Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Blog | Greg Freiherr, Industry Consultant | Cybersecurity | April 12, 2019

2 Reasons Cybersecurity Will Dominate HIT’s Future

Image courtesy of Pixabay

Image courtesy of Pixabay

Sooner or later, the bad guys are going to figure out that healthcare IT is where it is at — and that imaging has a key to get there.

That key has come from the mushrooming interest in enterprise imaging. It will turn with the coming increase in the cyber-attack surface.

Partly because of enterprise imaging, cybersecurity will dominate the future of healthcare IT. The other reason is the white-hot interest in artificial intelligence (AI), exemplified by the hundreds of AI applications that companies are preparing to introduce to the market in the months and years ahead. Their integration into enterprise imaging networks will dramatically expand the attack surface of healthcare IT.

Enterprise imaging may promise clinicians unprecedented access to data. And AI may provide the means by which radiologists and other physicians can dodge the burnout that would come with data overload. But together, enterprise imaging and AI could be a nightmare for cybersecurity. The third element, the value of patient data, already exists.

 

Monetary Value of Patient Data

A single patient record is far more valuable than any other data record hackers might grab. Whereas a credit card number may be worth less than a dollar, a medical record could be worth hundreds — or more.

Just in the patient’s medical history, a hacker can get that person’s full legal name and social security number, the address of his or her residence and employer, contact information about that patient’s dearest and most trusted people (medical records usually cite who should be contacted in an emergency), insurer’s name and number, and often bank account information. This information can be divided up and sold individually on the Internet or packaged for sale as “identity kits,” according to the Institute for Critical Infrastructure Technology.

Adding even more value to the nefarious is “protected health information,” such as disease diagnoses, as well as sensitive personal information about which patients might be blackmailed —
sexually transmitted diseases, for example, or psychological conditions, according to a story that appeared in Forbes.

We’re lucky that black hatters haven’t yet prioritized their cyber foraging for medical information. Hackers may not widely recognize the extraordinary value of medical records. But our luck is not likely to last.

Healthcare systems are already amazingly easy to hack. And the number of attacks is increasing, as illustrated by cyberattacks reported by Beckers Hospital Review. The low-hanging fruit that these medical records represent is about to hang even lower.

 

The Sunset of Legacy PACS

Cybercriminals are among the most technically versed wrongdoers anywhere. They are already well versed on the technical developments in networking and AI. In healthcare IT, developments along these lines are heating up.

At the Healthcare Information and Management Systems Society’s (HIMSS) 2019 conference, it was widely recognized that the sun is setting on legacy technologies. These legacy technologies are exemplified by archives dedicated to data silos, such as those in radiology and cardiology. The sunsetting of these technologies, some installed a decade or more ago, is driving interest in centralized archives and cloud-based computing and storage.

It’s debatable whether cloud storage or on-premise archival is more or less secure. It won’t matter to hackers. Opportunity for cyberattacks will rise with the expansion of both. The operative issue is not the means of storage — or where data are processed — but the expansion of networks, specifically, the growth in the number of nodes on each.

These numbers will blossom as providers seize the opportunity to expand beyond the data silos that have marked the use of dedicated archives, as clinical data comprised of optical and radiological images, pathology reports, vital signs and patient histories (and their synopses) stream across the enterprise.

What the widening adoption of enterprise imaging means to hackability requires nothing more than recognition that the networks linking radiologists and their referring physicians will expand markedly. Data sharing and interoperability promise great things for physicians and patients alike.

They could be real steps toward realizing the dream of truly personalized medicine. Treatments based on the genetic and clinical data that exactly characterize individual patients will increase the likelihood that these treatments will help patients. Gone will be the one-size-fits-all approach that has characterized medicine since Louis Pasteur and Robert Koch proved germ theory in the 19th century.

Simultaneously, growing with the interest in enterprise imaging is the prominence of AI. Data sharing and interoperability, along with AI apps, will offer an unprecedented opportunity for hackers.

 

Expanding Networks Increase the Cyberattack Surface

Imagine expansion of just the networks that today serve radiologists and referring physicians. Imagine these networks branching not just into pathology and the lab — where blood work and genomic data reside — but into general medical practices. Now think about what happens when the physicians in these offices begin getting medical selfies snapped on the cameras built into their patients’ smartphones. Then add the network nodes of specialists to whom these patients will be referred, each requiring those selfies, showing in megabytes of detail everything from abrasions to compound fractures and beyond.

Literally anything that can be photographed will. And it ain’t going to be pretty — not the images, nor the risk these images pose from hackers.

Not only might the newly opened networks nodes present an opportunity for hackers, so might the IP nodes of the patients who send pictures to their physicians. Together they will radically increase the cyberattack surface of healthcare IT.

And there’s more. Consider the impact of adding to these networks the nodes needed to connect AI applications.

While only a few dozen AI algorithms may have been cleared so far by the FDA, this could change very quickly. Rising off-shore from the medical mainstream is a tsunami of AI apps. Hundreds may be in design or testing right now. Some prioritize radiologists’ worklists. Others define and calculate suspicious structures (like pulmonary nodules). And each will require a unique node on a network.

And this covers just the apps in radiology. Remember that the operative word of enterprise imaging is “enterprise.”

 

How “Ease of Use" May Increase Hackability

Talk to the IT vendors dedicated to building the IT backbones for these networks. You will learn that they are committed to building networks that are easy to use. And how are they going to do it? By constructing standard interfaces, ones based on standards for interoperability, standards that by their very nature are publicly known.

Could hackers ask for more?

The time to do something about cybersecurity is now. And there is plenty that can be done. But no matter what or how much is done, the threat will always be there.

It is the yin to HIT’s yang — the nightmare that accompanies the promise of nirvana.

 

Related content:

What is Next in Healthcare IT?

6 Key Health Information Technology Trends at HIMSS 2019

Additional coverage and videos from HIMSS19

Related Content

To get more flexibility and cost savings from storage, healthcare organizations are increasing their investments in the cloud
Feature | Information Technology | September 15, 2021 | By Kumar Goswami
Healthcare organizations today are storing petabytes of medical imaging data — lab slides,...
Revenues for teleradiology reading service providers are forecast to follow a similar profile over this period.

Outlook for 2021 and Beyond. As displayed in the figure below, these six market drivers are projected to result in teleradiology reading service volumes increasing by 21% in 2021 and nearly doubling by 2025. Revenues for teleradiology reading service providers are forecast to follow a similar profile over this period.

Feature | Teleradiology | September 15, 2021 | By Arun Gill
The closely tied relationship between...
Cloud services have been utilized within healthcare organizations for more than a decade. Now with the growth of artificial intelligence (AI) it is very common to see organizations adopting cloud services.

Getty Images

Feature | Information Technology | September 14, 2021 | By Jef Williams
Figure 1: MWT Schematic of a typical setup for detecting malignant tissues/tumors.

Figure 1: MWT Schematic of a typical setup for detecting malignant tissues/tumors.

Feature | Radiology Imaging | September 14, 2021 | By Brendon McHugh
This certification, which covers Agfa HealthCare’s Class IIa Enterprise Imaging and XERO Viewer solutions, ensures that Agfa HealthCare can continue to deliver to customers innovative solutions that meet their real challenges and address their needs and requirements.
News | Enterprise Imaging | September 09, 2021
September 9, 2021 — Agfa HealthCare is proud to be one of the first companies to receive the new European Medical Dev
Insignia Medical Systems, a leading UK-based enterprise imaging provider, announced it has been acquired by Intelerad Medical Systems, a global leader in medical image management solutions. The deal signals an important step in expanding next-generation imaging solutions and resources to help modernise hospital trusts across the UK. 

Getty Images

News | Radiology Business | September 08, 2021
September 8, 2021 — Insignia Medical Systems, a leadi
Videos | Enterprise Imaging | September 03, 2021
ITN Editor Dave Fornell collected numerous examples of how...
Canon's Vitrea PACS enterprise imaging system was one of several systems demonstrated at HIMSS 2021 that had easily modified hanging protocols. This included ease of use to customize what each radiologists prefers, including slice thickness. #HIMSS #HIMSS21

Canon's Vitrea PACS enterprise imaging system was one of several systems demonstrated at HIMSS 2021 that had easily modified hanging protocols. This included ease of use to customize what each radiologists prefers, including slice thickness. Photo by Dave Fornell

Feature | Enterprise Imaging | September 02, 2021
Taking advantage of new technology advances, several ...
The researchers say there is currently a lack of good quality evidence to support a policy of replacing human radiologists with artificial intelligence (AI) technology when screening for breast cancer.

Getty Images

News | Artificial Intelligence | September 02, 2021
September 2, 2021 — Humans still seem to be better than technology when it comes to the accuracy of spotting possible