Greg Freiherr, Industry Consultant
Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Blog | Greg Freiherr, Industry Consultant | Cybersecurity| April 12, 2019

2 Reasons Cybersecurity Will Dominate HIT’s Future

Image courtesy of Pixabay

Image courtesy of Pixabay

Sooner or later, the bad guys are going to figure out that healthcare IT is where it is at — and that imaging has a key to get there.

That key has come from the mushrooming interest in enterprise imaging. It will turn with the coming increase in the cyber-attack surface.

Partly because of enterprise imaging, cybersecurity will dominate the future of healthcare IT. The other reason is the white-hot interest in artificial intelligence (AI), exemplified by the hundreds of AI applications that companies are preparing to introduce to the market in the months and years ahead. Their integration into enterprise imaging networks will dramatically expand the attack surface of healthcare IT.

Enterprise imaging may promise clinicians unprecedented access to data. And AI may provide the means by which radiologists and other physicians can dodge the burnout that would come with data overload. But together, enterprise imaging and AI could be a nightmare for cybersecurity. The third element, the value of patient data, already exists.

 

Monetary Value of Patient Data

A single patient record is far more valuable than any other data record hackers might grab. Whereas a credit card number may be worth less than a dollar, a medical record could be worth hundreds — or more.

Just in the patient’s medical history, a hacker can get that person’s full legal name and social security number, the address of his or her residence and employer, contact information about that patient’s dearest and most trusted people (medical records usually cite who should be contacted in an emergency), insurer’s name and number, and often bank account information. This information can be divided up and sold individually on the Internet or packaged for sale as “identity kits,” according to the Institute for Critical Infrastructure Technology.

Adding even more value to the nefarious is “protected health information,” such as disease diagnoses, as well as sensitive personal information about which patients might be blackmailed —
sexually transmitted diseases, for example, or psychological conditions, according to a story that appeared in Forbes.

We’re lucky that black hatters haven’t yet prioritized their cyber foraging for medical information. Hackers may not widely recognize the extraordinary value of medical records. But our luck is not likely to last.

Healthcare systems are already amazingly easy to hack. And the number of attacks is increasing, as illustrated by cyberattacks reported by Beckers Hospital Review. The low-hanging fruit that these medical records represent is about to hang even lower.

 

The Sunset of Legacy PACS

Cybercriminals are among the most technically versed wrongdoers anywhere. They are already well versed on the technical developments in networking and AI. In healthcare IT, developments along these lines are heating up.

At the Healthcare Information and Management Systems Society’s (HIMSS) 2019 conference, it was widely recognized that the sun is setting on legacy technologies. These legacy technologies are exemplified by archives dedicated to data silos, such as those in radiology and cardiology. The sunsetting of these technologies, some installed a decade or more ago, is driving interest in centralized archives and cloud-based computing and storage.

It’s debatable whether cloud storage or on-premise archival is more or less secure. It won’t matter to hackers. Opportunity for cyberattacks will rise with the expansion of both. The operative issue is not the means of storage — or where data are processed — but the expansion of networks, specifically, the growth in the number of nodes on each.

These numbers will blossom as providers seize the opportunity to expand beyond the data silos that have marked the use of dedicated archives, as clinical data comprised of optical and radiological images, pathology reports, vital signs and patient histories (and their synopses) stream across the enterprise.

What the widening adoption of enterprise imaging means to hackability requires nothing more than recognition that the networks linking radiologists and their referring physicians will expand markedly. Data sharing and interoperability promise great things for physicians and patients alike.

They could be real steps toward realizing the dream of truly personalized medicine. Treatments based on the genetic and clinical data that exactly characterize individual patients will increase the likelihood that these treatments will help patients. Gone will be the one-size-fits-all approach that has characterized medicine since Louis Pasteur and Robert Koch proved germ theory in the 19th century.

Simultaneously, growing with the interest in enterprise imaging is the prominence of AI. Data sharing and interoperability, along with AI apps, will offer an unprecedented opportunity for hackers.

 

Expanding Networks Increase the Cyberattack Surface

Imagine expansion of just the networks that today serve radiologists and referring physicians. Imagine these networks branching not just into pathology and the lab — where blood work and genomic data reside — but into general medical practices. Now think about what happens when the physicians in these offices begin getting medical selfies snapped on the cameras built into their patients’ smartphones. Then add the network nodes of specialists to whom these patients will be referred, each requiring those selfies, showing in megabytes of detail everything from abrasions to compound fractures and beyond.

Literally anything that can be photographed will. And it ain’t going to be pretty — not the images, nor the risk these images pose from hackers.

Not only might the newly opened networks nodes present an opportunity for hackers, so might the IP nodes of the patients who send pictures to their physicians. Together they will radically increase the cyberattack surface of healthcare IT.

And there’s more. Consider the impact of adding to these networks the nodes needed to connect AI applications.

While only a few dozen AI algorithms may have been cleared so far by the FDA, this could change very quickly. Rising off-shore from the medical mainstream is a tsunami of AI apps. Hundreds may be in design or testing right now. Some prioritize radiologists’ worklists. Others define and calculate suspicious structures (like pulmonary nodules). And each will require a unique node on a network.

And this covers just the apps in radiology. Remember that the operative word of enterprise imaging is “enterprise.”

 

How “Ease of Use" May Increase Hackability

Talk to the IT vendors dedicated to building the IT backbones for these networks. You will learn that they are committed to building networks that are easy to use. And how are they going to do it? By constructing standard interfaces, ones based on standards for interoperability, standards that by their very nature are publicly known.

Could hackers ask for more?

The time to do something about cybersecurity is now. And there is plenty that can be done. But no matter what or how much is done, the threat will always be there.

It is the yin to HIT’s yang — the nightmare that accompanies the promise of nirvana.

 

Related content:

What is Next in Healthcare IT?

6 Key Health Information Technology Trends at HIMSS 2019

Additional coverage and videos from HIMSS19

Related Content

iCAD's ProFound AI Wins Best New Radiology Solution in 2019 MedTech Breakthrough Awards
News | Computer-Aided Detection Software | September 09, 2019
iCAD Inc. announced MedTech Breakthrough, an independent organization that recognizes the top companies and solutions...
A smart algorithm has been trained on a neural network to recognize the appearance of breast cancer in MR images

A smart algorithm has been trained on a neural network to recognize the appearance of breast cancer in MR images. The algorithm, described at the SBI/ACR Breast Imaging Symposium, used deep learning, a form of machine learning, which is a type of artificial intelligence. Image courtesy of Sarah Eskreis-Winkler, M.D.

Feature | Society of Breast Imaging (SBI) | September 06, 2019 | By Greg Freiherr
The use of smart algorithms has the potential to make healthcare more efficient.
Philips and Fujifilm booths at SIIM 2019.

Philips and Fujifilm booths at SIIM 2019.

Feature | SIIM | September 06, 2019 | By Greg Freiherr
Pragmatism from cybersecurity to enterprise imaging was in vogue at the 2019 meeting of the Society of Imaging Inform
Heath information technology diagram showing use of cloud storage.
Feature | Archive Cloud Storage | September 04, 2019 | Tyna Callahan
In healthcare, critical systems are being used to deliver vital information and services 24x7x365.
Global Diagnostics Australia Incorporates AI Into Radiology Applications
News | Artificial Intelligence | September 04, 2019
Global Diagnostics Australia (GDA), a subsidiary of the Integral Diagnostics Group (IDX), has adopted artificial...
The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s.

The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s.

Sponsored Content | Case Study | Radiation Dose Management | September 04, 2019
Radiation dose management is central to child patient safety. Medical imaging plays an increasing role in the accurate...
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity | August 29, 2019
Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion connected devices ...
Royal Solutions and ZipRad Partner to Tackle Order Entry and Pre-authorization
News | Electronic Medical Records (EMR) | August 27, 2019
August 27, 2019 — Medical data delivery company Royal Solutions has partnered with ZipRad to streamline imaging exam
Glassbeam Introduces AI-powered Rules and Alerts Engine for Clinsights
News | Analytics Software | August 23, 2019
Glassbeam Inc. revealed several technology enhancements in its Rules & Alerts engine that make it dramatically...
Sectra Signs Enterprise Imaging Contract With Vanderbilt Health
News | Enterprise Imaging | August 21, 2019
Sectra will install its enterprise imaging picture archiving and communication system (PACS) and vendor neutral archive...