Why patient confidence hinges on medical device security
Over the past year, healthcare-related hacks like WannaCry have made for some significant headlines. Yet, this recent surge of cybercrime—and its effects on consumer confidence—is unsurprising.
The Unisys Security Index™, which gauges the attitudes of consumers on a wide range of security-related issues, found that security concerns regarding viruses/malware and hacking rose dramatically.
Given that an electronic medical health record (EHR) can be worth hundreds or even thousands of dollars on the black market, compared with just 25 cents for a typical credit card number, it is no surprise that healthcare has been increasingly targeted by hackers. From a member and patient perspective, robust security is not an option; it is an absolute necessity.
Unsecured medical devices are the Achilles’ heel for hospitals and healthcare systems. Globally, some 10 percent to 20 percent of medical devices in most hospitals are connected, and that number is growing rapidly. But medical devices within hospitals aren’t the only concern. There is a growing trend in healthcare—encompassing hospitals, clinics and even local doctors’ offices—to provide patients with wearable medical devices that track, record and report on physical health.
IDC predicts that by 2020, care plan adjustments will be made in real time with cognitive/artificial intelligence using data from wearable devices, resulting in 20 percent more patients being engaged in their health.
Consumer attitudes toward wearable medical devices were explored in the Unisys Security Index. Consumers were asked if they would support wearable medical devices such as pacemakers or blood sugar sensors that could immediately transmit any significant physical health changes to a doctor. A full 78 percent of respondents indicated their support for such devices. Of the 11 percent of consumers who did not support such use, the majority felt that there wasn’t a compelling reason to monitor and transmit such data to a third party, or they simply didn’t want the organization to have that information. Data security was ranked third.
In contrast, the majority of consumers in most countries surveyed did not support health insurance providers tracking fitness activity via wearable monitors in order to affect insurance premiums or to reward safe behavior. Consumers said they believed there was not a compelling reason to monitor and transmit such data to a third party or simply did not want the organization to have that information. This was in contrast to financial wearables (such as a payment app on a smartwatch), where security was the greatest concern listed.
In general, therefore, consumers are willing to share their personal data with organizations when they perceive their health and safety will be protected, but not for other reasons. They want to have control over their personal data and who sees it. They need a very compelling reason to share data to offset the loss of privacy. This theme was confirmed across other industry sectors, as well.
Since data security does not appear to be a major factor for consumers when looking at safety-related biometric wearables and data collection, it could easily—but mistakenly—be assumed that healthcare institutions can check the security “box” and move on. Nothing could be farther from the truth.
While it appears that consumers currently trust healthcare providers to protect their personal information when there is a compelling reason to share it, it does not take long for a data breach to erode that trust. As the past few years have more than demonstrated, a single breach can devastate an organization’s reputation among consumers. Robust security is a must, both to prevent breaches and to swiftly mitigate matters if a breach occurs.
The life sciences and healthcare sector currently has the trust of consumers, but that could change rapidly if pharma/biotech companies, hospitals and healthcare organizations do not take steps to secure the devices and the networks they rely on to deliver patient care. That includes both the medical devices that reside within CROs, hospitals and clinics, and devices that are worn by patients when they return home.
Achieving such security may seem a daunting task, but it is not. A medical device management system that incorporates microsegmentation and data encryption fulfills security issues both by supporting and enhancing the security inherent within each medical device (whether wearable or on-site), and by protecting connected devices that lack any security features of their own. These types of robust protocols will be critical for hospitals and healthcare institutions to retain consumer trust and prove to their constituents their personal data is safe and secure, wherever it resides.