Comment

The imperative of cybersecurity in healthcare: an evolving challenge

The shift towards interconnected systems and IoT in healthcare further amplifies the need for advanced cybersecurity.

Healthcare systems are composed of extensive networks of connected devices. Credit: MUNGKHOOD STUDIO / Shutterstock

The healthcare industry must prioritise investments in cybersecurity to address the escalating threats to medical devices, interconnected systems, and overall infrastructure. With an increasing reliance on advanced technologies, and as cyber threats grow more sophisticated and frequent, the need for comprehensive security measures has become more pressing. GlobalData’s recent report, ‘Cybersecurity in Healthcare – Thematic Intelligence‘, forecasts that there will be a significant increase in the amount of investment in cybersecurity, growing by 12.9% annually from $631.2m in 2022 to $1.2bn in 2027, driven by the rising number of cyberattacks targeting healthcare devices.

Healthcare systems are composed of extensive networks of connected devices and can include legacy systems missing up-to-date security protocols and personal medical devices linked to health networks. Additionally, in the event of a cyberattack, there is an immediate need to restore compromised systems to ensure patient safety and operational continuity. These factors and the uniquely high value of personal medical data make healthcare systems attractive targets for cybercriminals.

The impact of data breaches in the healthcare industry continues to grow. Reports from the US Department of Health and Human Services have indicated a two-fold increase in the number of individuals affected by data breaches from 2022 to 2023, and a further 15% increase in H1 2024 compared to H1 2023. This alarming trend highlights the urgent need for healthcare providers to strengthen their cybersecurity protocols to protect sensitive patient data and maintain trust. The consequences of data breaches extend beyond data loss to include reputational harm and legal repercussions. Regulations such as the US’s Health Insurance Portability and Accountability Act (HIPAA) and the EU’s General Data Protection Regulation (GDPR) have stringent penalties for data exposure, helping to emphasise the need for robust cybersecurity protocols.

The shift towards interconnected systems and the Internet of Things (IoT) in healthcare further amplifies the need for advanced cybersecurity. GlobalData projects that by 2025, 68% of medical devices will be connected to a network. While this increased connectivity will improve efficiency and patient care, it will also expand the risk landscape. A single vulnerability can provide multiple entry points for cybercriminals, potentially leading to widespread disruptions across healthcare systems. An illustrative example of this fragility is the recent incident involving CrowdStrike, where a faulty software update from the cybersecurity firm led to widespread information technology (IT) crashes globally across multiple industries, including healthcare. This disruption affected patient treatments, access to electronic health records, data flow between diagnostic systems, and even emergency response teams. Although this was not a cyberattack, it emphasises how a single point of failure can cause a large-scale disruption in an interconnected environment. 

The healthcare sector must prioritise cybersecurity investments to address the escalating threats to medical devices, interconnected systems, and the broader healthcare infrastructure. The healthcare industry’s reliance on digital technology, coupled with the high value of patient data, makes these systems particularly vulnerable. By adopting comprehensive security strategies, healthcare organisations can protect patient well-being, ensure uninterrupted care, and minimise the impact of potential cyberattacks. 

Navigating GMP and barriers to innovation in medical device development

Despite progress, the industry faces significant challenges, particularly during the qualification process 

Regulatory compliance: One of the most pressing issues is the inconsistency in regulatory requirements across different regions. Stringent regulatory standards require extensive documentation and validation, which slows down product introduction. This often results in repeated testing and validation, potentially delaying product launches by up to 12 months. According to a Grand View Research study, over 50% of manufacturers reported at least one significant non-compliance issue during audits last year, highlighting frequent lapses in meeting regulatory standards. These challenges frequently arise during the design validation and process validation stages, where ensuring consistent and reproducible results is complex and resource-intensive. 

Constraints on innovation: The need to demonstrate safety and efficacy prior to market launch often stifles innovation, and the complexity of integrating advanced technologies, such as artificial intelligence (AI) and the internet of things (IoT), into medical devices poses additional quality-related challenges. According to Emarketer Inc., IoT devices, which are expected to become a $187.6 billion market by 2028, offer numerous benefits, including improved patient monitoring and operational efficiencies. But incorporating these devices into existing healthcare infrastructure remains a complex task that involves overcoming technical, regulatory and interoperability challenges. 

Management systems: Universal requirements for quality management systems (QMS) add to the complexity and lead time for bringing a product to market. Implementing and maintaining a QMS compliant with ISO 13485 requires extensive documentation and validation processes. For instance, ISO 13485 mandates the creation of 31 documented procedures, including for design control, production, and process validation. Each of these procedures must be meticulously documented and regularly updated to ensure compliance, which can be both time-consuming and resource-intensive. 

“We do this all virtually on the computer, so we can make the osteotomy in multiple different places to decide where the most appropriate place to do the correction is.”

From here, relevant standard orthopaedic plates are selected for use in the surgery.

Following these preliminaries, surgical guides, jigs, and plastic models of the patient’s anatomy, in this first case the radius, are 3D printed and then sterilised for use in surgery.

“We make sure that the guide fits the bone in the patient exactly the way we planned for it to fit on the plastic bone. Once we have made sure that’s the case, we secure the guide to the bone with wires, and then we do whatever the plan has been,” says Lattanza.

In osteotomy, such plans generally involve drilling holes and then making the necessary bone cuts.

The great thing about this approach, Lattanza states, is that all that needs to be done to ensure the correction has been completed as planned during the surgery is to line up those holes.

She explains: “If the bone is rotated off 90° and when we drill those holes, they’re off 90° on the bone, we make the cut then we rotate and line up those holes to put the plate on because the plate holes are straight, and that’s how we know that we’ve got the correction.”

Beyond making relatively common osteotomies more accurate, a 3D provision also allows for more complex cases to be worked upon. Lattanza relays a recent case in which a child had broken the radius and ulna bones in their forearm.

“During the time that she was growing, this deformity got ‘very 3D’, meaning it was off in the sagittal, coronal, and axial plane,” says Lattanza.

“You can’t see the axial plane on an X-ray, and if you can’t see it, you can’t correct it.”  

In this case, the procedure required two cuts in the radius to restore it to normal anatomy, and one in the ulna.

“In my career prior to having the 3D technology, that’s something that is difficult or impossible to plan and to execute in the operating room, because you wouldn’t even be able to see that you needed two cuts to make it normal again,” explains Lattanza.

Lattanza is keen to add that the influence of 3D printing on preoperative planning and during surgery should not be a cause for complacency, particularly given that there remain limitations to 3D visualisations of CT scans, chiefly in that the current technology cannot show soft tissue.

“Some people think that this is kind of a phone it in now, but that’s not how it works,” she says.

“This is a collaboration between an engineer and a surgeon, and it has to be that way to get a good result.” 

Once we see where those changes are, we can plan where we’re going to cut the bone.

Dr Lattanza

Astrocytes are a type of neural cell that builds the BBB, and Excellio plans to derive exosomes from them to make them even better at targeting the brain. Credit: ART-ur / Shutterstock

Caption. Credit: 

Phillip Day. Credit: Scotgold Resources

Total annual production

Australia could be one of the main beneficiaries of this dramatic increase in demand, where private companies and local governments alike are eager to expand the country’s nascent rare earths production. In 2021, Australia produced the fourth-most rare earths in the world. It’s total annual production of 19,958 tonnes remains significantly less than the mammoth 152,407 tonnes produced by China, but a dramatic improvement over the 1,995 tonnes produced domestically in 2011.

The dominance of China in the rare earths space has also encouraged other countries, notably the US, to look further afield for rare earth deposits to diversify their supply of the increasingly vital minerals. With the US eager to ringfence rare earth production within its allies as part of the Inflation Reduction Act, including potentially allowing the Department of Defense to invest in Australian rare earths, there could be an unexpected windfall for Australian rare earths producers.