Cybersecurity in the time of COVID-19
The age of COVID-19 is now established as one of those totemic moments in this digital age.
Digital transformation is key
Paradoxically, largely because the rapid spread of this pandemic where it is present in every country other than Antarctica (to date), mimics the new connected world and is a product of the digital and technological revolution that has transformed the way we live.
The contrast with the Spanish flu which occurred 98 years ago really demonstrates this. Whilst in 1918, there was little in the way of lockdown and mitigation, at least countries had time to prepare. What has happened to us in a matter of weeks took a year to play out in 1918.
The other paradox is that although the world has obviously changed, the health systems have changed far less than the ecosystems they inhabit, and analogue responses based on bricks and mortar visits are all too often still being deployed. Health and care systems are, however, having to adopt to this new world and suddenly different modalities from face-to-face consultations and the office visit are becoming the mainstream, not the exception.
This is to be welcomed as this transition is long overdue. The speed of this sudden change has caught many people and systems by surprise as in some cases there have been deployments without due regard around governance and interoperability within the existing EMRs. These are significant issues and no doubt all systems are working hard to ensure these deficiencies are remedied. The other issue which is now acknowledged to be a significant problem is cybersecurity.
Challenges with security during the coronavirus pandemic
Cybersecurity always has been one of the most important pillars in digital transformation, but its importance is heightened considerably in a pandemic. Reports from Europe, the far-east and north America have all highlighted the importance of managing this even more than usual in a pandemic.
This is really not surprising. The challenges of protecting a remote workforce when deploying solutions around virtual consultations is reported extensively. The differences now are of course that modern health and care requires a variety of interventions from different players in different places and cloud-based solutions, but also that the remote workforce has now increased from the 5% enthusiasts to the 95% mainstream users.
These users can be very digitally naïve, having little knowledge of cyber-hygiene and of how to keep themselves safe. To exacerbate an already difficult situation, patients are also involved and engaged in these consultations and a variety of systems and modalities are being deployed often with great speed, that makes training and education more challenging.
So what can one do to manage this situation better?
- Think cybersecurity as systems are deployed and new solutions developed. It is inevitable in such a rapidly developing landscape that there is going to be the need to be agile. Cloud-based solutions are beneficial in these cases as they offer better solutions than piecemeal systems cobbled together.
- Communicate constantly with your users. They are all under significant stress, as are all IT managers. However basic hygiene around password administration, multi-factor identification, identity management and device security settings still need to be maintained.
- Education and training for users, specifically the digitally naïve and digitally resistant need to be addressed. At HIMSS we have developed a suite of products specifically aimed at these groups of clinicians. They have been developed by digitally agnostic clinicians specifically for these purposes.
- Manage your IT workforce with care. They will be pushed in a variety of directions and inevitably also be somewhat denuded either directly because of the pandemic or else because they were exposed to someone who is affected. Many jurisdictions divided this scarce resource into two groups to ensure they had some inbuilt redundancy.
Finally, try to maintain a positive outlook, which can of course be really difficult during these testing times. The final paradox is that COVID-19 may have wholly inadvertently delivered the digital transformation we have been talking about for a few years.
The debate is no longer about if or when, and this is of course very welcome.