30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

As we close out the year, we asked several healthcare executives to share their predictions and trends for 2021.

30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Kimberly Powell, Vice President & General Manager, NVIDIA Healthcare

Federated Learning: The clinical community will increase their use of federated learning approaches to build robust AI models across various institutions, geographies, patient demographics, and medical scanners. The sensitivity and selectivity of these models are outperforming AI models built at a single institution, even when there is copious data to train with. As an added bonus, researchers can collaborate on AI model creation without sharing confidential patient information. Federated learning is also beneficial for building AI models for areas where data is scarce, such as for pediatrics and rare diseases.

AI-Driven Drug Discovery: The COVID-19 pandemic has put a spotlight on drug discovery, which encompasses microscopic viewing of molecules and proteins, sorting through millions of chemical structures, in-silico methods for screening, protein-ligand interactions, genomic analysis, and assimilating data from structured and unstructured sources. Drug development typically takes over 10 years, however, in the wake of COVID, pharmaceutical companies, biotechs, and researchers realize that acceleration of traditional methods is paramount. Newly created AI-powered discovery labs with GPU-accelerated instruments and AI models will expedite time to insight — creating a computing time machine.

Smart Hospitals: The need for smart hospitals has never been more urgent. Similar to the experience at home, smart speakers and smart cameras help automate and inform activities. The technology, when used in hospitals, will help scale the work of nurses on the front lines, increase operational efficiency, and provide virtual patient monitoring to predict and prevent adverse patient events. 


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Omri Shor, CEO of Medisafe

Healthcare policy: Expect to see more moves on prescription drug prices, either through a collaborative effort among pharma groups or through importation efforts. Pre-existing conditions will still be covered for the 135 million Americans with pre-existing conditions.

The Biden administration has made this a central element of this platform, so coverage will remain for those covered under ACA. Look for expansion or revisions of the current ACA to be proposed, but stalled in Congress, so existing law will remain largely unchanged. Early feedback indicates the Supreme Court is unlikely to strike down the law entirely, providing relief to many during a pandemic.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Brent D. Lang, Chairman & Chief Executive Officer, Vocera Communications

The safety and well-being of healthcare workers will be a top priority in 2021. While there are promising headlines about coronavirus vaccines, we can be sure that nurses, doctors, and other care team members will still be on the frontlines fighting COVID-19 for many more months. We must focus on protecting and connecting these essential workers now and beyond the pandemic.

Modernized PPE Standards
Clinicians should not risk contamination to communicate with colleagues. Yet, this simple act can be risky without the right tools. To minimize exposure to infectious diseases, more hospitals will rethink personal protective equipment (PPE) and modernize standards to include hands-free communication technology. In addition to protecting people, hands-free communication can save valuable time and resources. Every time a nurse must leave an isolation room to answer a call, ask a question, or get supplies, he or she must remove PPE and don a fresh set to re-enter. With voice-controlled devices worn under PPE, the nurse can communicate without disrupting care or leaving the patient’s bedside.

Improved Capacity

Voice-controlled solutions can also help new or reassigned care team members who are unfamiliar with personnel, processes, or the location of supplies. Instead of worrying about knowing names or numbers, they can use simple voice commands to connect to the right person, group, or information quickly and safely. In addition to simplifying clinical workflows, an intelligent communication system can streamline operational efficiencies, improve triage and throughput, and increase capacity, which is all essential to hospitals seeking ways to recover from 2020 losses and accelerate growth.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Michael Byczkowski, Global Vice President, Head of Healthcare Industry at SAP,

New, targeted healthcare networks will collaborate and innovate to improve patient outcomes.

We will see many more touchpoints between different entities ranging from healthcare providers and life sciences companies to technology providers and other suppliers, fostering a sense of community within the healthcare industry. More organizations will collaborate based on existing data assets, perform analysis jointly, and begin adding innovative, data-driven software enhancements. With these networks positively influencing the efficacy of treatments while automatically managing adherence to local laws and regulations regarding data use and privacy, they are paving the way for software-defined healthcare.

Smart hospitals will create actionable insights for the entire organization out of existing data and information.

Medical records as well as operational data within a hospital will continue to be digitized and will be combined with experience data, third-party information, and data from non-traditional sources such as wearables and other Internet of Things devices. Hospitals that have embraced digital are leveraging their data to automate tasks and processes as well as enable decision support for their medical and administrative staff. In the near future, hospitals could add intelligence into their enterprise environments so they can use data to improve internal operations and reduce overhead.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Curt Medeiros, President and Chief Operating Officer of Ontrak

As health care costs continue to rise dramatically given the pandemic and its projected aftermath, I see a growing and critical sophistication in healthcare analytics taking root more broadly than ever before. Effective value-based care and network management depend on the ability of health plans and providers to understand what works, why, and where best to allocate resources to improve outcomes and lower costs. Tied to the need for better analytics, I see a tipping point approaching for finally achieving better data security and interoperability. Without the ability to securely share data, our industry is trying to solve the world’s health challenges with one hand tied behind our backs.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

G. Cameron Deemer, President, DrFirst

Like many business issues, the question of whether to use single-vendor solutions or a best-of-breed approach swings back and forth in the healthcare space over time. Looking forward, the pace of technology change is likely to swing the pendulum to a new model: systems that are supplemental to the existing core platform. As healthcare IT matures, it’s often not a question of ‘can my vendor provide this?’ but ‘can my vendor provide this in the way I need it to maximize my business processes and revenues?

This will be more clear with an example: An EHR may provide a medication history function, for instance, but does it include every source of medication history available? Does it provide a medication history that is easily understood and acted upon by the provider? Does it provide a medication history that works properly with all downstream functions in the EHR? When a provider first experiences medication history during a patient encounter, it seems like magic.

After a short time, the magic fades to irritation as the incompleteness of the solution becomes more obvious. Much of the newer healthcare technologies suffer this same incompleteness. Supplementing the underlying system’s capabilities with a strongly integrated third-party system is increasingly going to be the strategy of choice for providers.


Angie Franks, CEO of Central Logic

In 2021, we will see more health systems moving towards the goal of truly operating as one system of care. The pandemic has demonstrated in the starkest terms how crucial it is for health systems to have real-time visibility into available beds, providers, transport, and scarce resources such as ventilators and drugs, so patients with COVID-19 can receive the critical care they need without delay. The importance of fully aligning as a single integrated system that seamlessly shares data and resources with a centralized, real-time view of operations is a lesson that will resonate with many health systems.

Expect in 2021 for health systems to enhance their ability to orchestrate and navigate patient transitions across their facilities and through the continuum of care, including post-acute care. Ultimately, this efficient care access across all phases of care will help healthcare organizations regain revenue lost during the historic drop in elective care in 2020 due to COVID-19.

In addition to elevating revenue capture, improving system-wide orchestration and navigation will increase health systems’ bed availability and access for incoming patients, create more time for clinicians to operate at the top of their license, and reduce system leakage. This focus on creating an ‘operating as one’ mindset will not only help health systems recover from 2020 losses, it will foster sustainable and long-term growth in 2021 and well into the future.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

John Danaher, MD, President, Global Clinical Solutions, Elsevier

COVID-19 has brought renewed attention to healthcare inequities in the U.S., with the disproportionate impact on people of color and minority populations. It’s no secret that there are indicative factors, such as socioeconomic level, education and literacy levels, and physical environments, that influence a patient’s health status. Understanding these social determinants of health (SDOH) better and unlocking this data on a wider scale is critical to the future of medicine as it allows us to connect vulnerable populations with interventions and services that can help improve treatment decisions and health outcomes. In 2021, I expect the health informatics industry to take a larger interest in developing technologies that provide these kinds of in-depth population health insights.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Jay Desai, CEO and co-founder of PatientPing

2021 will see an acceleration of care coordination across the continuum fueled by the Centers for Medicare and Medicaid Services (CMS) Interoperability and Patient Access rule’s e-notifications Condition of Participation (CoP), which goes into effect on May 1, 2021. The CoP requires all hospitals, psych hospitals, and critical access hospitals that have a certified electronic medical record system to provide notification of admit, discharge, and transfer, at both the emergency room and the inpatient setting, to the patient’s care team. Due to silos, both inside and outside of a provider’s organization, providers miss opportunities to best treat their patients simply due to lack of information on patients and their care events.

This especially impacts the most vulnerable patients, those that suffer from chronic conditions, comorbidities or mental illness, or patients with health disparities due to economic disadvantage or racial inequity. COVID-19 exacerbated the impact on these vulnerable populations. To solve for this, healthcare providers and organizations will continue to assess their care coordination strategies and expand their patient data interoperability initiatives in 2021, including becoming compliant with the e-notifications Condition of Participation.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Kuldeep Singh Rajput, CEO and founder of Biofourmis

Driven by CMS’ Acute Hospital at Home program announced in November 2020, we will begin to see more health systems delivering hospital-level care in the comfort of the patient’s home–supported by technologies such as clinical-grade wearables, remote patient monitoring, and artificial intelligence-based predictive analytics and machine learning.

A randomized controlled trial by Brigham Health published in Annals of Internal Medicine earlier this year demonstrated that when compared with usual hospital care, Home Hospital programs can reduce rehospitalizations by 70% while decreasing costs by nearly 40%. Other advantages of home hospital programs include a reduction in hospital-based staffing needs, increased capacity for those patients who do need inpatient care, decreased exposure to COVID-19 and other viruses such as influenza for patients and healthcare professionals, and improved patient and family member experience.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Jake Pyles, CEO, CipherHealth

The disappearance of the hospital monopoly will give rise to a new loyalty push

Healthcare consumerism was on the rise ahead of the pandemic, but the explosion of telehealth in 2020 has effectively eliminated the geographical constraints that moored patient populations to their local hospitals and providers. The fallout has come in the form of widespread network leakage and lost revenue. By October, in fact, revenue for hospitals in the U.S. was down 9.2% year-over-year. Able to select providers from the comfort of home and with an ever-increasing amount of personal health data at their convenience through the growing use of consumer-grade wearable devices, patients are more incentivized in 2021 to choose the provider that works for them.

After the pandemic fades, we’ll see some retrenchment from telehealth, but it will remain a mainstream care delivery model for large swaths of the population. In fact, post-pandemic, we believe telehealth will standardize and constitute a full 30% to 40% of interactions.

That means that to compete, as well as to begin to recover lost revenue, hospitals need to go beyond offering the same virtual health convenience as their competitors – Livango and Teladoc should have been a shot across the bow for every health system in 2020. Moreover, hospitals need to become marketing organizations. Like any for-profit brand, hospitals need to devote significant resources to building loyalty but have traditionally eschewed many of the cutting-edge marketing techniques used in other industries. Engagement and personalization at every step of the patient journey will be core to those efforts.


Marc Probst, former Intermountain Health System CIO, Advisor for SR Health by Solutionreach

Healthcare will fix what it’s lacking most–communication.

Because every patient and their health is unique, when it comes to patient care, decisions need to be customized to their specific situation and environment, yet done in a timely fashion. In my two decades at one of the most innovative health systems in the U.S., communication, both across teams and with patients continuously has been less than optimal. I believe we will finally address both the interpersonal and interface communication issues that organizations have faced since the digitization of healthcare.”


Rich Miller, Chief Strategy Officer, Qgenda

2021 – The year of reforming healthcare: We’ve been looking at ways to ease healthcare burdens for patients for so long that we haven’t realized the onus we’ve put on providers in doing so. Adding to that burden, in 2020 we had to throw out all of our playbooks and become masters of being reactive. Now, it’s time to think through the lessons learned and think through how to be proactive. I believe provider-based data will allow us to reformulate our priorities and processes. By analyzing providers’ biggest pain points in real-time, we can evaporate the workflow and financial troubles that have been bothering organizations while also relieving providers of their biggest problems.”


Robert Hanscom, JD, Vice President of Risk Management and Analytics at Coverys

Data Becomes the Fix, Not the Headache for Healthcare

The past 10 years have been challenging for an already overextended healthcare workforce. Rising litigation costs, higher severity claims, and more stringent reimbursement mandates put pressure on the bottom line. Continued crises in combination with less-than-optimal interoperability and design of health information systems, physician burnout, and loss of patient trust, have put front-line clinicians and staff under tremendous pressure.

Looking to the future, it is critical to engage beyond the day to day to rise above the persistent risks that challenge safe, high-quality care on the frontline. The good news is healthcare leaders can take advantage of tools that are available to generate, package, and learn from data – and use them to motivate action.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Steve Betts, Chief of Operations and Products at Gray Matter Analytics

Analytics Divide Intensifies: Just like the digital divide is widening in society, the analytics divide will continue to intensify in healthcare. The role of data in healthcare has shifted rapidly, as the industry has wrestled with an unsustainable rate of increasing healthcare costs. The transition to value-based care means that it is now table stakes to effectively manage clinical quality measures, patient/member experience measures, provider performance measures, and much more. In 2021, as the volume of data increases and the intelligence of the models improves, the gap between the haves and have nots will significantly widen at an ever-increasing rate.

Substantial Investment in Predictive Solutions: The large health systems and payors will continue to invest tens of millions of dollars in 2021. This will go toward building predictive models to infuse intelligent “next best actions” into their workflows that will help them grow and manage the health of their patient/member populations more effectively than the small and mid-market players.


Jennifer Price, Executive Director of Data & Analytics at THREAD

The Rise of Home-based and Decentralized Clinical Trial Participation

In 2020, we saw a significant rise in home-based activities such as online shopping, virtual school classes and working from home. Out of necessity to continue important clinical research, home health services and decentralized technologies also moved into the home. In 2021, we expect to see this trend continue to accelerate, with participants receiving clinical trial treatments at home, home health care providers administering procedures and tests from the participant’s home, and telehealth virtual visits as a key approach for sites and participants to communicate. Hybrid decentralized studies that include a mix of on-site visits, home health appointments and telehealth virtual visits will become a standard option for a range of clinical trials across therapeutic areas. Technological advances and increased regulatory support will continue to enable the industry to move out of the clinic and into the home.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Doug Duskin, President of the Technology Division at Equality Health

Value-based care has been a watchword of the healthcare industry for many years now, but advancement into more sophisticated VBC models has been slower than anticipated. As we enter 2021, providers – particularly those in fee-for-service models who have struggled financially due to COVID-19 – and payers will accelerate this shift away from fee-for-service medicine and turn to technology that can facilitate and ease the transition to more risk-bearing contracts. Value-based care, which has proven to be a more stable and sustainable model throughout the pandemic, will seem much more appealing to providers that were once reluctant to enter into risk-bearing contracts. They will no longer be wondering if they should consider value-based contracting, but how best to engage.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Brian Robertson, CEO of VisiQuate

Continued digitization and integration of information assets: In 2021, this will lead to better performance outcomes and clearer, more measurable examples of “return on data, analytics, and automation.

Digitizing healthcare’s complex clinical, financial, and operational information assets: I believe that providers who are further in the digital transformation journey will make better use of their interconnected assets, and put the healthcare consumer in the center of that highly integrated universe. Healthcare consumer data will be studied, better analyzed, and better predicted to drive improved performance outcomes that benefit the patient both clinically and financially.

Some providers will have leapfrog moments: These transformations will be so significant that consumers will easily recognize that they are receiving higher value. Lower acuity telemedicine and other virtual care settings are great examples that lead to improved patient engagement, experience and satisfaction. Device connectedness and IoT will continue to mature, and better enable chronic disease management, wellness, and other healthy lifestyle habits for consumers.


Kermit S. Randa, CEO of Syntellis Performance Solutions

Healthcare CEOs and CFOs will partner closely with their CIOs on data governance and data distribution planning. With the massive impact of COVID-19 still very much in play in 2021, healthcare executives will need to make frequent data-driven – and often ad-hoc — decisions from more enterprise data streams than ever before. Syntellis research shows that healthcare executives are already laser-focused on cost reduction and optimization, with decreased attention to capital planning and strategic growth. In 2021, there will be a strong trend in healthcare organizations toward new initiatives, including clinical and quality analytics, operational budgeting, and reporting and analysis for decision support.


Dr. Calum Yacoubian, Associate Director of Healthcare Product & Strategy at Linguamatics

As payers and providers look to recover from the damage done by the pandemic, the ability to deliver value from data assets they already own will be key. The pandemic has displayed the siloed nature of healthcare data, and the difficulty in extracting vital information, particularly from unstructured data, that exists. Therefore, technologies and solutions that can normalize these data to deliver deeper and faster insights will be key to driving economic recovery. Adopting technologies such as natural language processing (NLP) will not only offer better population health management, ensuring the patients most in need are identified and triaged but will open new avenues to advance innovations in treatments and improve operational efficiencies.

Prior to the pandemic, there was already an increasing level of focus on the use of real-world data (RWD) to advance the discovery and development of new therapies and understand the efficacy of existing therapies. The disruption caused by COVID-19 has sharpened the focus on RWD as pharma looks to mitigate the effect of the virus on conventional trial recruitment and data collection. One such example of this is the use of secondary data collection from providers to build real-world cohorts which can serve as external comparator arms.

This convergence on seeking value from existing RWD potentially affords healthcare providers a powerful opportunity to engage in more clinical research and accelerate the work to develop life-saving therapies. By mobilizing the vast amount of data, they will offer pharmaceutical companies a mechanism to positively address some of the disruption caused by COVID-19. This movement is one strategy that is key to driving provider recovery in 2021.


Rose Higgins, Chief Executive Officer of HealthMyne

Precision imaging analytics technology, called radiomics, will increasingly be adopted and incorporated into drug development strategies and clinical trials management. These AI-powered analytics will enable drug developers to gain deeper insights from medical images than previously capable, driving accelerated therapy development, greater personalization of treatment, and the discovery of new biomarkers that will enhance clinical decision-making and treatment.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Dharmesh Godha, President and CTO of Advaiya

Greater adoption and creative implementation of remote healthcare will be the biggest trend for the year 2021, along with the continuous adoption of cloud-enabled digital technologies for increased workloads. Remote healthcare is a very open field. The possibilities to innovate in this area are huge. This is the time where we can see the beginning of the convergence of personal health aware IoT devices (smartwatches/ temp sensors/ BP monitors/etc.) with the advanced capabilities of the healthcare technologies available with the monitoring and intervention capabilities for the providers.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Simon Wu, Investment Director, Cathay Innovation

Healthcare Data Proves its Weight in Gold in 2021

Real-world evidence or routinely stored data from hospitals and claims, being leveraged by healthcare providers and biopharma companies along with those that can improve access to data will grow exponentially in the coming year. There are many trying to build in-house, but similar to autonomous technology, there will be a separate set of companies emerge in 2021 to provide regulated infrastructure and have their “AWS” moment.


Kyle Raffaniello, CEO of Sapphire Digital

2021 is a clear year for healthcare price transparency

Over the past year, healthcare price transparency has been a key topic for the Trump administration in an effort to lower healthcare costs for Americans. In recent months, COVID-19 has made the topic more important to patients than ever before. Starting in January, we can expect the incoming Biden administration to not only support the existing federal transparency regulations but also continue to push for more transparency and innovation within Medicare. I anticipate that healthcare price transparency will continue its momentum in 2021 as one of two Price Transparency rules takes effect and the Biden administration supports this movement.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Dennis McLaughlin VP of Omni Operations + Product at ibi

Social Determinants of Health Goes Mainstream: Understanding more about the patient and their personal environment has a hot topic the past two years. Providers and payers’ ability to inject this knowledge and insight into the clinical process has been limited. 2021 is the year it gets real. It’s not just about calling an uber anymore. The organizations that broadly factor SDOH into the servicing model especially with virtualized medicine expanding broadly will be able to more effectively reach vulnerable patients and maximize the effectiveness of care.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Joe Partlow, CTO at ReliaQuest

The biggest threat to personal privacy will be healthcare information: Researchers are rushing to pool resources and data sets to tackle the pandemic, but this new era of openness comes with concerns around privacy, ownership, and ethics. Now, you will be asked to share your medical status and contact information, not just with your doctors, but everywhere you go, from workplaces to gyms to restaurants. Your personal health information is being put in the hands of businesses that may not know how to safeguard it. In 2021, cybercriminals will capitalize on rapid U.S. telehealth adoption. Sharing this information will have major privacy implications that span beyond keeping medical data safe from cybercriminals to wider ethics issues and insurance implications.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Jimmy Nguyen, Founding President at Bitcoin Association

Blockchain solutions in the healthcare space will bring about massive improvements in two primary ways in 2021.

Firstly, blockchain applications will for the first time facilitate patients owning, managing, and even monetizing their personal health data. Today’s healthcare information systems are incredibly fragmented, with patient data from different sources – be they physicians, pharmacies, labs, or otherwise – kept in different silos, eliminating the ability to generate a holistic view of patient information and restricting healthcare providers from producing the best health outcomes.

Healthcare organizations are growing increasingly aware of the ways in which blockchain technology can be used to eliminate data silos, enable real-time access to patient information, and return control to patients for the use of their personal data – all in a highly-secure digital environment. 2021 will be the year that patient data goes blockchain.

Secondly, blockchain solutions can ensure more honesty and transparency in the development of pharmaceutical products. Clinical research data is often subject to questions of integrity or ‘hygiene’ if data is not properly recorded, or worse, is deliberately fabricated. Blockchain technology enables easy, auditable tracking of datasets generated by clinical researchers, benefitting government agencies tasked with approving drugs while producing better health outcomes for healthcare providers and patients. In 2021, I expect to see a rise in the use and uptake of applications that use public blockchain systems to incentivize greater honesty in clinical research.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Alex Lazarow, Investment Director, Cathay Innovation

The Future of US Healthcare is Transparent, Fair, Open and Consumer-Driven

In the last year, the pandemic put a spotlight on the major gaps in healthcare in the US, highlighting a broken system that is one of the most expensive and least distributed in the world. While we’ve already seen many boutique healthcare companies emerge to address issues around personalization, quality and convenience, the next few years will be focused on giving the power back to consumers, specifically with the rise of insurtechs, in fixing the transparency, affordability, and incentive issues that have plagued the private-based US healthcare system until now.


Lisa Romano, RN, Chief Nursing Officer, CipherHealth

Hospitals will need to counter the staff wellness fallout

The pandemic has placed unthinkable stress on frontline healthcare workers. Since it began, they’ve been working under conditions that are fundamentally more dangerous, with fewer resources, and in many cases under the heavy emotional burden of seeing several patients lose their battle with COVID-19. The fallout from that is already beginning – doctors and nurses are leaving the profession, or getting sick, or battling mental health struggles. Nursing programs are struggling to fill classes. As a new wave of the pandemic rolls across the country, that fallout will only increase. If they haven’t already, hospitals in 2021 will place new premiums upon staff wellness and staff health, tapping into the same type of outreach and purposeful rounding solutions they use to round on patients.


30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021

Kris Fitzgerald, CTO, NTT DATA Services

Quality metrics for health plans – like data that measures performance – was turned on its head in 2020 due to delayed procedures. In the coming year, we will see a lot of plans interpret these delayed procedures flexibly so they honor their plans without impacting providers. However, for so long, the payer’s use of data and the provider’s use of data has been disconnected. Moving forward the need for providers to have a more specific understanding of what drives the value and if the cost is reasonable for care from the payer perspective is paramount. Data will ensure that this collaboration will be enhanced and the concept of bundle payments and aligning incentives will be improved. As the data captured becomes even richer, it will help people plan and manage their care better. The addition of artificial intelligence (AI) to this data will also play a huge role in both dialog and negotiation when it comes to cost structure. This movement will lead to a spike in value-based care adoption


COVID-19 Exposed The True Vulnerability of Healthcare Infrastructure

How COVID-19 Exposed The True Vulnerability of Healthcare Infrastructure
Martyn Crew, Director of Solutions Marketing at Gigamon

In 2019, 41 million patient records breached in 572 reported incidents at an average cost of $1.8 million per breach. These statistics are far from surprising with healthcare records selling for a reported average of $45 on the dark web. Unfortunately, the year 2020 aggravated these issues as COVID-19 exposed the true vulnerability of the healthcare infrastructure. Organizations not only had to manage the medical and financial impacts of the pandemic but also the security risks inherent in the work-from-home (WFH) model and the increasingly sophisticated attacks of cybercriminals intent on exploiting these vulnerabilities. In this article, we’ll dive into some of these growing threats.

The Bare Minimum of EDR

Although most organizations have now provided WFH employees with secure computers using endpoint detection and response (EDR) solutions or mandated the use of virtual private networks (VPNs), this does not fully solve the security problem.

These solutions may protect the user and network from future attacks, but if network infiltration has already occurred, threats in the form of advanced persistent threats (APTs) may be lying dormant for weeks, months, or maybe even years, on an apparently secure network. To respond to these threats, a network detection and response (NDR) capability is required. This capability looks for activity or patterns of behavior from users or network servers that indicate attacks may be in progress may have taken place or may be developing.

Ideally, EDR and NDR need to be integrated and used together to provide end-to-end network visibility and security.

Exploited Fears

Cybercriminals and other bad actors were quick to exploit the COVID-19 pandemic with, for example, phishing attacks. These exploited the fears of healthcare consumers and healthcare workers who, in the early days of WFH, were often accessing corporate networks on secured mobile phones and personal computers from their home networks.

This led to a variety of security issues; for example, Mirai botnet–type attacks that exploited WFH practices to infect healthcare organizations’ networks or dropper-based attacks that loaded malware to steal users’ credentials and ultimately lead to ransomware attacks. While these attacks still continue, most healthcare organizations have taken the measures necessary to secure their networks and their patient and organizations’ data.

A Spike in State-Sponsored Attacks

Beyond threats from financially motivated cybercriminals looms the threat from highly sophisticated and well-resourced state-sponsored attackers. As widely reported in the media, there has been a spike in state-sponsored security attacks on lab and research facilities working on COVID-19 treatments. For example, the Wall Street Journal cited U.S. officials as suggesting that Chinese and Iranian hackers are targeting universities and pharmaceutical and other healthcare firms that are working to find a vaccine for COVID-19, in an attempt to disrupt this research and slow its development.

In addition to direct attacks on research institutions, software vendors that develop the tools used by these institutions are also at risk. Security is becoming a “supply chain” issue that touches not only all of the network users and assets but also all the precursors to these assets, including the network carriers and software vendors on which network users rely.

Lack of Trust

Who can you trust in this expanded threat environment? To take proper precautions, nobody. As healthcare consumers and the workforce want or need to operate on an “access anywhere, anytime” model, adopting what’s called a Zero Trust security architecture not only makes sense, it is close to an imperative for healthcare organizations.

Zero Trust means that, because the network is under constant attack from a huge array of external and internal threats, all users, devices, applications, and resources on the network must be treated as being hostile. These users and devices need to be rigorously and continuously authenticated, while patient, research, and other data and network assets need to be protected at a much granular level than traditional perimeter-based security models allow.

The Rise of IoMT Devices

Healthcare organizations must also find new, more cost-effective ways to deliver high-quality healthcare to their increasingly tech-savvy consumers – and the use of Internet of Medical Things (IoMT) devices is critical to this process. IoMT devices, ranging from simple telehealth and remote patient monitoring to surgical robots and augmented reality technologies, can reduce operating costs and increase the quality of patient care.

COVID-19 has accelerated the adoption of IoMT technology, a process that will further accelerate with the availability of 5G networks over the coming one to three years. Many of the simpler IoMT devices don’t support traditional security models, so their adoption poses significant new threats unless healthcare institutions act to enhance security by, for example, ensuring that their network detection and response tools are ready for this challenge.

Looking ahead, it’s clear that the world is evolving towards a new normal, which will pose more threats and concerns for the healthcare industry. Recognizing this and preparing for the threats discussed, will create a better game plan for what’s to come and allow for necessary growth within healthcare infrastructure. 


About Matyn Crew
Martyn Crew is Director of Solutions Marketing at Gigamon. He brings a 30-year background in all aspects of enterprise IT to his role where he focuses on a number of initiatives and products including Gigamon’s Application Visibility and Intelligence solutions.


How Hackers Are Targeting COVID-19 Vaccine Distribution Chain – Q/A

COVID-19 Vaccine Cyber Attacks

With the US and other major countries poised to begin national
distribution of multiple FDA-approved COVID-19 vaccines, the cybersecurity threats
to secure COVID19
vaccine distribution is imminent. Earlier this month, IBM released a report on malicious cyber actors targeting
the COVID-19 cold chain—an integral part of delivering and storing a vaccine at
safe temperatures.

Impersonating a biomedical company, cyber actors are sending phishing and spear-phishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have been posed as requests for quotations for participation in a vaccine program. In the report, IBM urges companies in the COVID-19 supply chain — from research of therapies, healthcare delivery to the distribution of a vaccine — to be vigilant and remain on high alert during this time

We recently sat down with Nigel Thorpe, Technical Director, SecureAge, an enterprise data security and encryption company to talk about the cybersecurity risks involved with COVID-19 vaccine distribution.

HITC: What type of information are hackers trying to
seize to disrupt the vaccine distribution process?

Thorpe: Hackers will try to obtain all the data they can muster, but specifically, they are looking for data around the distribution logistics together with details of the vaccine and its packaging. Using this they could attempt to replicate and profit from a counterfeit vaccine. In addition, cybercriminals are looking for all sorts of personal information about people involved in the vaccine distribution process, plus members of the public, so they can attempt identity theft and phishing attacks.

What are the dangers and implications if foreign actors
weaponize this information?

Thorpe: One of the biggest problems that already exist is an apprehensive public who is concerned with taking the vaccine because of fears that the approval process has been rushed and circumvented. These fears can be exploited by cybercriminals simply through the use of disinformation. In terms of cybersecurity, any attack on the distribution chain feeds into the fear of those already uncertain about the whole program.

In addition, bad actors could launch ransomware and spear-phishing attacks to get into the corporate network. Here, they can steal information concerning the “cold chain” and use this to build an illegal channel for counterfeit vaccine delivery. Not only would this result in unauthorized, unsafe vaccines being distributed but also reinforce fears of vaccines that many Americans already have. Any data, no matter how small or seemingly innocuous, could be used and exploited by cyber attackers.

How can health facilities remain protected?

Thorpe: The most important aspect is to ensure
that data is encrypted at all times so even if it is stolen, hackers won’t be
able to access this scrambled information. In addition, organizations should
make sure that unauthorized processes don’t run. This can be done by blocking
any application that attempts to execute, but which is not on an authorized
list. These measures will stop the problems of both phishing messages and data
theft – even by insiders.

What other information do you think hackers will target
in the future as we head into 2021?

Thorpe: Outside of exploiting the vaccine distribution network, hackers will attempt to capitalize on the continued remote working situation that is likely to last for most of 2021. Cybercriminals will try to exploit a situation where workers are not all using secure devices, resulting in data being stolen and exploited by bad actors.

In addition, we can expect combination attacks, where
something technical and something human will be combined in ways that the
confines and physical security of office spaces would have prevented. Notices
sent by mail to homes, phone calls, and possibly even personal visits by repair
technicians will be facilitated through stolen information and credentials
online, upping the ante of the scams and other illegal shenanigans.

7 Best Practices for Third-Party Risk Management in the Pharmaceutical Industry

7 Best Practices for Third-Party Risk Management in the Pharmaceutical Industry
Dr. Aleksandr Yampolskiy, CEO of SecurityScorecard,

The globalization of the pharmaceutical industry has forced pharma companies to outsource, increasing their reliance on third-party vendors and suppliers. As this supply chain grows in complexity, companies find themselves grappling with a growing amount of cyber risk. 

A data breach in the pharmaceutical industry can cost companies upwards of $5 million and costs can rise significantly if a third-party vendor or supplier is the cause of a data breach. For this reason, organizations must ensure the third-parties that exist within their supply chain remain secure. 

Challenges in the Pharmaceutical Supply Chain

There are innumerable logistical, compliance, and cost-related issues that organizations must consider as they add third-parties and vendors to their supply chain. 

From a logistics view, a growing number of touchpoints between production and consumers, shipments that require refrigeration, packaging coordination, and shipment delays related to third-parties all may increase risk. 

This risk is compounded by compliance-related issues. The highly-regulated pharmaceutical industry must comply with a number of healthcare-related regulations, like HIPAA, and must also be sure that their third-party suppliers abide by rules set by supply regulations like Good Distribution Practice (GDP). If these companies and their third-parties do not comply, the organization becomes subject to costly fines – which can range between $10 million and $1 billion depending on various factors. 

Pharmaceutical businesses must protect their organizations in this challenging risk environment by working to mitigate third-party cyber risk as they also work to limit their own. 

Why Third-Party Risk Management is Critical for Pharma 

Due to the high value of the intellectual property they house, pharmaceutical companies are subject to a high-level of cybercrime. In fact, according to a study conducted by Deloitte, the pharmaceutical industry has become the number one target of cybercriminals at a global level, especially in relation to IP theft.

For a pharma organization, data breaches can be devastating, costing companies grief over lost or stolen data and large sums of money to remedy any business hindrances caused by the breach. According to Ponemon’s Cost of a Data Breach report, data breaches cost pharmaceutical companies an average of $5.2 million. When a third-party supplier or vendor causes a breach, the average cost rises by $370,000

In order to protect drug production and patient well-being, the industry must take care to minimize its cyber risk, specifically when it comes to third-parties. 

Best Practices for Third-Party Risk Management in the Pharmaceutical Industry

It is crucial that pharmaceutical organizations work to limit the third-party risk that may stem from vendors and suppliers. Use the following seven best practices for developing your third-party risk management (TPRM) strategy: 

1. Identify Your Suppliers

Pharmaceutical companies have a large, outsourced supply chain and it is imperative to understand exactly who your suppliers are at all points on the chain. Cyber risk can stem from any size or type of vendor, so make sure to list each third-party you work with – from small vendors who may work with only one department, to large vendors who develop drug labels and bottle caps. 

2. Understand and Qualify Potential Cyber Risks

Each third-party has the potential to introduce numerous risks that must be identified at the start of your business relationship. Make note of the types of software, networks, devices, and data that each of your third-parties access. Then, develop a risk inventory and map them against a standardized risk taxonomy, estimate the likelihood and severity of each risk, and rank each third-party in order of potential risk.  

3. Determine a Risk Rating

Once each third-party has been analyzed from a risk-perspective, assign a risk rating to each. Risk ratings generally range from low to high, meaning high-risk vendors receive the most attention when prioritizing risk monitoring strategies and determining your risk appetite. 

4. Define Controls

It’s important to make sure that third-parties have the same level of risk tolerance as your organization. When developing a TPRM policy, you need to define the types of controls your third-parties should be using like encryption, regular security patching, and data segregation. If possible, these controls should be worked into your business contracts. 

5. Measure Third-Party Compliance 

After setting controls, you must set metrics to measure third-party compliance. These metrics may include time to risk detection, time to risk remediation, or time to risk recovery. Monitoring third-party compliance regularly requires a review of security questionnaires or self-audits provided by the third-party. 

6. Align with a Risk Management Framework

In order to properly manage third-party risk, pharmaceutical organizations must develop a third-party risk management framework. Common frameworks like NIST and ISO help to identify which third-party vendors pose the greatest risk and require an immediate response.  

7. Continuously Monitor Third-Parties

In order to ensure security, pharmaceutical companies must continuously monitor their third-party business partners. Many organizations incorporate platforms that can monitor ecosystem risk, providing real-time visibility into the complex IT risks associated with the rapidly expanding pharmaceutical attack surface.

Final Thoughts

The supply chain for the pharmaceutical industry is increasing in regulatory complexity, logistics, and costs. Globalization has expanded the threat landscape, leaving many companies forced to upgrade their risk-management capabilities. Now is the time to adopt the best practices highlighted above to protect drug IP and patient lives. 


About Dr. Aleksandr Yampolskiy, CEO of SecurityScorecard

Dr.Aleksandr Yampolskiy is a globally recognized cybersecurity innovator, leader, and expert. He is co-founder and chief executive officer of SecurityScorecard and strives to create a new language for cybersecurity by enabling people to work collaboratively across the enterprise and with external parties to build a more secure ecosystem. 

3 Telemedicine Security and Compliance Best Practices

3 Telemedicine Security and Compliance Best Practices
Gerry Miller, Founder & CEO at Cloudticity

The coronavirus pandemic accelerated telemedicine exponentially as patients and doctors switched from in-person visits to remote consultations. Health providers rapidly scaled virtual offerings in March and April and traffic volumes soared to unprecedented levels, with practices “seeing 50 to 175 times the number of patients by telehealth than before the outbreak,” according to McKinsey. By early August, the U.S. Department of Health and Human Services expanded the list of allowable telehealth services in Medicare and there was an executive order supporting permanent telehealth provisions for rural areas.

But the surge in telemedicine adoption comes with a host of cybersecurity risks and regulatory compliance requirements unique to the healthcare sector.

As telemedicine traffic increases, so does the volume of hacking attempts. Recent cybersecurity news indicates healthcare organizations are top targets for cyberattacks and “providers remain the most compromised segment of the healthcare sector, accounting for nearly 75 percent of reported breaches.” The consequences are chilling: “The average cost of a healthcare data breach is $7.13 million globally and $8.6 million in the United States.

Further, whenever patient information is involved, HIPAA compliance is required. While HHS temporarily suspended pursuing HIPAA penalties on providers for “good faith provision of telehealth during the COVID-19 nationwide public health emergency,” such permissiveness will not last.

Luckily, most telemedicine providers can utilize managed services and cloud infrastructure to keep pace. Here are some best practices to meet IT compliance and cybersecurity demands for telemedicine.

Telemedicine Compliance Best Practices

Compliance should be viewed as a real-time process that drives security. Telemedicine tools and technology should therefore reflect significant expertise with all healthcare regulations (HIPAA, HITRUST, HITECH), with compliance functions permeating processes. Recommended compliance best practices include:

1. Automate Remediation

Healthcare applications cannot offer high reliability if every potential compliance problem is remediated manually; there’s just too much that can go wrong and never enough staff to address it when needed. The solution is to automate everything that can be automated, and rely on people to handle exceptions or potential violations that don’t impact reliability. Cloud-based services can integrate AI and operational intelligence to automatically remediate anomalies when possible, present recommendations to operations staff for cases that cannot be resolved automatically, and present clear choices such as:

·         Do Nothing: Take no action, delete ticket after [x number of days]

·         Fix Now: Implement the recommended actions immediately

·         Schedule: Perform the recommended actions during the next maintenance window

This approach speeds resolution and decreases service disruptions, and improves the reliability of telemedicine delivery. The automated response also plays a critical role in security (which will be discussed shortly).

2. Perform Formal Risk Assessments

Understanding the risk level and specific risk issues are critical components for an effective compliance plan. Many providers of healthcare services underestimate their level of risk, in part because it is difficult to quantify. The HHS has published guidance in its Quantitative Risk Management for Healthcare Cybersecurity, which offers insight. There are also cloud solutions that can aid the process. Cloud services providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud offer automated security assessment services that help improve the security and compliance of applications deployed on their cloud hosting platforms. They can generally assess applications for exposure, vulnerabilities, and deviations from best practices. A good inspection service should highlight network configurations that allow for potentially malicious access, and produces a detailed list of findings prioritized by level of severity.

3. Reduce Attack Surface

To provide secure access to sensitive information, hybrid architectures supporting telemedicine applications need a virtual private network (VPN) gateway between on-premises and cloud resources. However, developers, test engineers, remote employees, and others who need access to cloud-based protected health information (PHI) may bypass a VPN gateway by either cracking open the cloud firewall to allow direct unencrypted internet traffic or using peering connections. To prevent such potential exposures, secure desktop-as-a-service (DaaS) solutions provide an elegant way to allow cloud-based access to PHI without exposing connections or records. A DaaS is generally deployed within a VPC providing each user with access to persistent, encrypted cloud storage volumes using an encryption key management service. No user data is stored on the local device, which reduces overall risk surface area without impeding development capability.

Telemedicine Security Best Practices

While the full scope of cybersecurity strategies is beyond the scope of this article, here are three best practices that telemedicine providers can use bolster their security profile:

1. Deploy Proactive Network Security

Modern cyber threats have become steadily more sophisticated in evading traditional security measures and more devastating once they penetrate network perimeters. For that reason, telemedicine providers need a highly proactive, multilayered approach to prevent malware-based outages, theft of intellectual property, and exfiltration of protected health information (PHI).

A combination of network anti-malware, application control, and intrusion prevention systems (IPS) is recommended. Such proactive solutions are generally bundled in managed cloud services that should automatically detect suspicious system changes in real-time, isolate and quarantine affected resources, and prevent the spread of exploits by locking down any server whose configuration differs from the installed settings.

2. Encrypt Data Storage

Data encryption is the last line of cyber-defense for PHI and other critical information. Even if an attacker can penetrate the perimeter and proactive network security and exfiltrate data from the provider, those data are useless to the hacker if encrypted. It’s good practice to encrypt all web and application servers running on cloud instances using a unique master key from a key management service when creating volumes.

Encryption operations generally occur on the servers that host cloud database (DB) instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its block storage. For additional protection, you can also opt to encrypt DB instances at rest, underlying storage for DB instances, its automated backups, and read replicas.

3. Harden Operating Systems

Both Microsoft Windows Server and Linux are ubiquitous operating systems in telemedicine. They are also both attractive targets for cybercriminals because they provide complex capabilities, frequently remediate vulnerabilities, and are so common (increasing attackers’ chances of finding an unpatched system). Hackers use OS-based techniques such as remote code execution and elevation of privilege to take advantage of unpatched operating system vulnerabilities. Hardened images of Windows Server and Linux virtual machines (VMs) should be used, employing default configurations recommended by the Center for Internet Security (CIS). Such hardened images make gaining OS administrative extremely difficult, and coordinate well with proactive security bundles described earlier.

Additional resources for telemedicine compliance and security are available from the American Medical Association (AMA), the US Department of Homeland Security, the U.S. Department of Health and Human Services, and HITRUST.

 While these best practices are targeted primarily at telemedicine companies, they can also be applied to a wide range of healthcare providers and organizations delivering vital services in the face of 2020’s dramatic swings in demand.


About Gerry Miller

Gerry Miller is the founder and chief executive officer at Cloudticity. He is a successful serial entrepreneur and healthcare fanatic. From starting his first company in elementary school to selling his successful technology consulting firm in 1998, Gerry has always marched to his own drummer, producing a series of successes. Gerry’s first major company was The Clarity Group, a Boston-based Internet technology firm he founded in 1992. Gerry presided over seven years of 100% aggregate annual growth and sold the company in 1998 when it had reached $10MM in revenue.

He was recruited by Microsoft to become their Central US Chief Technology Officer, eventually taking over a global business unit and growing its revenue from $20MM to over $100MM in less than three years. Gerry then joined ePrize as Chief Operating Officer, where he grew sales 38% to nearly $70MM while improving operating efficiency, quality, and both client and employee satisfaction. Gerry founded Cloudticity in 2011 with a passion for helping healthcare organizations radically reshape the industry by unlocking the full potential of the cloud.

Telehealth and Cybersecurity: What You Should Know

New Telehealth Tablet Provides Clinical Collaboration Within Hospitals

Healthcare providers are seeing between 50 and 175 times (1) more patients via telehealth than before. Telehealth platforms* offer solutions for a wide array of different healthcare issues. An estimated 20 percent of all emergency room visits and 24 percent of routine office visits and outpatient volume could be delivered virtually via telehealth.

Telehealth is a win-win for providers and patients. It both increases the availability of care while also reducing costs. However, telemedicine does have intrinsic privacy and security risks that all providers must minimize to protect sensitive patient data.

The Inherent Vulnerability of Connectivity

Providers have been eager to adapt to this care delivery method, but many platforms do not meet HIPAA requirements and lack adequate data safeguards. The same connectivity that makes telehealth possible also creates threats to patients. Protecting patient health information (PHI) and providing remote services doesn’t fit together easily.

Any data transferred over the internet runs the risk of interception by threat actors, and healthcare has long been a preferred target for cybercriminals. In 2019, healthcare data breaches cost the industry over $4 billion (2). 

This year is no exception with a further increase in ransomware (3) and other attacks that put millions of patients’ records in danger of exposure. These types of events have all happened within typically well-fortified hospital networks.

Connecting with patients via telehealth and transmitting biometric data via remote care devices only furthers these dangers. The biggest risk is that patients lack control of the collection, usage and sharing of their PHI.

For instance, remote monitoring devices built with sensors to detect falls may collect information on other activities patients wish to be kept private—including that their home is unoccupied at certain times and the types of activity they participate in. Even with security measures, any transfer does have a potential for a breach.

How to Prevent Security Risks in Telehealth

More secure telehealth begins by establishing best practices. Because of the sensitive information healthcare organizations possess, providers and the vendors they choose to work with must focus on core elements of data security through related tools and strategies such as:

1. Identity Authentication

Continuous identity authentication ensures authorized individuals have access to data. Identity authentication can be accomplished through a variety of approaches.

Multi-factor authentication, or the requirement of utilizing two pieces of evidence to sign in, is among the most common and has been proven effective in blocking 99.9 percent of all automated cyber-attacks.

Beyond this, users need to develop strong, unique passwords for, not just their telehealth platform accounts, but across their entire online logins and accounts.

2. Improve Telehealth Platform Safety

HIPAA requires that providers integrate encryption and other safeguards into their interactions with patients. However, patients’ devices on the receiving end of care often don’t have these safeguards while some medical devices have been shown to be vulnerable to hackers.

Ensuring the safety of all patient devices in the short term will be impossible. Thus, telehealth platforms must be as secure in themselves as possible. The software needs to be designed in a secure environment and contain numerous ways of establishing secure channels between patients and providers.

3. Investing in Patient Education

Outside of telehealth, cybersecurity ultimately relies on the end-user. As hackers continuously exploit new vulnerabilities, developers are in a constant race to keep up with new threats. Cybersecurity is only as strong as its weakest link. Secure telehealth apps must be complemented by other measures.

For this reason, healthcare providers should educate patients about cybersecurity and the steps they should take to improve the overall safety of their interactions online by:

●  Educating patients about the telehealth security threats;

●  Using a VPN both during telehealth services and for general device usage;

●  Frequently updating all apps and operating systems, not just telehealth platforms;

●  Enabling anti-malware and virus scans to run at all times;

●  Restricting app permissions to what’s necessary for app functionality only; and

●  Recognizing social engineering and other types of cyber-attacks.

How to Minimize Telehealth Security Risks

The one word providers must focus on when implementing telehealth is encryption. It needs to be everywhere. Since data is vulnerable in all stages of its life cycle, including during storage, transmission and access, encryption must be built into every step of this process.

Concerns about the privacy and security of these systems should not adversely affect people’s trust in telehealth. The benefits outweigh the risks. But providers must embrace more rigorous standards and minimize threats to ensure telehealth can deliver on its promises and live up to its potential.

Sources:

  1. https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/telehealth-a-quarter-trillion-dollar-post-covid-19-reality
  2. https://healthitsecurity.com/news/data-breaches-will-cost-healthcare-4b-in-2019-threats-outpace-tech#:~:text=November%2005%2C%202019%20%2D%20Healthcare%20data,per%20each%20breach%20patient%20record.
  3. https://www.securitymagazine.com/articles/92575-increase-in-reports-of-ransomware-attacks-on-health-care-entities
  4. https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/