, or even shock a victim resulting in injury or death. Hackers could also manipulate the data being recorded to hide health issues or generate a false alarm.

Artificial intelligence in a connected world

From analyzing medical images to discovering correlations within electronic medical records, artificial intelligence (AI) algorithms assist care providers in countless ways. But there are security draw-backs to using AI, as AI technology relies on extensive data pipelines. Not only is more information available to cybercriminals if an AI system is breached, but an algorithm’s connection to multiple platforms creates additional weak spots in these data centers. If the network upon which the AI is running becomes compromised, a hacker may find themselves in possession of a vast trove of patients’ most private and personal information.

Focus on securing access to these technologies and help your customers take back control.

The Medical Device Innovation Consortium (MDIC) is developing a plan for healthcare IT companies and medical device manufacturers to track and measure the progress of cybersecurity maturity across the industry. BD VP and CISO, Rob Suárez, is calling for greater industry-wide standards and cooperation to address the growing threat against connected medical devices. One way to increase security is to incorporate additional criteria beyond the basics to authorize access to these devices.

Over the past few years, the FDA has cracked down on medical device cybersecurity vulnerabilities, issuing warnings and requesting product recalls, according to the Medical Device Cybersecurity Report by the MDIC. These issues also affect consumer trust and confidence in the healthcare ecosystem at large.

To build back that confidence, take steps to engage with your customers about the security issues we face and provide them with the privacy solutions they need to regain control in this new digital world. Talk with a healthcare solutions team member to learn more about IDX’s consumer-centered tools working to make virtual healthcare safer for everyone.