Cybersecurity in Ubiquitous Healthcare and Collaborative Research

Today, multinational technology company GMV hosted the 2nd HealthTech Observer (HTO) Workshop in collaboration with the National Association of Health Informers (ANIS). The event centered around critical topics including cybersecurity, data governance in healthcare, and connectivity in information systems, covering areas such as liquid health centers, hospitals, and CERTs.

The liquid hospital represents a novel patient care model rooted in e-health, or healthcare supported by advanced technologies. It transcends the physical confines of traditional healthcare centers, engaging patients, their families, and healthcare professionals collaboratively. This approach fosters shared responsibility for patient care, enabling continuous and ubiquitous monitoring of vulnerable individuals, including those who are dependent or managing chronic conditions, all without the necessity of hospitalization. 

This continuum of care, extending beyond hospital-based services, is not limited today to telemedicine and remote monitoring. It maximizes its potential by analyzing large volumes of data from various sources and utilizing artificial intelligence (AI). This approach enables personalized treatments and contributes significantly to therapy research, particularly in studying rare diseases. Characterized by its flexibility, it adapts seamlessly to patients’ needs and environments, fostering greater engagement, interactivity, and agility in resolving all processes. In this new healthcare model, data plays a special role, providing evidence for every clinical event.

This emerging scenario marks a transformative shift in organizational and healthcare paradigms, paving the way for predictive, personalized, precise, and collaborative medicine, all driven by continuous digital technological advancements. It is a hybrid approach, integrating in-person care with the advantages offered by technology, designed the 21st-century patient.

However, every transformation presents its challenges. Ensuring the cybersecurity of systems and safeguarding individuals privacy are essential. A cyberattack can render patients more vulnerable, halt healthcare services, and jeopardize research where data are the primary evidence. Notably, the healthcare sector has seen a 650% increase in phishing and ransomware attacks in the past year. Furthermore, unlocking the potential of tools like artificial intelligence, which can expedite research through federated data networks involving diverse public and private organizations, facilitating personalized and precision medicine while addressing diseases lacking treatments, demands the implementation of the highest security standards within the organization.

To address these topics, the 2nd HealthTech Observer (HTO) Workshop organized by GMV featured notable experts, including: Miguel Ángel Benito, regional coordinator of information security at the Balearic Islands Health Service; Luis Pérez Pau, European Chief Information Officer of FutuRS, a company within the Ribera Salud Group; Óscar Riaño, head of GMV’s CERT; Francesc García Cuyás, Director of Digital Strategy and Data at Sant Joan de Déu Hospital in Barcelona; Inmaculada Pérez, Director of Digital Health at GMV's Secure e-Solutions, and Alberto Estirado, Director of Information Systems and Digital Transformation at HM Hospitals.

European Health Data Space (EHDS)

On May 3, 2022, the European Commission initiated the European Health Data Space (EHDS), described as a “health specific ecosystem” (in the words of the Commission). It serves as a platform for the exchange of health data, providing a governance framework for the primary use by patients and secondary uses such as research, innovation, policy development, patient safety, statistics, and regulation.

The EHDS signifies a significant advancement in healthcare delivery, leveraging medical data for the benefit of both citizens and scientific research. It establishes a dependable framework for utilizing data in research and innovation, enhancing the efficiency and resilience of healthcare systems, and more. Researchers, empowered by the EHDS, can access a greater volume of high-quality data efficiently, steering their efforts towards personalized, predictive, preventive, and precision medicine, all clearly supported by digital tools in medical care.

To safeguard patient details, a process of protection and anonymization of medical data is implemented. This involves modifying the data to a degree where it becomes impossible to ascertain the individual’s identity, serving the purpose of medical research and ensuring compliance with data privacy regulations. EHDS regulations concerning data reuse are grounded in the General Data Protection Regulation, the framework established by the Data Governance Act, the proposed Data Act, and the Cybersecurity Directive.

These standards are complemented by laws and regulations for the protection of personal data, such as Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation, GDPR); Spanish Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights; and the Spanish directive on data protection in the criminal justice sector, along with other regulations related to the protection of personal data.

As explained by GMV representatives at the event, AI algorithms require a substantial amount of data to achieve the necessary precision in the medical field. Strict regulations must be adhered to in this process. Presently, these algorithms often stem from a very limited pool of sources, leading to bias and restricting their applicability across diverse population groups (limited generality). Through the technology known as Federated Learning, AI algorithms are collaboratively trained without the need to transfer data from the hosting hospital. Instead of relocating data for processing, GMV’s technology shifts algorithms to the centers where the data is located. This approach relies on techniques such as Secure MultiParty Computation (SMPC) or homomorphic encryption.

CiberAP helps protect healthcare systems inside and outside healthcare facilities 

What happens with these federated networks and constant monitoring for ubiquitous healthcare? We must consistently prioritize cybersecurity throughout the entire process: from the systems within medical centers to the monitoring devices used by patients at home. The challenge lies in cybersecurity for the interconnection between systems and devices both inside and outside medical facilities.

Miguel Ángel Benito, the regional information security coordinator for the Balearic Islands Health Service, shared insights about the CiberAP project, funded by the Ministry of Health. This initiative aims to enhance cybersecurity in the healthcare sector amid the growing role of AI in healthcare and research, which presents its own set of challenges. CiberAP will involve an investment of €40 million across the 13 participating autonomous regions, with the Balearic Islands leading the way for the other national regions: “The strategies and standards being defined are coordinated from our region.”

Meanwhile, Luis Pérez Pau, the European Chief Information Officer of FutuRS, a company within the Ribera Salud Group, pointed out that the healthcare sector experiences the longest detection time for potential information breaches. According to the guide on cybersecurity in the healthcare sector from the Inter-American Development Bank (IADB), there is an average of 329 days from the success of an attack until the institution realizes its data has been compromised. He also emphasized the importance of hospitals obtaining certification to ensure a standardized framework of measures across all institutions. The expert underscored the necessity for “secure and responsible sharing of health data for both healthcare and research purposes, which can significantly enhance healthcare and social well-being. With cyberattacks becoming increasingly frequent on a global scale, organizations must understand their critical processes and develop specific plans to address them, or risk facing their consequences. This presents both a challenge and an opportunity to improve security,” he affirmed.

Highlighting the fluid landscape of digital health, where boundaries vanish, Óscar Riaño, the head of GMV’s Computer Emergency Response Team (CERT), emphasized the need to safeguard not only healthcare facilities but also the interactions within this digital health and liquid hospital model. He introduced the concept of a Liquid CERT for healthcare institutions, underlining that the digital accessibility in the healthcare sector directly correlates with people’s quality of life. He also delved into European regulations set to come into effect next year and the year after, foreseeing an “avalanche” in legislation focused on cybersecurity and resilience, including NIS2 and CERT, as well as regulations concerning data and artificial intelligence like the Data Act and the AI Act.

In this context, Francesc García Cuyás, Director of Digital Strategy and Data at Sant Joan de Déu Hospital in Barcelona, highlighted that in this model, a patient’s home serves as an extension of the hospital, emphasizing the principle of “moving the data and not the patient”. He also referred to the ÚNICAS network, functionally led by Sant Joan de Déu Hospital in Barcelona, and pointed out the new model of teams composed of healthcare professionals, data scientists, and technologists within this digital health and liquid hospital framework. 

In a similar vein, Inmaculada Pérez, Director of Digital Health at GMV's Secure e‑Solutions, emphasized that the new model shifts the focus towards individuals rather than just the disease. This approach empowers healthcare professionals to enable early diagnosis and practice predictive, preventive, personalized, and precision medicine. These advancements are facilitated through the integration of artificial intelligence platforms dispensing healthcare services.

To conclude the Workshop, Alberto Estirado, Director of Information Systems and Digital Transformation at HM Hospitals, outlined the HM Hospitals Digital Transformation Plan. He discussed the establishment of the liquid hospital, the data-driven strategy, and the ongoing initiatives at the HM Hospitals Health Research Institute (IIS-HM), with a focus on the “#Datacovidsavelives” experience. “HM Hospitals' digital transformation plan represents a significant effort in change management, involving all company departments, particularly our dedicated team, enabling a renewal supported by technology.  The plan focuses on key aspects: unique data-driven management, efficiency in healthcare and clinical processes, digital patient engagement, and security.”

 

For more information:

Marketing & Communication
GMV Secure e-Solutions
[email protected]

 

.