The latest cyberattack several weeks ago – the WannaCry ransomware – pointed out to everyone that there is a glaring cybersecurity weakness in healthcare systems worldwide.
In the U.K., its National Health Service (NHS) was a prime example. Many of its computers were infected by WannaCry.
And don’t think we are immune from such attacks here in the U.S.
The Wall Street Journal recently reported that many attacks on healthcare systems simply are not reported to the Department of Health and Human Services.
Attacks on hospital systems in Maryland, Texas, Kentucky, and California went unreported as official cybersecurity breaches.
But the effects were very real. MedStar Health of Maryland told the Journal it took three weeks before everything was back to normal.
Getting back to the NHS in Britain, a few British hospitals were actually forced to turn away emergency patients and delay surgeries.
That brought home the very reality that someday cyberattacks could actually cause deaths.
Digital Medicine Danger
One of the major trends in progress at the moment is the move toward digital health. Miniaturized sensors, wireless technology, and data analytics all will give doctors real insights into what’s happening inside the bodies of their patients.
PricewaterhouseCoppers forecast that, by 2020, the market for digital health products and services will be a $61 billion business.
But there is one major problem with the rise of connected healthcare – those cyberattacks from unscrupulous people.
Tens of millions (113 million in 2015) of sensitive electronic health data about people have been compromised in recent years thanks to security breaches of almost non-existent cyber-security in many healthcare systems.
Medical Device Cyber Threat
But today, the real worry goes beyond the theft of sensitive patient data. The worry is that hackers could do actual harm to patients.
I recall an episode of Homeland where terrorists sabotaged the pacemaker of a U.S. vice-president.
Just fiction, right? Unfortunately, no.
Back in 2008, university researchers were able to reverse-engineer an implantable cardiac defibrillator’s communications protocol. In other words, it could be told to malfunction. And in 2012, the government’s GAO had researchers take control of two medical devices with wireless capabilities.
And just this past December, European researchers found cybersecurity flaws on 10 implantable cardiac defibrillators currently on the market.
Medical Device Companies Headache
This is not good news for the makers of the new generation of medical devices with features like wireless connectivity, remote monitoring, and near-field communications technology.
Last fall, Johnson & Johnson (NYSE: JNJ) had to warn that its insulin pump had a security vulnerability that would allow hackers to access the pump and cause a potentially fatal overdose of insulin.
A similar situation happened with the Symbiq infusion pump made by Hospira, which is now owned by
Pfizer (NYSE: PFE).
And St. Jude Medical, now part of Abbott Laboratories (NYSE: ABT), has been dealing for many months with the fallout from cyber-vulnerabilities in some of the company’s pacemakers, defibrillators, and other medical electronics.
The vulnerability of medical devices to hacking led the Food and Drug Administration (FDA) to issue guidelines on medical devices saying that the manufacturers have an obligation to consider the cybersecurity of their devices during design and throughout the operating life of that device.
With all these devices inside of patients nowadays, it is almost inevitable that the demand for ransom will take a lethal turn. This fictional scenario probably isn’t too far off:
- Cyber-criminals demand ransom from a hospital. If not paid, the bad guys will insert codes that will cause some medical devices to malfunction, killing patients. Or perhaps they will launch a denial-of-service attack that could cause the devices to malfunction.
- Or terrorists cause mass panic by randomly killing people that rely on certain medical devices.
As Suzanne Schwartz of the FDA’s Center for Devices and Radiological Health said, “There is no such thing as a threat-proof medical device.”
That is a scary thought when you consider that U.S. hospitals currently average 10 to 15 connected devices per bed, according to Internet of Things security firm Zingbox.
Cyber Health Security Investments
The investment opportunity in the field of cyber-security for healthcare facilities is huge.
I will be covering some of the specific companies involved in the sector in future issues of Growth Stock Advisor (which you can try out for 30 days free by clicking this link).
But for broad exposure to cyber-security, I would recommend the purchase of one of the two ETFs focused on the sector.
These are the PureFunds ISE Cyber Security ETF (NYSE: HACK) and the First Trust Nasdaq Cybersecurity ETF (Nasdaq: CIBR).
Both portfolios have similarities, such as the two top holdings being Palo Alto Networks (NYSE: PANW) and Akamai Technologies (Nasdaq: AKAM).
And both have relative laggards to other technology stocks. HACK is up 13.5% year-to-date and 22.35% over the past year. The numbers for CIBR are 10.5% and 21.5% respectively.
In this day and age, these will be good long-term investments.
The massive windfall from cybersecurity profits is just one opportunity for investors to profit from the dominant technologies that will power our economy in the next five to ten years. In my Growth Stock Advisor Letter, I just recommended to my subscribers a specialized robotics company that actually makes the software that allows robots to ‘see’.
I soon see this critical technology being utilized in manufacturing robots all over the world, and investors that get in now will see massive profits as this technology matures and spreads aroudn the globe.
I’m giving out this recommendation for free, click here to find out how to receive your copy.