The hidden costs of the shift to digital healthcare

Since the start of the pandemic, a large proportion of healthcare provision has shifted online. We now have virtual visits with our doctors, text our therapists, and use apps to display our vaccination status and see if we’ve been exposed to Covid-19.

While this may be convenient in some scenarios, both patients and the healthcare industry as a whole need to pay closer attention to data security and privacy. That's because the information from our digital health tools is attractive to a variety of bad actors.

According to the experts, there are a few ways in which we can protect our data. But in the absence of stricter regulation, we largely have to rely on digital healthcare providers to do right by their customers, which has created a host of problems.

Risks to data security and privacy

Our medical records are a treasure trove of personal data. Not only do they include relatively standard information (e.g. your name, address and date of birth), they may also include lab results, diagnoses, immunization records, allergies, medications, X-rays, notes from your medical team and, if you live in the US, your social security number and insurance information.

All this personal information is incredibly valuable. Medical records sell for up to $1,000 on the dark web, compared to $1 for social security numbers and up to $110 for credit card information. And it’s easy to see why; once a thief has your medical record, they have enough of your information to do real and lasting damage.

First, thieves can use your personal information to receive medical care for themselves, a type of fraud known as medical identity theft . This can mess up your medical record and threaten your own health if you need treatment. If you live in the US or other countries without universal healthcare, it can also leave you financially responsible for treatment you didn't receive.

Plus, your medical record might contain enough information for thieves to steal your financial identity and open up new loan and credit card accounts in your name, leaving you responsible for the bill. And, in the US, if your medical record contains your social security number, thieves can also file fraudulent tax returns in your name in tax-related identity theft, preventing you from receiving your tax refund.

The highly sensitive nature of medical records also opens up other, even more disturbing, possibilities. If, say, you have a stigmatized health condition, a thief can use your medical record as ammunition for blackmail. And in today’s politically charged climate, your Covid-19 vaccination status could be used for similar purposes.

Worse still, as cybersecurity researcher and former hacker Alissa Knight explained in an interview with TechRadar Pro , "if I steal your patient data and I have all your allergy information, I know what can kill you because you're allergic to it."

What makes the theft of health information even more serious is that, once it’s been stolen, it’s out there for good.

As Knight explained, "[it] can't be reset. No one can send you new patient history in the mail because it's been compromised.” So dealing with the theft of your health information is much harder than, say, dealing with a stolen credit card. In fact, medical identity theft costs, on average, $13,500 for a victim to resolve, compared with $1,343 for financial identity theft. And, unfortunately, medical identity theft is on the rise .

But thieves are not the only ones interested in your health data. It’s also incredibly valuable to advertisers, marketers and analytics companies. Privacy regulations, like HIPAA in the US and the GDPR and DPA in Europe and the UK, place restrictions on who healthcare providers can share your medical records with. But many apps developed by third parties don’t fall under HIPAA and some don’t comply with GDPR.

For example, if you download a fertility app or a mental health app and input sensitive information, that data will probably not be protected by HIPAA. Instead, the protections that apply to your data will be governed by the app’s privacy policy. But research has shown that health apps send data in ways that go beyond what they state in their privacy policies, or fail to have privacy policies at all, which is confusing for the consumer and potentially illegal in Europe and the UK.

So, while convenient, online and mobile health tools pose a real risk to the security and privacy of our sensitive data. The pandemic has both exposed and heightened this risk.

Security failures during the pandemic

The pandemic has seen an alarming rise in healthcare data breaches. The first year of the pandemic saw a 25% increase in these breaches, while 2021 broke all previous records .

Some of these security lapses involve pandemic-focused digital health tools. For example, UK company Babylon Health introduced a security flaw into its telemedicine app that allowed some patients to view video recordings of other people's doctors' appointments. And the US vaccine passport app Docket contained a flaw that let anyone obtain users' names, dates of birth and vaccination status from QR codes it generated, although the company was quick to release a fix.

Non-pandemic focused tools were also affected. For example, QRS, a patient portal provider, suffered a breach impacting over 320,000 patients , and UW Health discovered a breach of its MyChart patient portal that affected over 4,000 patients .

Knight’s research, however, shows that the security of digital healthcare is far worse than even these examples suggest. In two reports published last year, she demonstrated that there are significant vulnerabilities in the application programming interfaces (APIs), used by health apps.

APIs provide a way for applications to talk to each other and exchange data. This can be extremely useful in healthcare when patients may have health records from different providers, as well as information collected from their fitness trackers, that they want to manage all in one app.

But vulnerabilities in APIs leave patient data exposed. One way this can happen is through what’s known as a Broken Object Level Authorization (BOLA) vulnerability. If an API is vulnerable to BOLA, an authenticated user can gain access to data they shouldn’t have access to. For example, one patient might be able to view other patients’ records.

All the APIs Knight tested as part of the research documented in her first report were vulnerable to these kinds of attacks. And three out of the five she tested in her second report had BOLA and other vulnerabilities, which gave her unauthorized access to more than 4 million records . In some cases, Knight told TechRadar Pro , she was able to “actually modify dosage levels [of other people’s prescriptions], so if I wanted to cause harm to someone, just going in there and hacking the data and changing the prescription dosage to two or three times what they're supposed to take could kill someone."

Although the reasons behind these security lapses are multifaceted, the rush to make apps available during the pandemic did not help. In Knight’s words, “security got left behind.”

But while the situation may seem bleak, Knight is relatively optimistic about the future. She believes that “true security starts with awareness” and insists "industries need to be educated on the attack surface with their APIs and know that they need to begin protecting their APIs with API threat management solutions instead of old legacy controls that they're used to”.

In the meantime, there's little consumers can do to protect their health data from API vulnerabilities. As Knight said, "a lot of these problems are outside of the consumers hands." She noted that "the responsibility is on the board of directors and the shareholders to make sure that companies are making more secure products.”

Privacy and the pandemic

Besides staggering security flaws, the pandemic has also brought about significant violations of privacy.

Some of these failures occurred in pandemic-focused apps. In the US, for example, the government approved contact tracing app for North and South Dakota was found to be violating its own privacy policy by sending user information to Foursquare, a company that provides location data to marketers. And in Singapore, while the government initially assured users of its contact tracing app that the data would not be used for any other purpose, it was later revealed that the police could access it for certain criminal investigations.

Mental health apps were also the subject of pandemic privacy scandals. For example, Talkspace, which offers mental health treatment online, allegedly data-mined anonymized patient-therapist transcripts , with the goal of identifying keywords it could use to better market its product. Talkspace denies the allegations. More recently Crisis Text Line, a non-profit that, according to its website, "provides free, 24/7 mental health support via text message," was criticized for sharing anonymized data from its users' text conversations with Loris.ai, a company that makes customer service software. After the resulting backlash, Crisis Text Line ended its data sharing arrangement with the company.

Nicole Martinez-Martin, an assistant professor at the Stanford Center for Biomedical Ethics, told TechRadar Pro that one problem with mental health apps is that it can be "difficult for the average person, even informed about what some of the risks are, to evaluate [the privacy issues they pose]”.

This is especially problematic, given the demand for such apps thanks to the mental health crisis that has accompanied the pandemic. Martinez-Martin pointed out that there are online sources, such as PsyberGuide , that can help, but she also noted "it can be hard to get the word out" about these guides.

Martinez-Martin also said that the Crisis Text Line case "really exemplifies the larger power imbalances and potential harms that exist in the larger system" of digital mental health.

But maybe there’s still reason to be cautiously optimistic about the future. Just as Knight believes that “true security starts with awareness”, perhaps better privacy starts with awareness, too. And the pandemic has certainly highlighted the significant privacy risks associated with digital health.

Martinez-Martin pointed to "regulation, as well as additional guidance at a few different levels, for developers and for clinicians using these types of technologies" as steps we can take to help tackle these risks.

What can be done?

While the pandemic has shown us the convenience of digital health tools, it has also thrown their security and privacy issues into sharp relief. Much of the responsibility for addressing these problems lies with the healthcare industry itself. For patients and consumers, however, this can be frightening and frustrating because companies may not have much, if any, motivation to make these changes on their own.

But consumers, patients, and security and privacy experts can push for stricter regulations and attempt to hold companies accountable for their failures. It's true that we may not always have the leverage to do this. For example, at the beginning of the pandemic, when in-person doctors' appointments were not available, we had no option but to give up some of our security and privacy to receive care via telehealth. However, the increased awareness the pandemic has brought to security and privacy issues can work to our advantage. For example, the public criticism of Crisis Text Line caused it to reverse course and end the controversial data-sharing relationship it had with Loris.ai.

Basic security hygiene on the part of patients and consumers can also help. According to Stirling Martin, SVP of healthcare software company Epic, there are two steps patients can take to protect their data:

“First, exercise care in deciding which applications beyond those provided by their healthcare organization they want to entrust their healthcare information to. Second, leverage multifactor authentication when provided to further secure their accounts beyond just simple username and passwords .”

By taking advantage of the increased awareness of security and privacy risks, holding companies accountable, and practicing good security hygiene ourselves, we stand a chance of improving protections for our medical data.

Samsung Galaxy S21 FE vs Google Pixel 6: which affordable flagship hits the spot?

The Samsung Galaxy S21 FE and the Google Pixel 6 both claim to offer flagship thrills for a slightly lower price than you might expect to pay.

We’ve tested both phones extensively, and you can read our reviews in the links above. But if you’re simply after the lowdown on which ‘affordable flagship’ is the better phone, you’ve come to the right place.

Here’s our definitive view on the comparative strengths and weaknesses of the Samsung Galaxy S21 FE and the Google Pixel 6.

Samsung Galaxy S21 FE vs Google Pixel 6: price and availability

The Samsung Galaxy S21 FE was released on January 7, 2022, about a year after the rest of the S21 range. It costs £699 / $699 / AU$999 for the 6GB RAM/128GB storage model, and £749 / $769.99 / AU$1,099 for the 8GB/256GB model.

The Google Pixel 6 landed a few months earlier, on October 28, 2021. Prices for the Pixel 6 start at $599 / £599 / AU$999 for 128GB. There’s also a 256GB model in the US and Australia markets, which costs $699/AU$1,129.

We described the Galaxy S21 FE as “far too expensive” in our review, and that’s because its rival, the Pixel 6, is about $100/£100 cheaper.

Design

The Samsung Galaxy S21 FE looks a lot like the Galaxy S21 - and, by extension, the Galaxy S22. All of these Samsung phones are identifiable by the company’s ‘Contour Cut’ camera module design, which seems to flow out of the frame of the phone.

Google’s Pixel 6 design is all new, with a bold full-width camera module that resembles a futuristic visor. We dig the two-tone color scheme, too. The Pixel 6 (as well as the Pixel 6 Pro ) is quite possibly the best-looking phone Google has ever made.

Speaking of colors, the Galaxy S21 FE comes in White, Graphite (black), Lavender (purple), and Olive (green). The Pixel 6 gives you the options of Stormy Black, Sorta Seafoam, and Kinda Coral.

One underwhelming feature the Galaxy S21 FE shares with the Galaxy S21 is a plastic body, which feels a little cheap given its price tag. Indeed, you might find yourself questioning that price difference between the S21 and the Pixel 6 when you see that the Pixel is all glass and metal.

The Galaxy S21 FE is the smaller, lighter device here. It measures 155.7 x 74.5 x 7.9mm and weighs 177g, whereas the Pixel 6 measures 158.6 x 74.8 x 8.9mm and weighs 207g.

Both phones are IP68 certified, so they have the same level of dust and water resistance. But for overall design, the Pixel 6 wins over the S21 FE.

Display

Both of these phones give you 6.4-inch FHD+ OLED displays, and both of our reviewers noted how vibrant they were.

The Galaxy S21 FE has a slight advantage over the Pixel 6 because of its 120Hz refresh rate. Google’s phone only hits 90Hz.

The vast majority of people won’t notice a difference, but the Galaxy S21 FE screen is noticeably smoother when scrolling through web pages, emails and the like.

In our review, we described the Galaxy S21 FE’s screen as its “strong suit.” The Pixel 6’s display meanwhile is a welcome upgrade from that of the Pixel 5.

Many rivals will position their camera cut-outs in a corner, but both the S21 FE and the Pixel 6 place theirs in the middle of the top. We don’t have a particular preference, but that design choice gives these phones a pleasing sense of symmetry.

Camera

Each phone offers its own photographic capabilities but they share some similarities as well. The Galaxy S21 FE has a triple-camera system with a dedicated telephoto lens. The Pixel 6, on the other hand, gives you a dual camera system with no optical zoom facility.

Samsung has gone with a 12-megapixel wide sensor, backed by a 12-megapixel ultra-wide and an 8-megapixel telephoto. The latter lets you shoot 1.1x optical and 3x hybrid zoom shots.

Google’s phone employs a 50-megapixel wide sensor, which is also backed by a 12-megapixel ultra-wide. You can grab 2x zoomed shots, but these are simply crops from that pixel-packed wide sensor.

Unsurprisingly, we found that the Samsung Galaxy S21 FE’s camera performance is largely comparable to that of the S21. That means the S21 offers sharp, bright shots packed with social-media-friendly oversaturated colors.

The Pixel 6, meanwhile, takes flat out better photos in most conditions. The nuance in the colors and shadows is simply on another level when compared to shots captured by the Galaxy S21 FE. The Google phone’s pictures give you a more true-to-life tone and much clearer night shots.

The only area in which the Samsung reigns supreme is in those zoomed shots, given that it has a telephoto lens, which the Pixel 6 lacks.

Both camera systems bring software tricks to the table. Samsung gives you Single Take, which captures 5 to 15-second snippets of video and pulls out the best stills and footage. Google offers Face Unblur, which clears up blurry human faces, and Magic Eraser, which lets you remove photo-bombers with a tap.

Both phones can record video footage at a 4K resolution and 60fps.

Specs and performance

The Samsung Galaxy S21 FE runs on the Snapdragon 888, which is a generation behind the Snapdragon 8 Gen 1 of the Galaxy S22 family.

It’s still speedier than the custom Tensor chip that powers the Google Pixel 6, however, at least in terms of raw CPU power. An average Geekbench 5 multi-core score of 2837 falls short of the Galaxy S21 FE, which averages around 3100.

Google will tell you that its custom Tensor chip is all about the ML, or machine learning capabilities. With these extra smarts, the Pixel is able to pull off its unique camera tricks and speedy real time speech transcription..

It’s important to note that a few digits on a benchmark test result mean nothing compared to the experience of using both phones. And on that front, there’s really nothing between them.

Both handsets are equally speedy when it comes to surfing the web or playing games. High-end games run smoothly on both devices.

Both phones give you 8GB of RAM and a choice of either 128GB or 256GB of storage, depending on your region.

There is a key difference when it comes to software. The Samsung Galaxy S21 FE runs Android 12 , with Samsung’s One UI 4 fork laid over the top. The Pixel 6 runs pure Android 12, precisely as Google intended it.

While Samsung’s UI has come a long way in recent years, and is potentially more customizable than stock Android, it’s still a bit cluttered and less cohesive.

Furthermore, certain software features are only available on Google’s phone (thanks to that Tensor chip), like the ability to Live Translate audio. We really dig Google’s Material You color palette coordination system, too, which serves to sync up widgets and UI icons to match a chosen color theme.

Battery

The Samsung Galaxy S21 FE gives you a 4,500mAh battery, while the Pixel 6 goes with a 4,612mAh battery. Those are very similar indeed.

With the Galaxy S21 FE, our reviewer found that “heavy use ensured we’d need to charge the mobile in the early evening to keep it ticking until the next morning.” In our Pixel 6 review, we noted that the phone “comfortably makes it through a full day of use,” but concluded that it was a “middling battery.”

The Pixel might have the slightest of edges, then, through a combination of that slightly larger battery and a slightly less demanding 90Hz display. But neither of these phones is a stamina champ.

When it comes to recharging, the Samsung Galaxy S21 FE supports 25W charging, while the Pixel 6 can only offer 21W charging support. Neither gives you a charging brick in the box, which leaves both flailing behind the likes of the Xiaomi 12 and the OnePlus 10 Pro .

Both phones support wireless charging.

Takeaway

Given that there were just two months between our Samsung Galaxy S21 FE and Google Pixel 6 reviews, it’s not difficult to establish which phone we think is the better buy. We rated the Pixel 6 a single point higher out of 10.

There are several reasons for this. While the two phones are reasonably well matched in general terms, the Pixel 6 gives you a better camera and a fresher design for $100/£100 less.

The Galaxy S21 FE is a good phone taken in isolation, but it launched way too late in the day, and for way too high a price, for it to earn an unqualified recommendation. Despite a few foibles (like the lack of a telephoto lens) the Pixel 6 earned a nod from us.

The Galaxy S21 FE is a good phone that suffered from a calamitous launch process. The Pixel 6 is simply a good phone.

Get ready, Money Heist fans – its creator is making more Netflix shows

Lamenting the end of Money Heist on Netflix? It sounds like the show’s creator, Álex Pina, is working on an even more ambitious new series for the streaming service .

The acclaimed writer-producer has extended his multi-show deal with Netflix, which has given the green light to a still-untitled show reportedly inspired by the Covid-19 pandemic.

According to The Hollywood Reporter , the new series will be set in a luxury underground bunker designed to protect Spain’s elite from the perils of the outside world. Pina has said the idea was born from a Spanish newspaper story exposing a series of pandemic-proof shelters bought by wealthy Spaniards in recent years.

“Some of the new shelters that were being built were luxury homes in the subsoil,” Pina told THR. “Up to 15 floors down, with exclusive services such as [a] cinema, pool, spa, gym and common gardens. With water and food to survive more than five years. An underground community for 75 people.”

“[So] we thought about what life would be like there,” Pina added. “Social, family and romantic relationships, in an underground shelter [into] which they had hastily and exclusively fled.”

Incidentally, the show’s premise reads like a prequel story to fellow Netflix series The Rain, a Scandinavian drama following two siblings who emerge from the safety of a bunker to find the world has been ravaged by a deadly virus.

There’s been no word yet on when Pina’s pandemic-inspired project will arrive on the streamer, nor who will make up its cast. Being set in Spain, though, we’d say there’s a good chance we’ll see some familiar Money Heist faces attach themselves to the show soon.

Speaking of which, Pina’s Netflix deal extension also includes a Money Heist spin-off series, Berlin, focused on the back-story of Pedro Alonso’s fan-favorite character. We know this one is scheduled to hit the streamer in 2023, which is most likely earlier than Pina’s brand new show.

Recapturing the Money Heist magic

Money Heist has proved to be an unexpectedly lucrative investment for Netflix.

Having been originally created for Spanish television network Antenna 3, the streaming service began financing the show in its third season, and it would go on to become, for a time, the most-watched non-English-language drama on the platform.

Hwang Dong-hyuk's Squid Game has since stolen that accolade , but Money Heist nonetheless remains one of the biggest shows on Netflix , which explains why the streamer was so keen to maintain the exclusive rights to new shows written by its talented creator, Pina.

In addition to those two new Spanish-language shows, though, Pina is also set to executive produce a Korean version of Money Heist for Netflix – which will be led by none other than Squid Game's Park Hae-soo.

Netflix has said the upcoming adaptation will “breathe new life into the familiar [Money Heist] storyline and bring the material afresh to global audiences.”

In 2021, we would have said with confidence that no other Netflix series could ever prove as popular as Squid Game – apart from Squid Game season 2 , perhaps – but a Korean version of the streamer's second-most popular international show (featuring a leading man from its most popular, no less) has us re-thinking that assumption.

In any case, Money Heist fans may have seen their beloved show come to an emotional end last year, but they've got plenty to look forward to on Netflix in the (hopefully) near future.