2022.11.07-ISfTeH.abstract

Cybersecurity: Expanding patient access to health services also expands the cyber threat surface

Richard Staynings, 8:30 AM-8:50 AM – (20 minutes)  07 NOV 2022  San Jose, CA, USA

This session will explore the changing healthcare technology delivery landscape, the rapid adoption of ML and other forms of AI across healthcare, innovative new healthcare IoT and IT technologies and the democratization of health data to mobile apps, medical wearables and remote patient services. Data truly is king, and not just for clinical decision support, but for medical research and so much more.
 
But medical data is valuable to hackers both via its theft, and through extortion by prevention of access to that data or the systems that process it, and this is one of many reasons why providers are the target of growing cyber-attacks. As our services expand beyond hospital walls so does the threat surface and this drives up risks and leads to demands for new regulation for healthcare security and privacy.
 
But effective cybersecurity can be an enabler of new health services. Services which without advances in cybersecurity would simply be considered too risky to implement. Two decades ago, the idea of providing patients access to their own medical data via the internet seemed a pipe dream. Today we allow patients to upload their personal medical data from a consumer fitness app to their PCP managed EHR. We allow patients to be treated and monitored in their homes via remote medical services and even to die in their own homes supported by necessary medical equipment, all of which has to be securely managed by a provider. But how do we ensure that medical data and systems are secure and that patient safety risks are not being introduced through increased convenience to those patients?