Cybersecurity frameworks in APAC don’t support remote care: report

Existing healthcare cybersecurity frameworks in the Asia Pacific are not suitable for remote healthcare management.

This is based on a new one report by the Asia Pacific Medical Technology Association (APACMed) and LEK Consulting, which looked at the region’s cybersecurity landscape and how policies and other measures apply in the growing remote care segment.

WHY IT MATTERS

The report notes that healthcare cybersecurity frameworks in APAC countries are “not fully adapted” to remote care solutions, nor are they harmonized across jurisdictions.

While the policy allows for the transfer of data between hospitals and beyond, these protections are also “not well established” and challenges remain in enforcing them.

Meanwhile, regulation of medical devices that support remote care is “not as strict as that of standard medical hardware equipment,” increasing the risk of data breaches.

The report highlighted the urgent need for the region to adapt these existing cybersecurity frameworks to support the management of remote care. A targeted approach can be ‘essential’ to protect patient data and limit the risks of cyber incidents, the report says.

An interesting suggestion from the report is a policy that would ensure that the assessment of each remote care medical device is adjusted based on the level of risk, rather than applying a blanket assessment process. It identifies and classifies the collected data and develops customized risk management strategies for each type of health data.

“For example, network-connected remote care medical devices are at greater risk of data leakage than non-networked medical devices. Less stringent assessment processes can therefore be applied for medical devices with lower risk levels. applied to ensure sufficient innovation and competition in the market for medical devices for remote care,” the report further explains.

According to the report, current cybersecurity frameworks can be localized based on existing national remote healthcare environments. They can also follow globally accepted industry standards, such as the US Department of Commerce’s National Institute of Standards and Technology Cybersecurity Framework, the General Data Protection Regulation (GDPR), and the Health Insurance Portability and Accountability Act, to make global solutions quickly available to local companies. markets and ensure that local developers can quickly scale abroad.

As also recommended, these existing frameworks should be recognized across all APAC jurisdictions; these can be translated into “clear technical requirements” for healthcare providers, manufacturers and other stakeholders. “Consistent, transparent compliance and enforcement mechanisms” should also be put in place.

“Potential regulatory improvements include the introduction of an integrated risk management program, incident response protocol and mitigation measures, vendor cybersecurity requirements, and enforcement measures to promote device security and competition,” the report said.

In the long term, policymakers are encouraged to actively collaborate with their counterparts in other countries, as well as with industry experts, to further refine their cybersecurity framework for managing remote healthcare. They should also look at financing partnerships between stakeholders.

THE GREATER CONTEXT

The APAC remote care market, which is further segmented into telemedicine, healthcare IT and analytics, and mobile healthcare, has seen annual growth of 15% since 2016; it could still grow up to 20% every year until 2031, the report said. Its growth is primarily driven by its affordability, increased adoption among healthcare providers, growing awareness among patients, emphasis on new healthcare models (particularly telemedicine), and expanded use cases by manufacturers.

The importance of implementing cybersecurity policies specific to remote healthcare management cannot be overstated given the healthcare industry’s high susceptibility to cyberattacks. In recent years, APAC has recorded high-profile data breaches, including the cases of private insurer Medibank in Australia, Waikato District Health Board in New Zealand, Fullerton Health in Singapore, OT&P Healthcare Group in Hong Kong and India’s COVID-19 vaccination platform CoWIN.

“Compared to other regions, APAC markets are generally still in the early stages of developing dedicated cybersecurity frameworks for remote care. The maturity level of these frameworks remains relatively nascent, highlighting the need for continued efforts to establish robust regulatory measures and comprehensive cybersecurity. frameworks specifically tailored to the unique challenges of (remote healthcare management) in the APAC region,” the APACMed and LEK report highlighted.