The adoption of telehealth, decentralized clinical trials, distributed care delivery, at-home diagnostic testing and personalized digital therapeutics continues to accelerate. These digital solutions are being deployed across an increasing number of health issues, ranging from reproductive health and mental health to cancer screening and diabetes. Concurrently, the incidence, cost and time to recovery of healthcare cyberattacks and data breaches have risen substantially. In the United States in 2020 alone, 599 cyberattacks affected more than 26,435,000 patients and cost an average of $499 per breached record; each breach took an average of 263 days to recover1. Other examples of cyber health harms include those caused by the COVID-19 infodemic, misuses of unconsented health data (such as the unconsented sale of data captured by the National Suicide Hotline in the US)2, negative financial and emotional impacts from cybercrime, nation-state-sponsored disruption of healthcare (such as the disruption of the UK’s National Health Service by WannaCry) and the use of stalkerware for intimate partner violence3,4. Yet these potential harms are rarely discussed or prevented.

A risk framework, developed from other commonly accepted risk frameworks, is needed to classify, identify and encourage mitigation of cyber harms within the context of rapidly evolving risks of digital health.

One of the best-characterized domains of patient safety and benefit–risk analysis is drug side effects. The pharmaceutical and medical device domains have served as the basis for the US Food and Drug Administration’s consideration of digital health validation and provide an exemplar for understanding risks from digital health. Drug side effects are often classified therapeutically, but can instead be organized anatomically, in an easily understood hierarchical matrix of organ systems, organs and severity of known side effects5. The field of cybersecurity has recently produced an analogous classification system for cyber harms that can be adapted to digital health6, whereby internet connectivity results in increased risks as exposure to the internet increases, not unlike incidence proportion in classical epidemiology7. Cyber harm is a new health risk in the digital era of health, along with misdiagnosis, mistreatment, misinformation, cyberchondria and poor health outcomes, which cascade from inadequately secured systems and exploited data.

Digital health vulnerabilities

The first step in constructing a risk framework for digital health is to understand the vulnerabilities relevant to the populations of interest. Table 1 describes potential digital health vulnerabilities according to the five dimensions of the taxonomy of cyber harms. Just as health outcomes are inextricably linked to social factors, so are digital health risk factors; these factors can interact and thereby increase or decrease the relative benefit or harm8. Considering these vulnerabilities is critical to protecting patients by increasing equity of benefit and decreasing harms.

Table 1 Risk factors for digital health harms6,11

For example, a family that cannot afford home broadband service might rely on public WiFi to access a patient portal, thereby increasing the probability of identity theft and exacerbating their preexisting financial vulnerability. Low digital or health literacy increases the chance of stolen data and of vulnerability to health misinformation. Loss of reproductive privacy can now lead to criminal charges in the United States for patients and clinicians9, with geography the greatest risk factor. Many US states that have or are in the process of outlawing abortion have some of the highest Social Vulnerability Index scores10,11. The primary categories of this proposed model therefore include harms in the physical/digital, economic, psychological, reputational and societal domains.

Cyber harms

The second step in the framework is to codify the potential harms that can result from these digital health vulnerabilities. Codifying harms from technologies can be difficult and complex, and should not be read as a blanket condemnation of digital health. For example, there are many virtuous and valuable uses for health-related social media campaigns. Similarly, segmenting target audiences based on digitally collected data and information can allow a precise match between potential clinical trial participants and potentially lifesaving investigational therapies. Unfortunately, these same tools can also be utilized to disseminate disinformation, to radicalize and manipulate people towards violence, or to initiate social engineering cyberattacks in which people are manipulated into providing data or credentials. In order for the healthcare industry to reap the benefits of digital health tools, everyone working this field must understand the ways in which digital toolsets can worsen health and exacerbate public health issues, whether these contributions are causal, contributing or benignly enabling.

Cyber harm can have major economic ramifications, such as the criminal diversion of improper Medicare payments, estimated to have cost $28 billion in the United States in 2019 alone, and cyberattacks such as those against Boston Children’s Hospital in 2014 and the WannaCry ransomware attack, which crippled healthcare infrastructure12. Given the major impact of cyberattacks on healthcare, a Zero Trust framework is required, in which all users, whether in or outside the organization’s network, need to be authenticated, authorized and continuously validated before being granted access to applications and data.

Not all digital health cyber harms are caused by criminal actors. Patients can experience mental and psychological harm if their diagnoses are inadvertently revealed by digital health companies or seen on digital devices by friends, family or third parties. Another risk is third-party selling of information, sometimes about sensitive diseases, and the potential release of information on sensitive topics such as reproductive health, which can cause major reputational harm13,14,15. For some disease entities or digital health solutions, psychological or physical harms may be more salient than systems disruptions or economic costs. Awareness of what types of harm are possible in each case can allow mitigation measures to be put in place.

Additional examples of harms are presented in Table 2; many of these are potentiated by multiple coexisting vulnerabilities4,16,17,18,19,20. The interplay is complex. Sometimes the technology is an attack vector, but in other instances, the technology may be only partially causative or contributing, with other vulnerabilities, such as the use of outdated technology or being in an abusive relationship, potentiating the cyber harm.

Table 2 Case studies of digital health harms and potential mitigating strategies

Table 2 also demonstrates the fragmented legal and regulatory framework for addressing cyber harms in the United States, which include law enforcement, health, media and economic regulatory agencies. Few digital health companies are ‘covered entities’21; they are therefore not subject to the minimal protections afforded by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. These gaps in legal protections leave vulnerable patients at higher risk than the less vulnerable, as those with the most serious illnesses often have the greatest exposure due to frequency of healthcare visits and diversity of facilities visited. As with polypharmacy, multiple cyber harms can occur simultaneously from a single exposure.

Although these potential harms can and have been experienced by everyone from individuals to multi-billion-dollar healthcare systems, those who are socially vulnerable are at highest risk. Minority populations and the elderly are targeted by cybercriminals more often than others, and vulnerability to various types of cybercrime is directly related to socioeconomic status22. Populations that are particularly vulnerable to cyber harms must be protected proportional to their risk.

Impact and likelihood

The impact and likelihood of harms from digital health technologies, and potential mitigation strategies, can be assessed using a classification framework. Table 3 proposes an evaluative approach based on a previously modified cyber risk equation that accounts for the cumulative effects of health, social and cyber vulnerabilities23. This framework can be applied where digital solutions might be used in clinical and clinical research situations, providing a useful guide for digital health developers and healthcare providers alike. The framework emphasizes the importance of social and physical vulnerabilities. It also highlights that one can reduce the risk of harm in multiple ways: by minimizing the attack surface, minimizing vulnerabilities or incorporating other mitigation measures.

Table 3 Evaluation framework for harms from digital health interventions

The intention of this framework, like that of the US Food and Drug Administration’s pharmaceutical framework5, is not to dissuade use of digital health, but rather to focus attention on the importance of identifying, and mitigating, potential harms for the populations that are most at risk. To ensure the safety of patients in the digital era of health, those advancing digital strategies must study and classify the cyber side effects of digital health and build accurate and proportional benefit–risk frameworks to guide essential innovations. Proactively mitigating risk will make the benefits of digital health more likely to be realized by the full spectrum of patients and healthcare systems.

More focused, aligned and actionable regulatory frameworks that close the gaps between federal regulators and law enforcement are required as an effective deterrent to bad actors. When crime carries extremely low risk of consequence, it flourishes, but there are mitigations available today that should be utilized.

Finally, the most important step may be the easiest. In digital health, simply being thoughtful about when and why digital tools and datasets are connected to the internet can dramatically decrease risk, as demonstrated in Table 3. It is impossible to eradicate risk altogether, but an intentional approach can successfully identify when and where risks of harm exists, indicate the most successful mitigation strategies and ensure that the benefits of the digitization of healthcare can be reaped by all individuals the healthcare system is intended to serve.