Securing the internet of things and cybersecurity

Internet-connected medical devices and health system networks and systems are increasingly at-risk for cyberattacks and in some cases, ransomware and malware, such as the WannaCry malware attack in 2017 that affected 300,000 computers in 150 countries.


Understand the risks to organisations—the fallout from a breach could have a broad impact. The increasing use of connected devices in electronic health record systems means companies’ value-based payments also could be at risk if there’s concern about the collected data’s integrity. Organisations should measure the impact from threats and risks and allocate resources to the most critical needs. Risk measurement should include multiple factors, such as patient safety, financials, regulatory fines, brand and reputation, and operations.

Prepare for the inevitable. Forty percent of global CEOs now consider cyber threats to be a serious concern in 2018, compared with 24 percent in 2017. Executives recognize that improving cybersecurity should be a priority for all healthcare organisations, whether or not they have experienced an incident. Many healthcare payer and provider organisations worldwide have an information security strategy—but 34 percent of those surveyed say they don’t.

Providers should strategically consider how they manage internet-connected devices—and manage risks with a multilayered approach. Cybersecurity risks can be managed using a layered approach, including limiting who has access to devices and limiting what the devices can do. While 96 percent of provider executives think their practices are secure against cybersecurity threats, only 36 percent of providers and payers have access management policies in place, and 34 percent have a cybersecurity audit process in place. Many companies lack in-house cybersecurity expertise and will have to find it elsewhere. Companies should use language in vendor contracts to establish what device manufacturers are responsible for, including security updates and security support. The US-based Mayo Clinic, for example, requires its vendors to adhere to security standards before Mayo will purchase their products.

Call to action for policymakers and regulators

Make cybersecurity an expectation. Set an expectation in agencies and industries for securing data. After a cybersecurity attack, Mexico’s Central Bank issued a cybersecurity directorate to establish policies, guidelines and institutional strategies to protect data, setting a precedent for other industries.


Looking beyond the hospital to the social determinants of health

Chronic diseases are costly, to both health systems and individuals, whose quality of life suffers. Public payers, in particular, are stressed with chronic diseases’ mounting costs. In light of this burden, wellness and disease prevention are becoming a growing focus as regulators, payers and providers seek to empower communities and people to take charge of their well-being.


Give consumers what they want. Consumers are hungry for wellness solutions, with 52 percent of consumers surveyed in the US already participating in some form of wellness intervention. Consumer spending is expected to grow 34 percent on nutrition and 20 percent on wellness overall by 2020 in the UK. Payers, health insurers and retailers can collaborate to develop financial incentives for consumers to make healthy purchases or engage in other disease prevention behaviours. In Mexico, social security contributions by employers and employees could be linked to body-weight measures to encourage healthy behaviours.

Focus on sustainability by creating an expanded care team. A 2016 study by HRI showed that in the US, an extended care team for a large panel of patients that included nutritionists and social and community health workers could save $1.2 million for every 10,000 patients served. Focus on having the right representation on your teams to achieve better health outcomes.

Look at the data to see the full picture. Almost four out of five US provider executives admit that they do not have the data to identify consumers’ societal needs. Data-sharing partnerships and collaboration across health systems and other sectors will be critical in identifying the broader social determinants of health and developing the appropriate interventions.

Call to action for policymakers and regulators

Encourage healthcare entities to address the social determinants of health. In the US, the Centers for Medicare and Medicaid Services (CMS) granted $157 million last year to 32 healthcare organisations in its two-track Accountable Health Communities Model. The five-year demonstration model will test innovative payment and delivery models for organisations that become hubs that align community organisations and help patients connect with those organisations.


Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Ron Chopoorian

Ron Chopoorian

Global Health Industries Leader, Partner, PwC United States

Sujay Shetty

Sujay Shetty

Global Health Industries Advisory Leader, Partner, PwC India

Tel: +91 9867700030