Health Tech

Health Care Organizations Must Prioritize Cybersecurity Before Undergoing Digital Transformation


The health care industry is rapidly embracing new technologies. Covid-19 changed the way many industries operate, and healthcare is one industry that was particularly affected by the pandemic. Many health care organizations were already undergoing digital transformations, but Covid exponentially sped up those processes. Health care providers and health-tech companies were forced to adapt to the new normal and change the way they operate. Here are 3 major ways health care has changed in recent times. 

1. Increased popularity of telehealth services:

Covid made telehealth appointments a necessity, but even in a post-Covid world virtual visits are likely to remain a core component of modern healthcare. According to McKinsey, telehealth utilization was 78 times higher in April 2020 than in February 2020. It remained nearly 40 times as popular in 2021 as compared to pre-pandemic levels. 

Research shows that both patients and physicians are fans of telehealth. Many patients prefer the convenience of being able to speak to their doctor from home and physicians feel that offering telemedicine allows them to operate more efficiently. Phone and video-based medical appointments became mainstream in 2020, and they are unlikely to go away anytime soon. 

2. More wearable medical devices with connected ecosystems:

The number of wearable medical devices in use has skyrocketed over the past 5 years. The wearable medical device market is expected to reach $23 million in 2023, a major increase from $8 million in 2017. Gadgets like heart rate sensors, oxygen meters, and exercise trackers are all becoming increasingly popular. Many popular consumer products such as cell phones and smartwatches ship with built-in medical tracking technology.

 Health care devices are more connected than before. It’s extremely common for a consumer’s smartwatch to share data with their cell phone which will then transmit it to a healthcare app. Health tracking applications and digital food logs have seen growing adoption in the 2020s. The barriers between different aspects of healthcare are being removed and more information is being shared than in the past.

3. The emergence of artificial intelligence and machine learning in healthcare: 

Predictive analytics is one of the hottest trends in health care right now. Machine learning and artificial intelligence software can analyze billions of data points to predict and pre-empt potential health care issues. In addition to reducing manual work for individuals, this type of software is often better than humans at detecting things like cancer or heart disease before they are major problems. Predictive analytics enables organizations to begin treating patients earlier, leading to better health care outcomes while reducing costs.

Over 80% of health care organizations had an AI strategy in 2020, a major increase from only a few years before then. Machine learning and artificial intelligence reduce patient readmission and make medical decisions more accurate. From an economic standpoint, integrating machine learning and artificial intelligence into health care is almost a necessity.  

These transformations introduce new risks to an already vulnerable industry. While digital transformations enable organizations to operate more efficiently, they also introduce additional sources of risks. Some examples:

  • Telehealth appointments can be vulnerable to Zoom-bombing where an unauthorized individual may snoop on your personal medical conversation with a doctor.
  • Wearable devices and connected ecosystems collect and share more data than ever before.
  • Devices that store and send health information must protect data at rest and in transit. Each interconnected device is another potential point of entry for hackers.
  • Artificial intelligence and machine learning require analyzing millions of data points. Predictive analytics are great at finding issues before they emerge, but have their own set of privacy concerns if data is not properly de-identified.

Although taking on these risks for the ability to offer better services is a key part of innovation, the health care industry is particularly susceptible to hackers and data breaches.

The health care industry is not secure. Although cybersecurity is an increasingly important issue across every sector, health care has a larger cybersecurity problem than most industries. Health care breaches reached an all-time high in 2021. Over 45 million Americans’ private health information (PHI) was impacted by breaches last year according to a report from Critical Insight. That was a 35% increase from 2020. Health data is the most valuable type of data on the dark web, and the healthcare industry has averaged the highest cost per data breach for 11 consecutive years! 

One would think health care organizations would prioritize security given the sensitive nature of their data and the rate at which they are attacked, but that is not the case. 42% of health care organizations do not have incident response plans in the case of a breach or ransomware attack. Many organizations do not have risk mitigation strategies for wearable medical devices. Perhaps most damning of all, many companies don’t even train their employees. 

A whopping one in four health care workers are not offered security awareness training at their workplace. This means that nearly a quarter of the people handling private medical data are not trained on best cybersecurity practices. Cybersecurity training is a mandatory component of HIPAA compliance since it is an administrative control under the HIPAA Security Rule. Training employees is one of the best ways to prevent data breaches, so it’s shocking that many health care companies don’t offer it. This lack of training is arguably the largest vulnerability affecting healthcare in 2022. 

Companies must slow down or reverse digital transformations until they make security their leading priority. This is the controversial part of our opinion. Suggesting that any companies, especially health care organizations, reverse or slow down digital transformation is akin to requesting they operate in the stone age. Digital transformations are here to stay and accelerating, but companies that do not put security first will pay the price down the line.

The idea that everything high-tech is safer is not true anymore. Paper records and in-person conversations are less susceptible to being disclosed to an unauthorized party. We’re not saying that companies should eschew EHRs in favor of paper records or to stop telehealth appointments, but merely that it may be safer to use a low-tech approach if a company does not have proper security in place. Creating, storing, or transmitting the least amount of digital data possible ensures risk profiles are as small as they can be.

At the bare minimum, every health care organization should ensure all of its employees are properly trained on HIPAA privacy and security awareness. Every untrained individual represents an additional source of risk and should be provided the knowledge to protect themselves and their organization. We saw that current market offerings for security awareness training are insufficient, particularly for remote and hybrid companies using lots of SaaS apps in 2022. To remedy that issue we decided to write our own security awareness training and made it free of charge for everyone to make healthcare a safer place.

Every company that is considering adopting new technology should ask themselves what risks it introduces. Staying stagnant in an evolving market is a risk in itself, but nowhere near as devastating as violating government regulations or losing customer trust due to a breach. Security should be the first, second, and third priority for any health care organization looking to undergo digital transformation.

 Travis Good is CEO of Haekka. You can contact him for advice here.