Balancing Digital Transformation With Healthcare Cybersecurity

December 06, 2022 - BOSTON, Mass.

As organizations continue to digitally transform their ecosystems to enable new operations and care delivery models, healthcare cybersecurity concerns must remain top-of-mind.

During a December 6 keynote presentation at the HIMSS Healthcare Cybersecurity Forum, held in Boston, Forrester experts Alla Valente and Kara Wilson presented several trends that have the potential to disrupt healthcare security and privacy. Valente and Wilson also offered key recommendations for how healthcare organizations can take action today to mitigate risk.

The Dual Reality of Healthcare

“Healthcare exists in two states simultaneously,” Valente, a senior analyst at Forrester who specializes in governance, risk, and compliance, suggested to the audience. “The first state is transformative, advanced, and disruptive.”

The COVID-19 pandemic highlighted this state of healthcare. Scientists were able to develop the COVID-19 vaccine was developed in a matter of months, with the help of data analytics and global cooperation. In addition, healthcare organizations were able to quickly pivot and implement telehealth solutions to maintain patient care amid a global crisis.

“But we know that from a process and operations perspective, there has not been that same type of change to support the transformation that is happening,” Valente stated, referencing another reality of healthcare, in which security and privacy are not keeping pace with innovation.

“Once you unlock innovation, there’s no putting the progress genie back in the bottle,” added Wilson, a researcher who focuses on healthcare trends and patient experience.

Valente and Wilson suggested that the forced accelerated digitization of healthcare, brought on by the pandemic, transformed the industry for good. For example, many patients may now prefer telehealth over in-person care, especially when it comes to mental health and primary care services.

Changing consumer demands warrant changing business practices and care delivery methods, but they also require new approaches and considerations for healthcare security and privacy.

Recommendations For Healthcare Organizations

“Recognize that compliance is your floor,” Wilson recommended. It is not your ceiling.”

Essentially, the experts suggested that an organization can meet all the minimum requirements under HIPAA and other regulations on paper, but still could be at risk. As the digital healthcare ecosystem continues to grow, organizations must go beyond just compliance.

Next, Valente urged organizations not to “let systemic risks become your blind spot.” In other words, organizations should consider impending external risk factors, such as the speed of innovation, economic uncertainty, and climate change, and make plans for tackling the risks associated with those developments.

“You have to think about not only the risks that are within your organization's control, but you also have to look at what are those larger global systemic forces,” Valente said.

In addition to accounting for systemic risks, the Valente and Wilson advised the audience to cast a wider net for security training and awareness, especially as more employees work remotely. Organizations should not underestimate the immense value of security training, or overestimate the workforce’s tech-savviness, the presenters noted.

Lastly, Valente emphasized the threat of third-party risk and encouraged healthcare organizations to enhance their third-party risk management practices, which will boost the organization’s own cyber resiliency.

As innovation continues, healthcare cybersecurity experts must continue to adapt and account for emerging areas of cyber risk.