Each year we take some time to look at the trends we see happening in hospital technology and transformation. It is instructive to study the patterns and disruptive pressures contributing to changes in the hospital industry.
At CyberMDX, we see the value in predictions as being less about sneaking a peak of the future and more about the exercise itself. Most people are so caught up in the daily tasks and requirements of their work that they seldom have opportunity to take a step back, gather some perspective, and think about the likely course of micro and macro evolutions in their professions.
Often, the new year is a time of reflection and resolution and as such makes for a very natural exception to that general rule.
Foresight is 2020: Hospital Technology & Transformation Predictions
Investing some thought and imagination into what meaningful changes are likely to transpire in the industry can help you to better understand and anticipate shifting trajectories and adapt your own thinking and strategies accordingly.
With that in mind, we’d like to share the following five hospital technology and transformation predictions for 2020.
Asset management and network management solutions will converge
Instead of continuing to grow, enterprise technology stacks will begin to shrink in 2020, with healthcare leading the way. Integration and interoperability among solutions will be key factors and the emphasis will be to use what you already have to manage the entire operation better and avoid the complexities that might inhibit toolbox utilization.
Hospitals are chaotic places by nature, but much of the chaos in modern healthcare systems is actually avoidable. When it comes to tools that are supposed to help you manage a healthcare business, the technologies need to make operations simpler and easier rather than more complicated.
In 2020 hospital CIOs will continue to focus on the efficiencies and resiliency of their connected assets. They will consider solutions only if they offer vital functionality that is otherwise entirely absent, or if they effectively shrink your solution stack while improving existing solution insights and enhancing capabilities.
On the supply side, vendors will look to combine solution functionalities, design for greater interoperability with other systems, and do a better job integrating and centralizing disparate data and tool sets. Vendors will look to create simple, easy-to-use omni-departmental interfaces — without requiring much by way of user maintenance and management
The shift to flatter, more synergistic enterprise technology solution stacks will be spearheaded in hospitals by asset and network performance management vendors that converge their offerings. Asset management and cybersecurity capabilities will continue to merge in 2020, resulting in more efficient and secure tech systems for hospitals.
Large scale changes will be introduced to HIPAA
2019 saw significant changes in the cybersecurity regulatory landscape around the world. From the emergence of a new post-GDPR normal to changing cybersecurity reporting requirements, regulations have been moving away from general best-practice guidance and toward security assurance. In the wake of so many large medical data breaches and the revelation of compliant but unsettling data gathering schemes like “Project Nightingale”, it's only a matter of time until HIPAA sees similar changes.
The bulk of the Health Insurance Portability and Accountability Act was drafted and ratified between 1996 and 2013 — with most of the security stipulations having been added in 2003. Obviously, the healthcare cybersecurity landscape was very different in 2003 than it is today. Regulations designed to protect against 2003-era cyberthreats aren’t going to effective against the cyberthreats of 2020.
Even more importantly though, HIPAA wasn't designed with cyber hygiene in mind; while it does requires you to mitigate exposure of protected health information (PHI) and put reasonable data safeguards in place, it’s primarily concerned with defining when, to whom, and under what circumstances a covered entity may disclose PHI. In 2020, that's likely to change and we expect to see changes introduced to HIPAA that shift the focus away from punitive reactions to data breaches and toward steering proactive data protection and cyber resilience measures.
Hostile states will look to cyberattack western public infrastructure
State-sanctioned cyber sabotage is an ever-increasing part of data management. Over the last several years, boundaries have been pushed and red lines eviscerated in terms of the sort of state-sanctioned cyber sabotage that nations are willing to mount and tolerate. From North Korean involvement in Wannacry to the Kremlin planted malware into Ukraine's electric grid, cyberwarfare is a reality.
Cyberwarfare has historically not invited much by way of retaliation, presents no threat to the life of the attackers, and carries far less risk of long-term embroilment and mission creep. Because of this ease of use, we expect to see increased use of cyberwarfare against all aspects of public infrastructure. Unfortunately, on the cyber battlefield it's very likely that the line between civilians and soldiers will be blurred, as the most accessible, least hardened, high-impact targets are industrial control systems and critical public infrastructure points.
While the military and intelligence establishment of western nations may be reluctant to place civilian targets in their cyber cross-hairs, the same may not be true of their adversaries. That simple fact puts installations such as power plants, waste water treatment centers, airports, and hospitals at high risk.
It is, of course, our hope that we're wrong about this and that any attempted attack be successfully repelled, but the means and motive are definitely there.
Health care will become more preventative, more decentralized, and more patient driven
The movement to shift the public relationship with health from reactive to something more proactive and continuously managed is nothing new. Similarly, the push to decentralize health management outside of hospitals has been building momentum for years.
Historically, these trends have been driven more by the supply side than the demand side. What's more, they've largely been viewed as two distinct thought loosely related movements. In 2020, we're predicting that these trends will merge into one and will accelerate significantly on increased demand side interest.
Expect to see a new culture emerge around "health planning" activities designed to deliver more preventative and more sustainable physical well being. Before the magnitude of this cultural impact gives rise to a distinct market sector, it will manifest in the existing economy through several key touch points. These will include more widespread use of health and fitness trackers, health-focused behavior-hacking, consumerized genetic testing, and more conscientious nutritional planning.
Among other aspects of the emerging health management zeitgeist is the millennia-delayed realization that mental health and physical health are not two separate things. With a greater culture of mental health awareness and less stigmatized management, appropriate actions can be taken to intervene against a chain reaction of psychosomatic decline.
In this new health management ecosystem, hospitals will play only a negligible role; and that will suit their interests just fine. Going into 2020 and beyond, for many hospitals, moving from the epicenter of healthcare to the last line of defense may be just what the doctor ordered.
Today, most western hospitals struggle to negotiate the strains placed on their infrastructure, resources, and service capacity due to economic pressures and shifting population trends. The more preventative and outpatient care that can be delivered, the less strain we’ll see on the traditional healthcare system and the better hospitals will be positioned to effectively and sustainably execute medical interventions.
In 2020, we'll see care take on a decidedly more proactive bent and, instead of revolving around hospitals, it will revolve more around community health centers of the sort envisioned by CVS CEO Larry Merlo. “When you walk into CVS there’s the pharmacy. What if there’s a vision and audiology center, and perhaps a nutritionist, and some sort of care manager?... We expect patients will benefit from earlier interventions and better-connected care, leading to improved health outcomes and lower medical costs.”
A CVS press release went on to further explain the concept.
"[W]ith expanded health screenings and advanced connected devices, [we] can help providers predict and prevent major health events before they occur by, for example, identifying pre-diabetes symptoms or the warning signs of a heart attack. This will be done by remotely monitoring key health vitals or helping to ensure patients with chronic diseases take their medications as prescribed, which can improve patient health and avoid costly adverse events."
While the groundwork for much of this prediction was laid in years prior by supply side machinations, 2020 will see the enthusiastic demand side embrace of this movement take it to the next level.
We’ll see major attacks based on 2019's big vulnerability disclosures (i.e BlueKeep, DejaBlue, Urgent/11, SACK Panic)
The discovery and public disclosure of potentially devastating and widely present vulnerabilities accelerated dramatically in 2019. These vulnerabilities are not only deep and wide, but mitigation can be complicated, expensive, and operationally detrimental. The result is that despite the attention these vulnerabilities have received, in many technology stacks, they remain unpatched and unmitigated.
Unmitigated vulnerabilities leave a great many organizations profoundly exposed. The fact is, it’s only a matter of time before malicious actions pounce on one, or several, of the attack vectors.
The threat from recent vulnerabilities is not theoretical, it's actual. Look at BlueKeep. Since the vulnerability’s disclosure in May 2019, researchers have been so consistently certain of eventual real-world BlueKeep fallout that already in July articles were being written to explain why an attack hadn't yet occurred. On November 2, we got our first glimpse of the much anticipated attack. While investigating the persistent mass crashing/rebooting of machines in an EternalPot RDP honeypot network, Marcus Hutchins found "BlueKeep artifacts in memory and shellcode [used]to drop a Monero Miner.”
Thankfully that real-world exploit was less devastating than feared, mostly because the attack was a comparatively benign crypto-jacking ploy. If the attacker took a more aggressive and disruptive approach and looked to raise capital by employing ransomware, or if the attacker was driven by a more nefarious motive, a much more destructive and wormable exploit would likely have been unleashed. So while we’ve already seen the first real-world BlueKeep attack, we definitely haven’t seen the last, and the next one is likely to be much more vicious. That’s a really big deal when you consider that there are still believed to be more than 724,000 systems worldwide susceptible to BlueKeep.
And remember, BlueKeep is just one example of this growing class of potentially catastrophic vulnerabilities.
Technology is constantly changing, and hospital CIOs should be looking to the future to plan and prepare for the journey ahead.
As evidenced by the prescience of our 2019 predictions, we're not attempting to peer forward in time as a gratuitous exercise of the imagination or in pursuit of click bait. Rather, we've made these predictions based on abundant research and analysis together with careful consideration. The goal is to anticipate the shifting terrain of hospital technology and transformation and in so doing provide a degree of context and guidance for your 2020 strategy. As such, we sincerely hope it lives up to it's ambition.
What are your biggest concerns for technology in 2020? Let us know in the comments.