Jan 23, 2021

Digital transformation and the future of healthcare

healthcare IT
Digital Transformation
patient records
Fred Huet
5 min
Digital transformation and the future of healthcare
Fred Huet, Partner at Altman Solon, discusses why upgrading legacy mainframe systems is crucial for healthcare systems...

For many years, ‘healthtech’ was, in essence, a series of consumer electronics devices and lifestyle apps. The popularity of smartwatches and downloadable health and fitness trackers certainly shows no signs of slowing down – they continue to play an important role in terms of increasing understanding and changing habits around areas such as personal health, fitness and nutrition.

In the last decade, though, we have seen evidence of a more widespread shift in the broader healthcare technology sector. The market is evolving, and we are now beginning to see a more defined pattern of companies driving a wider digital transformation of global healthcare systems. Because larger players in the healthcare space are beginning to adopt technological solutions in a much more active way, we will begin to see a realisation of the much more transformative role that technology has to play in global healthcare systems.

One very obvious example in the past year has been the rise of telehealth, with an accelerated shift away from ‘face-to-face’ appointments towards ‘FaceTime-to-FaceTime’ consultations as a result of the pandemic. But it is important to note that digital transformation on a much larger scale is afoot, with significant changes beyond telehealth that could stand to revolutionise the organisation, operation, and delivery of healthcare soon.

Technology-enabled efficiency

As healthcare professionals and patients alike grow more confident with telehealth procedures and more accustomed to the convenience of remote consultations, we are also seeing signs of a simultaneous, larger digital wave moving across the broader healthcare sector – from hospitals and clinics to general practices and even care homes. This is happening at a fundamental level with significant investment allowing for the adoption of IT systems for things like storing and processing patient records and optimising clinicians’ timetables. 

Technology is driving efficiencies for admitting and managing patients both in and out of hospitals, and also managing the link between hospitals, clinics, and other areas of the health service. This allows for greater expediency and assurance when, for example, reimbursing the cost of a particular procedures performed outside of a nationalised health service.

Digitising patient records

A key area where we will continue to see development across global healthcare systems is the digitisation of patient records. In the past, there have been two major obstacles preventing widespread digital transformation here: cautious attitudes and outdated IT systems. People tend to question the need to upgrade digital systems when the ones they are currently using are not broken. Often there can be additional hesitancy around migrating patient records because of the fear of losing or corrupting data if there is a problem. This fear is certainly not unfounded, though it does serve as a recipe for doing nothing.

Progress here is happening at different rates across the world. In the UK, for example, we are seeing the first signs of this shift in a small number of areas of the country, with new systems enabling the sharing of information and data within the same group of hospitals. This is a start, but understandably, there is some caution about the next step, which would be to increase access to patient records cross-practice and in different regions of the country. Certainly, a ‘big bank’ approach with a central repository of data for each healthcare practice to access when required may pose potential cybersecurity risks – one flawed link could put the entire system under threat if it were to be breached.

There are also regulatory challenges to address. Governments must take the time to review what is legally possible for hospitals to do in terms of storing and sharing patient data, as there would be little point in investing in enhanced digital systems that enable digital data transfer if they do not have the legal right to do so.

A new model

Governments also face the question of how much public money to invest in upgrading these systems to pave the way for future innovations. France is probably one of the more advanced nations in Europe in part because clinics can take advantage of a government grant every two years to upgrade their IT systems. France has also seen a sustained drive to implement a digitised reimbursement system for doctor’s appointments. In the French system, everyone has a unique digital identification, and following an appointment the patient swipes their personal card to get the cost reimbursed. This has been a good way of being able to centralise data in a more secure way.

It may also lead to an interesting new model for some global healthcare markets in future. In countries where people often don’t have a dedicated GP practice and where the national healthcare infrastructure operates on a much more semi-private model, technology could enable a shift towards a particularly interesting new model of service. There are a wide variety of digital tools and applications that can manage an entire small general practice or private clinic and help them run more smoothly and efficiently. 

Because these applications have so much visibility across patients, there is a future where they might also function as lead generation for specialists in particular fields. In this hypothetical model, someone who is looking for a doctor in their local area could be presented with information via a platform that tells them which doctor is highly rated for a certain service.

This of course sounds futuristic, and it’s unclear if such a system would ever be implemented. What is clear is that digital transformation is happening at different rates across the world, and that widescale digital transformation in healthcare will occur in multiple phases and will be driven by initial steps towards upgrading legacy mainframe systems. As soon as hospitals and clinics start upgrading to systems that have been coded in today’s world as opposed to yesterday’s, it will be possible – perhaps even fairly natural – for them to then begin considering more innovative systems in future.

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article