In this article we look at the boom in digital health technologies and the consequent rise in patient data that is collected by the industry. We consider the extent to which cyber security awareness has kept pace with the rate of growth in the sector and outline the resultant cyber security issues that investors will need to think about when entering the digital health market.
Healthcare as we know it is undergoing a step change. The uptake of mHealth apps and other digital health technologies on the market have led to an explosive rate of adoption by healthcare organisations and consumers of Internet of Things ('IoT') devices, cloud-based services and Big Data analytics. This promises to transform and disrupt how consumers access medical services and receive (and take responsibility for) personalised, bespoke healthcare. This healthcare revolution has also vastly expanded the categories and volumes of data being collected from patients by the industry. These data, and their consequent socio-medical applications, promise very real opportunities for consumers to receive personalised, real-time healthcare services that could materially reduce the cost of treating chronic and lifestyle diseases and their medical complications.
Those data are, however, a glittering prize for cyber criminals, not least because the pace of change in cyber security awareness has not kept pace with the rate of growth of data ingestion in the digital health sector. Despite the pressing need for effective defences against cyber security breaches, many digital health devices and businesses are not sufficiently well-equipped to withstand the tide of attacks on the horizon. This is, in part, because the digital health charge is not being led by large, established organisations well-versed in risk and regulation. Instead, the vanguard is made up of start-ups, who may for one reason or another prioritise other matters, such as ensuring their product's medical performance and patient safety, and/or accelerating their time-to-market, over investing in proofing their product and business against cyber crime. This approach is in part reflected in much of the regulation that governs medical devices, which focuses largely on patient health, rather than on the prevention, and remediation, of cyber security breaches.
In belated acknowledgment of this oversight, the EU has introduced a raft of new regulation over the past year. It is undeniable that the regulatory burden on companies engaged in the digital health sector has increased and will continue to do so. In this respect, while the development and implementation of safeguards have lagged behind the pace of development in the digital health sector, the consequences for businesses that fail to maintain their cyber security defences have not; a cyber security breach can be the catalyst for potentially crippling fines, unwelcome litigation and, ultimately, reputational meltdown.
Robert Allen, Paolo Caldato and David Fitzpatrick consider some of the resultant cyber security issues about which investors thinking of entering the digital health market need to know.
Click here to read the full article
Click here to read a similar article - Cybersecurity and Digital Health: Diabolus ex Machina?
This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.