Future-Proofing the Security of Medicine

One of the central themes in any analysis of the progress of humans’ technological prowess is compromise. Economist Thomas Sowell said, “There are no solutions. There are only tradeoffs.”

Take healthcare, for example.

We see an awesome new future where there’s less friction, fewer obstacles, and more changes to disseminate help to more people. But we’re also realists. The more we decentralize medicine, the more risks we have to address. The quality of care through a Zoom appointment is harder to maintain than an in-office visit. The convenience of digitally stored medical records means bigger potential security breaches to shore up.

The gains will grow exponentially, but so will the losses. So how do we mitigate them?

Locked Out

Last week, multinational clinical trial software company eResearchTechnology reported a ransomware attack. The attack locked employees out of their database, vastly slowing the pace of their current trials.

Which happen to be for COVID-19 vaccines. The company said clinical trial patients were never at risk, but the attack did force trial researchers to track patients by hand, on paper. And that’s significantly slower. ERT has clients like IQVIA, the contract research organization helping manage AstraZeneca's COVID vaccine trial, and Bristol Myers Squibb, who’s leading a consortium of companies to develop a quick test for coronavirus. A lot is at stake.

They’re not alone. Over the last 18 months, there has been a vast increase in numbers of ransomware attacks, and 700 healthcare providers in the U.S. had cyberattacks in 2019.

Scaling Security

The truth is, most people (even some trained security people) can be tricked by skillfully written ransomware. And when you’re trying to secure thousands of devices, it’s very hard to ensure that no one clicks the wrong link.

“The ability for companies to quickly withstand this kind of attack is completely dependent on how good your IT is to begin with,” said former FDA chief information officer Eric Perakslis.

The challenges for IT staff are one reason a lot of firms are going with scalable, serverless solutions like S3 and Lambda. If you just take a cloud server from a provider, you also need to do some work to secure it. However, if you’re using something like Lambda, Amazon is the one managing security.

The move to cloud computing can help a lot of these big server operations, because the scale makes it cheaper for Amazon to run these servers than any company could run them locally.
And, scale can be a great advantage in security.

Future Friction

This is a topic we care very much about, because we work with some of the biggest health sciences companies in the world. Our work is laser-focused on keeping clinical trials secure. And so, we see such amazing benefits in decentralized trials, both to patients and researchers, and we are genuinely excited. But big headline hacks like this threaten researchers’ sense of safety.

What if everyone decides to give up and go back to paper?

Think about it. Why do fax machines still exist? Because some legal departments will want something proven, on paper, with zero risk of being rejected.

So, ensuring security in a world of ones and zeroes is about more than the security of the files; it’s about the sense of safety people have in a world where technology shifts the way we work every day.

Back in 2013, Ben Thompson did a great piece on how digital advances vastly reduce friction, but how that friction also slows down bad things.

Change is guaranteed, but the type of change is not; never is that more true than today. See, friction makes everything harder, both the good we can do, but also the unimaginably terrible. In our zeal to reduce friction and our eagerness to celebrate the good, we ought not lose sight of the potential bad.

These changes, so fraught with benefit and danger, are a part of our world, and with the pandemic accelerating long-term trends, especially in medicine, we have to think about them.

We can’t just use fax machines forever.

#cloud #healthcare #IT #security