● Consumerization of healthcare
As a related trend, we are witnessing an increase in the use of consumer and personal health devices as they have demonstrated their usefulness in areas like cross-population health trend surveillance, or continual collection and monitoring of vital signs. Novel devices or use cases, as well as new collaborations and corporations, are emerging, offering new ideas on how to use and make medical sense out of the ubiquity of information we can now collect. As new players are entering the healthcare space, they will not only offer new approaches but will also bring with them a more mature approach to security - yet will also raise questions about data usage and privacy. This will alter the playing field, establish a higher bar on security, while also challenging the regulatory status quo.

● Improved surge preparedness
One of the challenges of the COVID-19 pandemic is the need to scale up our healthcare systems’ capacity to address the rapid surge in cases, including staffing, facilities, IT infrastructure, and equipment. We should assume that as a lesson learned will lead to an increased stockpile of critical equipment, including medical devices and IT systems, that can be deployed rapidly in case of future crises. Although not obvious, this will have significant cybersecurity implications.
First, any stockpiled and software-based medical devices will need to maintain their security posture. Since neither maintaining cybersecurity of systems in storage (e.g., via patching) nor updating devices in case of emergency need and rapid deployment is practical and would be reliable, we need to think of a proactive approach to cybersecurity.
Secondly, we need to track and monitor (from a functional and security perspective) devices once they get deployed in the field and put in use.

● Protecting intellectual property
One unique challenge pharmaceutical companies and researchers have been facing is the need to protect their intellectual property as it relates to COVID-19 treatment and vaccines. We have seen evidence of both, the theft of sensitive research data (presumably by nation states to advance their own capabilities) as well as the malicious disruption of critical research and institutions with the goal to hamper or slow down the battle against the virus. Pharma and biotech companies will need to take a risk-based approach to understand where they should be spending their security budgets.

The healthcare industry is uniquely challenged compared to other industries. For example, if an ATM card is exploited, it has different consequences than if an insulin pump is hacked. Yet, other industries are further in their cybersecurity maturity, such as financial services which began developing cyber defense capabilities and processes long ago. However, we also need to recognize that healthcare IT infrastructure is unique in its complexity with a mix of different devices and technology generations, as well as its life-critical nature and specific care delivery needs.

Health IT Homepage