Kaspersky study: More than a third of European healthcare service providers (36 percent) confirm that their medical staff do not know exactly how patient data is protected. Almost a quarter of patient data at telemedicine sessions is compromised. 36 percent of the workforce uses apps that are not specifically designed for telemedicine.
As a global Kaspersky study shows, 24 percent of European healthcare providers have already experienced cases in which personal patient data has been compromised by their employees during remote diagnostics. Additionally, almost over a third of providers (36 percent) believe their healthcare workers are unsure about how patient data should be protected. Nevertheless, 53 percent of them think it is important for the healthcare sector to collect even more personal information in order to drive the development of the industry.
Healthcare sector collects a lot of personal information
Data breaches are not always due to external actors. Oftentimes, sensitive information can also be compromised by internal personnel. Medical institutions collect, process and share a wealth of sensitive data and as such must pay close attention to the security of the information they receive. As the increasing transition to digital healthcare has further increased the responsibility of medical providers, Kaspersky surveyed healthcare decision makers worldwide to analyze insights into current security challenges related to telemedicine and find ways to solve them.
67 percent conduct special security training courses
The study shows that only 26 percent of healthcare providers in Europe are confident that the majority of their medical consultants know how to protect their patients' data when providing remote treatment. 67 percent of European healthcare facilities conduct special training courses on IT security awareness. These numbers can be taken as an indicator that many of the cybersecurity training courses conducted do not have the realism required to provide medical staff with the cybersecurity skills they need. To do this, the focus would also have to be on use cases that best reflect everyday medical life and the associated digital dangers.
Use of inadequate technology for telemedicine sessions
Over a third of European respondents (36%) admitted that their medical staff sometimes offer remote sessions using apps not specifically designed for telemedicine – such as FaceTime, Facebook Messenger, WhatsApp or Zoom. However, using non-specialist apps in the healthcare field comes with a risk, as Dr. Peter Zeggel, Managing Director of arztkonsultation.de, Germany's leading telemedicine provider, emphasizes: "Telemedical applications are specially designed and certified for the protection of sensitive personal data. Anyone who bypasses this high level of protection risks losing trust, legal consequences and high fines. Those using illicit tools could also be violating telemedicine billing regulations and missing out on features like patient record integration or secure vital signs sharing.”
Medical staff are aware of the risk
Medical professionals believe that data collection is one of the most important aspects in the development of medical technology - despite the well-known difficulties with data security. More than half of those surveyed (53 percent) in Europe stated in the Kaspersky study that the industry needs to collect more personal data than it currently has in order to enrich the artificial intelligence (AI) used for this purpose with information and a reliable diagnosis to guarantee. This means healthcare providers need to step up their cybersecurity measures to prepare for a new era of digital medicine.
“To accelerate the development of digital health services, we must carefully curate, manage and control sensitive patient data,” emphasizes Professor Chengyi Lin, Affiliate Professor of Strategy at INSEAD Business School and a leading expert on digital transformation. “This information is also valuable for individuals and the healthcare system to optimize outcomes and reduce costs. We have already identified very promising results in using Big Data to better design clinical trials and reduce time and costs. It is important to use modern technologies to ensure data protection on the one hand and to fully exploit the advantages on the other. This requires, for example, additional data protection measures to facilitate the introduction of AI.”
AI could facilitate data protection measures
"The more complex and critical a technology is, the more awareness it requires from the people who work with it," comments Christian Milde, Managing Director Central Europe at Kaspersky. “This is particularly important for the healthcare industry as it enters the new digital phase and is increasingly faced with privacy and security issues. But it's not just about raising awareness. For safety training to be effective, it should not only provide up-to-date information, but also inspire and motivate people to behave safely and vigilantly in practice.
To mitigate the risk of internally-caused incidents and create new perspectives for the industry, healthcare organizations should align their cybersecurity policies with today's needs. This includes clear guidelines for the use of external services and resources, a well thought-out access strategy for corporate data, and solid password security. All of these measures must be put into practice and supplemented by comprehensive safety training,” says Christian Milde.
Kaspersky provides the Healthcare Report 2021 online as a PDF.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/