Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    

Navigating the Risks of New Healthcare Technologies


The appetite among healthcare providers for new technologies is voracious. The benefits are obvious: Individual providers and facilities want to improve care and increase convenience and reputations. New technology, however, involves risks - both to patients and in working through internal "glitches." The potential for hacking and loss of security, privacy and access increases these risks.

In considering new technologies and associated risks, it is helpful to categorize by how soon they become available.

The Near-Term: Connected Devices/IOT.

Devices that are connected to an open network are "connected devices." When those devices can then communicate with each other via the internet, they become part of the Internet of Things (IOT).

  • What it Does: Just about everything. Relevant devices include monitors in hospitals, wearables and machines to auto-administer therapies or track real-time health data.
  • Why We Want It: Connected devices and the medical IOT (mIOT) are not only part of a larger increase in telehealth, but also can increase efficiencies, reduce costs and improve care for those with chronic conditions. Connection to a network permits timely monitoring, easier delivery of software, and utilization of health-related applications by patients.
  • What's the Problem? Imagine receiving a text that your pacemaker has been hacked, and if you don't pay bitcoin into a foreign account, it will be turned off at midnight. The potential risks are as varied as the imagination. Often older technologies are retrofitted to connect to the internet without having security "baked in."
  • What Do I Do Now? You can think of the security risks of connected devices/mIOT as a manufacturing issue, a vendor issue, or a security issue. In fact, it's all three:
  • Manufacturing processes for medical devices must ensure that security is implemented from the ground up, particularly for devices with software that can be connected.
  • Vendor assessments must be robust and ongoing.
  • Devices should be included in an overall compliance program to assess, test (including pen tests) and monitor security.

The Mid-Term:
Artificial Intelligence/Machine Learning.1

Our ability to function and understand the world around us depends on our capacity to find and use patterns in our environment. AI/ML is a collection of different methods for permitting machines to do the same - learn on their own.

  • What it Does: To simplify, it takes input, gives potential responses, receives feedback and refines its responses. For example, show a machine enough pictures of fish, and it can identify a fish in a picture that it has never seen before.
  • Why We Want It: There is a correlation between how many humans are on this planet and the rate of innovation.2 To oversimplify, the more brains, the more likelihood that one of them will belong to Einstein. AI/ML allows computers to supplement humans in innovation. AI is not an incremental change but a changing of eras in which machines begin undertaking tasks that humans may not even understand. For the most optimistic, AI/ML has the potential to help create a frictionless, evolved society.
  • Where's the Singularity? You've seen the movies. Before our new overlords take over,3 there are near-term concerns. For example, the inability to know whether we're interacting with a human or a bot. Authentication, spoofing, phishing and other issues are rife.
  • What Do I Do Now? In the short term, authentication and authorization controls are required. Multi-factor authentication is a good fix. In addition, old-fashioned human contact can help. Policies that require phone calls in some circumstances (such as unexpected requests for access to data) can save headaches.

The Long-Term: Distributed Ledger Technology (Blockchain).

You likely know this from Bitcoin, but its potential for the healthcare industry is far beyond cryptocurrency.

  • What it Does: DLT connects numerous machines to increase the security and reliability of information. In addition, it drives the sharing of information and completion of transactions without a centralized authority.
  • Why We Want It: Blockchain is already impacting supply chain and other use cases and could make the counterfeiting of pharmaceuticals impossible. It could make medical records immediately available and completely secure (don't expect this in the short-term) and create "smart contracts" that are self-enforcing.
  • What's the Problem? Blockchain is slow, energy-intensive and limited (contrary to popular imagination, medical records may never be stored on a distributed ledger). Also, blockchain is software and thus subject to the imperfections of designers. Individuals can take advantage of flaws, and there is a threat of "51 percent attacks" where a limited number of actors control the entire blockchain.
  • What Do I Do Now? A good percentage of healthcare entities are considering jumping into DLT, but it's important to keep in mind the risks, as well. Consider whether to have an open or restricted (permissioned) network. If restricted, how limited, and is there a threat of a 51 percent attack? Also, consider whether the ledger should be anonymous or identified, and whether private or public (i.e., no centralized management). Each of these decisions should be based not only on the business but also the potential security of the network's members.

Machines are getting smarter faster ... and keeping up with threats will become increasingly difficult until, at some point, we rely on machines to protect us from other machines. Until then, healthcare industry professionals have a responsibility to implement technology wisely.

1 Some may note that placing AI/ML in the Mid-Term understates its current impact. We place it here because the growth of AI/ML is likely to be exponential, replacing the current drizzle of ML with a hurricane of AI in the future.

2 See, for example,

3 01010011 01001111 01010011

Roy Wyman is a partner of Nelson Mullins Riley & Scarborough LLP in Nashville, co-chair of Nelson Mullins' Cybersecurity and Privacy Industry Group and is a member of the Healthcare Regulatory and Transactional team. He can be reached at or (615) 664-5362.


Nelson Mullins


Related Articles:

Recent Articles

Cummunity Comes Together Archives

Read More


Read More

Scope of Practice Update

Read More

AHIP Statement on Final CMS and ONC Interoper-ability Rules

Matt Eyles, president and CEO of America's Health Insurance Plans (AHIP), issued this statement following the Centers for Medicare & Medicaid Services' (CMS) final rule on Interoperability and Patient Access, and the Office of the National Coordinator (ONC) for Health Information Technology final rule on Interoperability, Information Blocking, and the ONC Health IT Certification Program:

Read More

Alexander Statement on Final Electronic Health Records Rules

U.S. Senate health committee Chairman Lamar Alexander (R-Tenn.) released the following statement after the Trump Administration released two final electronic health record rules:

Read More

A New Era in Nephrology

New therapies are beginning to come online to change outcomes for kidney disease patients.

Read More

Solving the Rural Health Puzzle

Hospital closures, alternative payment models, workforce issues and an older, sicker population have combined to create huge challenges in delivering rural care.

Read More

The Kidney Project: Pioneering Hope

The Kidney Project is bringing new hope to patients with end stage renal disease.

Read More

Saint Thomas, Nephrology Associates Partner on Transplant

Ascension Saint Thomas and Nephrology Associates recently announced an exclusive partnership to expand kidney transplant care.

Read More

Taking the Initiative on Kidney Care

With 1 in 7 American adults being affected by chronic kidney disease, the American Society of Nephrology, in partnership with federal agencies, are laying the groundwork for treatment innovation.

Read More

Email Print



AI, Artificial Intelligence, Augmented Intelligence, Blockchain, Cybersecurity, Distributed Ledger Technology, DLT, Hacking, Healthcare Technology, Machine Learning, ML, Nelson Mullins, Roy Wyman
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: