Quality and Safety
The cyber risk platform Black Kite released a new report this week finding that one in 10 global pharmaceutical manufacturers are at a high risk of suffering a ransomware attack.
The report, published on Tuesday, evaluated the cybersecurity posture of the 200 largest global pharmaceutical companies and 166 associated third-party vendors.
"We have seen how ransomware attackers can shut down a gasoline pipeline in the past week. Imagine if a ransomware attack halted a manufactured COVID-19 vaccine hostage or stopped the production of vital chemotherapy drugs,” said Bob Maley, Black Kite’s chief security officer, in a statement.
WHY IT MATTERS
Billions of people worldwide rely on the pharmaceutical industry, sometimes for daily medications.
"An interruption in manufacturing lifesaving drugs or therapies would be catastrophic for many. A cyberattack on a pharmaceutical company could mean life or death for consumers," noted the Black Kite report.
The organization used open-source intelligence sources, in combination with machine learning, to evaluate companies' susceptibility to ransomware attacks on a scale of 0.0 to 1.0.
Nearly 10% of companies were over what Black Kite considers a "critical" threshold of 0.6, indicating high susceptibility.
Medium-sized pharmaceutical companies had the highest average susceptibility.
Security issues included out-of-date systems, phishing vulnerability, publicly visible critical ports, credentials in lists shared on the deep web and past data breaches.
Vendors are also vulnerable: 12.2% of IT solutions are above the critical threshold, and nearly 5% of software vendors are – but the report flagged data management vendors as the riskiest.
"The people you do business with matters, more so now than ever," said Maley in the report. "Supply chain continuity is everyone's responsibility, especially amidst today's evolving cyber landscape.
"That said, your risk management obligations are never entirely fulfilled, not even after you've achieved a 'good' cyber rating. Your suppliers, partners, vendors and third parties all open other gateways to your network," he added.
So what makes pharma such a rich target? The report outlined several reasons, including digital transformation, data access, widely adopted medical technology and complex supply chains.
"The pharmaceutical industry is the world’s third-largest industry, following the finance and e-commerce sector. With a predicted compound annual growth rate of 13.7% through 2027, it's no secret that pharmaceutical organizations will become a more valuable target to cyber criminals," read the report.
THE LARGER TREND
As Maley mentioned, ransomware attacks have been in the news since they led to the shutdown of the Colonial Pipeline earlier this month.
But for the healthcare industry, they're nothing new. Just this week, Scripps Health marked two weeks of a network outage following what was reported to be a ransomware attack – while Ireland's national health service faced a shutdown of its own.
And when it comes to the pharmaceutical supply chain, one major effort stands out: the COVID-19 vaccine. Experts have warned that the process of manufacturing and distributing the vaccines presents a number of vulnerabilities – and hackers have already begun to take aim.
ON THE RECORD
"Billions across the globe rely on pharmaceutical manufacturers. Ransomware attacks on 10% of the globe’s pharmaceutical companies could have an immense impact," said Maley.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.
Although the agency did not explicitly refer to any specific brand of electronics, its news release linked to several articles about magnets in the iPhone 12.
Meanwhile, Ireland's national health service is continuing to grapple with outages of its own following a ransomware incident.
At least five healthcare providers were affected by the incident, which occurred in February.
Researchers from West Virginia University have set out to determine the optimal frequency of telehealth appointments for patients with chronic conditions.
In a study published in E-Health Telecommunication Systems and Networks, the team reviewed other work concerning telehealth and chronic conditions.
They found that virtual care services benefited patients more if they continued for about a year rather than ending after six months.
However, they said, more data is still needed.
"Developing clinical implementation knowledge for community dwelling individuals who experience [multiple chronic conditions] in relation to the effectiveness, cost, cost-effectiveness, and the patient experience will be crucial to realizing the promise and potential of telehealth," wrote researchers in the study.
WHY IT MATTERS
The systematic review of 47 articles included synchronous, asynchronous and remote patient monitoring services.
About half studied telehealth's effect for one chronic condition, and half examined its effectiveness for multiple conditions.
The team found that regardless of modality, longer duration of telehealth services (about a year) produced positive outcomes, compared with those with shorter durations (37 to 38 weeks).
That said, researchers explained that the optimal "dose" of telehealth services, meaning frequency and format, is still unknown – and that more data is needed.
In a follow-up program, lead study author Jennifer Mallow, an associate professor in the West Virginia University School of Nursing’s Adult Health Department, is delivering telehealth services to West Virginians and tracking the relevant metrics.
"We’re collecting information related to dose,” Mallow said in a press statement. "How long do we spend with participants? What are the nurses doing, and how long does it take them? How long does it take us to review remote patient monitoring? Are we talking to patients on the phone? As we collect this information in a standard way, we can begin to make those links between dose and outcome."
The study also flagged the danger of telehealth worsening the digital divide, particularly if patient demographic data is not adequately collected.
"Telehealth is often proposed as a solution to decrease health disparity such as a higher burden of illness, injury, disability, or mortality experienced by those with chronic conditions," according to the study. "However, healthcare disparity such as lack of insurance, access, and quality are rarely measured in telehealth research," researchers said.
"Understanding the results of telehealth trials in the context of the population will continue to be important as we attempt to diminish health disparity in the context of the determinants of health," they added.
THE LARGER TREND
The boost in telehealth use amidst the COVID-19 pandemic presents a rich opportunity for investigators to determine the effectiveness of virtual care, especially for patients who may not be able to access in-person care.
Perceived success has varied by specialty: In January 2021, a JAMA Network Open study found that medical oncologists were split on telehealth's clinical effectiveness, while psychiatrists have said they've been "pleasantly surprised" with the transition to telemedicine.
But more data is still needed. Major telehealth-focused legislation introduced in Congress would require a study to learn more about how telehealth has been used during the novel coronavirus crisis.
ON THE RECORD
"If you're going to use telehealth for chronic conditions, the various professional bodies need to come out with recommendations for when and how often," said Mallow in a press release.
"The American Diabetes Association might say you should see your patients in person at least once per year to do a foot exam but could use telehealth for other follow-up care, for example. But before they do that, we need rigorous research studies so that they can make those determinations," she added.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.
Deep Dive: HIMSS is celebrating 60 years of innovating to "reform the global health ecosystem."
In Wyoming, an employee accidentally uploaded COVID-19 test results to a public-facing website, while Pennsylvania faced trouble with a third-party contact-tracing vendor.
Philips IGT CMO Dr. Atul Gupta says innovations include digitally streaming application specialists into the operating room.
The report found that healthcare was one of the industries most affected by tracked ransomware incidents in 2020, second only to education.
SPONSORED
Antoinette Thomas, chief patient experience officer for Microsoft Health and Life Sciences, discusses three things healthcare systems need to focus on as they move forward with their digital transformation.
