Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Blog | Greg Freiherr, Industry Consultant | Cybersecurity | April 12, 2019

2 Reasons Cybersecurity Will Dominate HIT’s Future

Image courtesy of Pixabay

Image courtesy of Pixabay

Sooner or later, the bad guys are going to figure out that healthcare IT is where it is at — and that imaging has a key to get there.

That key has come from the mushrooming interest in enterprise imaging. It will turn with the coming increase in the cyber-attack surface.

Partly because of enterprise imaging, cybersecurity will dominate the future of healthcare IT. The other reason is the white-hot interest in artificial intelligence (AI), exemplified by the hundreds of AI applications that companies are preparing to introduce to the market in the months and years ahead. Their integration into enterprise imaging networks will dramatically expand the attack surface of healthcare IT.

Enterprise imaging may promise clinicians unprecedented access to data. And AI may provide the means by which radiologists and other physicians can dodge the burnout that would come with data overload. But together, enterprise imaging and AI could be a nightmare for cybersecurity. The third element, the value of patient data, already exists.

 

Monetary Value of Patient Data

A single patient record is far more valuable than any other data record hackers might grab. Whereas a credit card number may be worth less than a dollar, a medical record could be worth hundreds — or more.

Just in the patient’s medical history, a hacker can get that person’s full legal name and social security number, the address of his or her residence and employer, contact information about that patient’s dearest and most trusted people (medical records usually cite who should be contacted in an emergency), insurer’s name and number, and often bank account information. This information can be divided up and sold individually on the Internet or packaged for sale as “identity kits,” according to the Institute for Critical Infrastructure Technology.

Adding even more value to the nefarious is “protected health information,” such as disease diagnoses, as well as sensitive personal information about which patients might be blackmailed —
sexually transmitted diseases, for example, or psychological conditions, according to a story that appeared in Forbes.

We’re lucky that black hatters haven’t yet prioritized their cyber foraging for medical information. Hackers may not widely recognize the extraordinary value of medical records. But our luck is not likely to last.

Healthcare systems are already amazingly easy to hack. And the number of attacks is increasing, as illustrated by cyberattacks reported by Beckers Hospital Review. The low-hanging fruit that these medical records represent is about to hang even lower.

 

The Sunset of Legacy PACS

Cybercriminals are among the most technically versed wrongdoers anywhere. They are already well versed on the technical developments in networking and AI. In healthcare IT, developments along these lines are heating up.

At the Healthcare Information and Management Systems Society’s (HIMSS) 2019 conference, it was widely recognized that the sun is setting on legacy technologies. These legacy technologies are exemplified by archives dedicated to data silos, such as those in radiology and cardiology. The sunsetting of these technologies, some installed a decade or more ago, is driving interest in centralized archives and cloud-based computing and storage.

It’s debatable whether cloud storage or on-premise archival is more or less secure. It won’t matter to hackers. Opportunity for cyberattacks will rise with the expansion of both. The operative issue is not the means of storage — or where data are processed — but the expansion of networks, specifically, the growth in the number of nodes on each.

These numbers will blossom as providers seize the opportunity to expand beyond the data silos that have marked the use of dedicated archives, as clinical data comprised of optical and radiological images, pathology reports, vital signs and patient histories (and their synopses) stream across the enterprise.

What the widening adoption of enterprise imaging means to hackability requires nothing more than recognition that the networks linking radiologists and their referring physicians will expand markedly. Data sharing and interoperability promise great things for physicians and patients alike.

They could be real steps toward realizing the dream of truly personalized medicine. Treatments based on the genetic and clinical data that exactly characterize individual patients will increase the likelihood that these treatments will help patients. Gone will be the one-size-fits-all approach that has characterized medicine since Louis Pasteur and Robert Koch proved germ theory in the 19th century.

Simultaneously, growing with the interest in enterprise imaging is the prominence of AI. Data sharing and interoperability, along with AI apps, will offer an unprecedented opportunity for hackers.

 

Expanding Networks Increase the Cyberattack Surface

Imagine expansion of just the networks that today serve radiologists and referring physicians. Imagine these networks branching not just into pathology and the lab — where blood work and genomic data reside — but into general medical practices. Now think about what happens when the physicians in these offices begin getting medical selfies snapped on the cameras built into their patients’ smartphones. Then add the network nodes of specialists to whom these patients will be referred, each requiring those selfies, showing in megabytes of detail everything from abrasions to compound fractures and beyond.

Literally anything that can be photographed will. And it ain’t going to be pretty — not the images, nor the risk these images pose from hackers.

Not only might the newly opened networks nodes present an opportunity for hackers, so might the IP nodes of the patients who send pictures to their physicians. Together they will radically increase the cyberattack surface of healthcare IT.

And there’s more. Consider the impact of adding to these networks the nodes needed to connect AI applications.

While only a few dozen AI algorithms may have been cleared so far by the FDA, this could change very quickly. Rising off-shore from the medical mainstream is a tsunami of AI apps. Hundreds may be in design or testing right now. Some prioritize radiologists’ worklists. Others define and calculate suspicious structures (like pulmonary nodules). And each will require a unique node on a network.

And this covers just the apps in radiology. Remember that the operative word of enterprise imaging is “enterprise.”

 

How “Ease of Use" May Increase Hackability

Talk to the IT vendors dedicated to building the IT backbones for these networks. You will learn that they are committed to building networks that are easy to use. And how are they going to do it? By constructing standard interfaces, ones based on standards for interoperability, standards that by their very nature are publicly known.

Could hackers ask for more?

The time to do something about cybersecurity is now. And there is plenty that can be done. But no matter what or how much is done, the threat will always be there.

It is the yin to HIT’s yang — the nightmare that accompanies the promise of nirvana.

 

Related content:

What is Next in Healthcare IT?

6 Key Health Information Technology Trends at HIMSS 2019

Additional coverage and videos from HIMSS19

Related Content

AI Metrics, LLC, a medical imaging startup focused on augmented intelligence to improve patient care, announced today that the U.S. Food and Drug Administration (FDA) has granted 510(k) clearance for the company’s flagship image analysis platform.
News | Artificial Intelligence | January 18, 2021
January 18, 2021 — AI Metrics, LLC, a medical imaging startup focused on augmented intelligence to improve patient ca
The U.S. Food and Drug Administration released the agency's first Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan. This action plan describes a multi-pronged approach to advance the Agency's oversight of AI/ML-based medical software.
News | Artificial Intelligence | January 12, 2021
January 12, 2021 — The U.S.
OptumInsight and Change Healthcare combine to advance a more modern, information and technology-enabled healthcare platform

Getty Images

News | Information Technology | January 06, 2021
January 6, 2020 — Optum, a diversified health services company and
#coronavirus #COVID19 #pandemic

Getty Images

News | Radiology Imaging | January 01, 2021
The Imaging Technology News (ITN) team wishes you a Happy and Healthy New Year!
Company delivers on last year’s roadmap milestones and continues to advance cloud-native suite of tools to lead industry to the future of enterprise imaging
News | Enterprise Imaging | December 23, 2020
December 23, 2020 — ...
 EvoHealth, a trailblazer in incorporating new technology in healthcare IT software, announced it has exceeded its first milestone of more than 100 customers with over 200 locations.
News | Information Technology | December 22, 2020
December 22, 2020 — EvoHealth, a trailblazer in incorporating n
The key trends Clinicians reviewing a COVID-19 patient's lung CT that reveals the severity of COVID-caused pneumonia. The impact of COVID on radiology was a major, over arching trend at  the 2020 Radiological Society of North America (RSNA) meeting. Getty Imagesbserved at 2020 Radiological Society of North America (RSNA) meeting all focused around COVID-19 (SARS-CoV-2) and the impact it has had on radiology. #RSNA #RSNA20 #RSNA2020

Clinicians reviewing a COVID-19 patient's lung CT that reveals the severity of COVID-caused pneumonia. The impact of COVID on radiology was a major, over arching trend at  the 2020 Radiological Society of North America (RSNA) meeting. Getty Images

Feature | RSNA | December 17, 2020 | By Melinda Taschetta-Millane and Dave Fornell
Intelerad Acquires Digisonics CVIS and OB?GYN reporting systems to Expand its Enterprise Imaging Workflow
News | Enterprise Imaging | December 16, 2020
December 16, 2020 - Intelerad Medical Systems, a provider of...
Published in Nature Communications, ReceptorNet is a breakthrough deep-learning algorithm that can determine hormone-receptor status - a crucial biomarker for clinicians when deciding on the appropriate treatment path for breast cancer treatment
News | Artificial Intelligence | December 14, 2020
December 14, 2020 — Imagine being a doctor and having a precocious resident permanently by your side, giving you bril