Managing Cyber Security Risk In Health Tech

yes good morning everyone um I'm Arena I'm lead product manager for an early stage startup and I'm a founder of a product management management consultancy based in chelam um I'm so excited to be here today um to share my ideas uh um on an actionable strategy uh how we can uh approach cyber security risk management in health Tech startups um in my role I had an opportunity to bring an Innovative uh AI driven product uh to life uh and uh today I'll walk you through my journey of how I put together a framework for uh cyber security risk management um so what we will cover today uh first is an overview of the technology its risks and benefits

then um different types of risks in health Tech and basically uh the risk management framework itself so here we have a bit of Statistics so um healthtech startups are on the cutting ede bringing new innovative solutions um that can uh track patient um sorry um so the solution that um bring Diagnostics um to the next level and instead of checking Health Magics at a clinic like in Middle oh [Music] thanks can you hear me better yes thanks um yeah so instead of checking your health matrics in clinque in person um now we can use mobile applications um to track uh your health metrics um especially um using AI uh that can s through lots of data and send

the data directly to clinicians so with chronic disease on the rise aging population in the UK and few inperson visits um uh there is a growing need for uh real time continuous Health monitoring uh and uh we can see it uh on the slide uh some um some analysts predict that uh the market for wearable devices will grow by 97% by 2033 um so uh just out of curiosity how many of you are using any health or Wellness applications uh um how to you like them I happy or not more or less I see yeah basically you probably noticed that uh there is a boom in recent years uh in different mobile applications uh and relable devices uh

integrated with AI uh so these uh applications can predict the outcomes give you some recommendations uh tips and tricks um non-medical advice uh but integrating Ai and variables into Health Tech also introduce risks so which can compromise patient data disrupt clinical operations uh and lead to financial loss as well and undermine trust and digital Health in general uh and health industry is increasingly targeted by cyber attacks because of critical nature of its services and high value um data so um as we are seeing rise uh in using AI in healthcare both patients and doctors are started to form opinions about it um so we can see that patients uh enjoy to monitor their Health remote ly

quickly uh they feel more involved in their Health Management uh they gain better understanding of their health and doctors benefit from um data driven Insight stream streamlined operations consultations and early detection of issues however there are quite a lot of concerns um there are concerns about data accuracy uh technology integration over dependence on technology uh potential impact on the patient Behavior such as increased anxiety or uh inappropriate self-medication but the biggest concern is related to AI generative AI in particular uh which includes machine learning models that can generate new data uh insight and give recommendations so here is uh a closer look at how different uh AI use cases associated with different types of risks in

healthtech uh so you can see that data privacy and security are very

important also transparency and accuracy of AI algorithms uh and legal and ethical issues so all this should uh guide the development of um Health Products uh in addition over Alliance on AI uh could lead to reduced interaction with Healthcare Providers and even a deine in critical thinking skills among medical practitioners so now uh we are going to have a closer look at one of the products um I would say it's typical product for remote patient monitoring so on this slide you can see system architecture data flow it's um very simplified version so typical U health product for remote patient monitoring consists of a mobile application and a varable device for patient uh and a web application for

a doctor uh so uh the medical uh device the varable device um it's usually equipped with a sensor that can transmit data to a mobile application uh and AI model analyzes this data uh and keeps it in Cloud that allows uh us for um real time access and Analysis uh and the web application can be a kind of dashboard uh that show show supports for

[Music] clation So based on the particularities of this system uh we identifi three different areas of risks so first uh yellow risk related to user experience second p uh risk related to hardware and software and the third people um it's risk related to AI uh some people ask me why I see a risk related to AI as a different type of risks type of risk compared to software uh the answer is pretty simple with software uh you can be sure 100% that it it works uh when you develop it you have I hope have clear definition of done and you um you can say that if you click this button you expect this result um with AI uh it doesn't work you can't

be 100% sure that the system is working and basically what it means that it's working so you basically can't test uh AI model exhaustively um yep so uh after considering uh the data flow in the system we identified specific risks in each Cate and it turned out that cyber security risk is present in every category uh which makes it most critical to address so uh it includes um AI posing in attacks data security data privacy software box sofal engineering and po user training all this can lead to compromised patient data and the disruption of clinical operations

[Music] and uh basically to sport uh the cyber security risks early uh and to create strategies uh to mitigate them I put all these bits together into the framework uh the framework consists of five steps the first step is identifying the technology architecture based on use cases uh so um before building a product um ask yourself uh what what are the use cases how uh the patient and the doctor are supposed to use the system uh for example in case of a chatboard uh should it talk directly to a patient or to a doctor should it give medical advice or nonm medical advice uh what kind of data are you going to use to train your model is it publicly

available data probably not um because um you can't avoid bias and there is nothing commercial in using publicly available data um also um here you should uh take into account how the data will be collected how it will be transmitted how it will be analyzed and stored uh and also how it will be presented uh through user interfaces so the second step uh identifying risks associated with different areas of Technology architecture you can see also some uh approaches um which you can use for these steps uh at this point also uh it's very important to keep all key stakeholders to involve them um in order to identify risks interdependencies uh the third step uh assessing and prioritizing

risks so um here we should uh determine potential consequences of each risks and also you can see uh approaches which can be used for this step the first one uh developing risk mitigation strategy um also um depends on uh what what kind of risks uh you assume are the most critical and the fifth one monitor in and reviewing uh in addition to these steps uh you should uh ensure that you're compliant with all the regulations and uh you maintain continuous communication with key stakeholders and you provide training uh and raise awareness among uh Healthcare professionals um also it's important to keep the documentation up to date I I know that in startups uh this piece is

usually neglected because you don't have enough resources you don't have enough time uh and you're too excited to do some real things rather than update the documentation uh but in in case of healthtech that's really important uh to keep all um all the updates um all the uh results of risk assessment U uh and best practices um in addition um I strongly believe that uh cyber security is about people more about people rather than Tech uh so I think our top priority uh should be providing promoting um Security First mind mindset um both among um team members and uh users and Healthcare professionals so that could include uh training using real world scenarios um honestly I hate tests and as practice

show that um employees they usually try to skip all these questions in order to finish it quickly and just get rid of it um that's why real world uh scenarios U simulations could work U much better here um yeah so to conclude um I think making cyber security a top priority when you develop digital Health product is essential uh although technology and cyber threats uh are constantly changing um facing these challenges head on allows us to innovate uh confidently and responsibly so uh here is my contact information if you'd like to continue this discussion to ask some questions I'm happy to connect with you on LinkedIn or just grab me after the talk um yeah thank you for your

attention

today you any questions do you have any questions for anybody yeah um data anonymization has been quite an important thing in uh Health Data um tyly for giving the data to researchers do you think that AR icial intelligence will mean that it's harder to anonymize data suitably to prevent someone from being reidentified in the various patterns in their health record um good question it it depends on um how you train your model um well in my project we didn't use um like chpd which is quite widely used day it was like our in-house built uh model uh I think uh it it

depends happy yep thank you very much