Cybersecurity is a hot topic in the medical IT sector. Threats increasing on a daily basis combined with the need for remote working make it one of the major priorities for health systems to take an extra look at their environments. Read the key takeaways from Torbjörn Kronander’s, CEO of Sectra, discussion with Bill Russell during the “This Week Health” podcast, where he talks about the benefits of enterprise imaging and cloud, and gives some advice on how to make sure your entire enterprise is secured.
The conversation started by telling the story of Sectra and what lies behind the company name—Secure Transmission due to its origins as a cybersecurity company. “For many years, people did not really understand that we were involved in cybersecurity on a very high level. We are approved at the secret and top secret level by both NATO and the EU as well as the Swedish defense forces. While we were working on cybersecurity, we were also working on medical technologies within the same company.
However, with the increasing threats to medical IT, we have significant synergies between the two. We are now implementing cybersecurity in all of our other departments,” says Torbjörn Kronander, CEO of Sectra. Cybersecurity is very difficult to patch into a system post-development. Cybersecurity is therefore built into the Sectra architecture from day one, with cybersecurity architects reviewing everything. “No chain is stronger than its weakest link. Cybersecurity is very important for us. We take what we know from the military and apply that to medical IT as well,” says Kronander.
This dedication has not gone unnoticed. Sectra was recently recognized by KLAS as one of the eight most cybersecure IT providers of medical IT in the US.
Securing the entire enterprise
Most attacks that happen today are not on the application level, but on the operating system, as was the case with the WannaCry attack in the UK, which more or less brought the entire country to a standstill in terms of healthcare. It is crucial to make sure that any updates that are released are patched immediately into your environment. Going to the cloud, for example Microsoft Azure cloud, is a smart move since they patch their own systems with their own patches immediately, while on-prem hospital environments may not be updated as quickly. What can you do to make sure your entire enterprise is secured? Here is some advice from Torbjörn Kronander:
- First of all, I would suggest securing the operating system. Then, there’s two-factor authentication, which is widespread but not always in hospitals—you still have single factor authentication with a single password.
- Having secure VPN channels is also very important as more and more people are working from home.
- You need to have an umbrella view of the entire system.
- You need to have a modern IT solution like we do internally at our company. You need an “onion defense” to create a delay for each breach of each layer so that the truly core operations are protected inside many layers of security, allowing you to detect an intrusion before it reaches the inner workings of your system.
“Patching the operating systems, two-factor authentication, a proper VPN philosophy and, of course, secure applications—that will take you a long way,” summarizes Kronander.
“I see the imaging systems growing together into a single enterprise system—it is very difficult to maintain ten different PACS: one for ophthalmology, one for pathology, etc. We expect enterprise imaging to grow in the next couple of years—simply because the CIOs want one system to maintain. And for cybersecurity reasons."
One enterprise imaging for different -ologies
Many health systems face the same challenge when it comes to imaging solutions, and it is not a technology issue, but a usability issue, since different -ologies need specific features. How can you get past this? The workflow engine and image archive can be the same for many -ologies, but the user interface, especially the viewing of images, needs to be different.
“You need to have one back-end system that serves everything, but the front-end view will be different,” says Kronander. “We have a special one for orthopaedics, so while they look at normal X-ray images, they look at them in a completely different way and they measure different things. Cardiology is also different. Pathology is completely different too—it is a different type of images. Not to forget our latest addition to our enterprise imaging portfolio—ophthalmology imaging.
Now, you want all of them to be available, but when you view pathology, you want the pathology user interface. But on the same work list, on the same system, you can also view radiology. And then you will get a radiology user interface. So, the back-end is the same, and the front-end varies depending on the specialty.”
Imaging IT in the next couple of years
According to Kronander, cloud will be important. Not only for cybersecurity reasons—he predicts that archiving on-prem will be a thing of the past. Not immediately, but in the long term. Some people are still concerned about speed when they think of very large images being taken locally, going up to the cloud and then viewing them.
Kronander says there is no reason for this concern: “We always stream data, so you actually only look at the data you want to review, like Google Maps. You do not have the entire world at a resolution of one square meter on your phone. The phone sends up data to the cloud, to Google, which then sends the exact little map you want to see back. We do exactly the same—of course, encrypted. That is what happens in pathology—once measurements have been taken, the full resolution image is only viewed by about 3-4% of pathologists. They do not need to see the full resolution for anything more. Then you don’t need to transfer it either because you can still see everything, but you don’t see the delay. Very similar to how Google Maps works.”
The future of Imaging IT in the next couple of years lies in a consolidated structure where you have most of it in the public cloud, in one application, along with a high level of cybersecurity protection around it.
“I see the imaging systems growing together into a single enterprise system—it is very difficult to maintain ten different PACS: one for ophthalmology, one for pathology, etc. We expect enterprise imaging to grow in the next couple of years—simply because the CIOs want one system to maintain. And for cybersecurity reasons. That is what we see coming in the next couple of years,” says Kronander.
Growth in the US market
Sectra is experiencing significant growth in the US market and there is a good reason for that. “We are growing considerably and mainly in large networks. Hospitals in the US are buying and emerging right now, and we are very good at that. We can scale from a single workstation to the entire country. Take our solution in Northern Ireland, for example—we have everything in a single PACS, so you can read all images in the entire country from any workstation, if you are allowed to for cybersecurity reasons. This means that at nighttime you can have a night shift with a particular specialization covering the whole country. This is one example of why our scalability is so important to the significant growth we are currently experiencing,” says Kronander.
You can listen to the whole conversation between Torbjörn Kronander and Bill Russell at This Week Health podcast.