Cyber Security in Healthcare.

It is commonly understood that the recent UK hacking situation in the NHS, was via its connected machinery, rather than direct into the hospital servers. We focus on what’s up at the forthcoming conference in San Francisco, with this  timely announcement from Tel Aviv based company Cynerio, who today announced its mission to protect the future of healthcare by focusing on its weakest link – the connected medical device ecosystem.

What they say is, by building a tailor-made solution for healthcare providers, they deliver  complete visibility into a healthcare organization’s medical device ecosystem, protecting it from cyber threats and helping the organization meet HIPAA regulatory requirements.

The company was founded by cybersecurity experts Leon Lerman, CEO, and Daniel Brodie, CTO, to deliver a cybersecurity solution specially designed for healthcare providers, based on the industry’s first technology that combines device behavior modeling with medical workflow analysis to provide full visibility into medical device behavior and activity on the network, accurately detect anomalies with deep understanding of the medical context and stop the threat to ensure patient safety and data protection.

“Connected medical devices are delivering a new level of patient care, but present new challenges of managing and securing the growing clinical ecosystem. For attackers, medical devices are easy targets, as the devices aren’t built with security in mind and healthcare security teams have limited ability to protect these devices with traditional IT security solutions that are more focused on standard platforms. Our technology offers a comprehensive solution, purposely built to protect the medical device ecosystem and their sensitive data,” explained Lerman.

A FANTASTIC BUZZ AT ENO’S LATEST “MARRIAGE OF FIGARO”!

We review the latest Figaro production at the London Coliseum

Mozart operas at ENO always have fantastic and clever beginnings. If the word “tangential “ applies to probably every ENO production and approach, then last night’s Figaro did not disappoint.

The imagery of a bumble bee trapped inside a harpsichord syncing into the rapid overture, sets the scene, and with a driving orchestra and some standout ensemble and solo performances, especially from Rhian Lois, making her role debut as Susanna, this was a performance that whilst taking just a little time to really get going – absolutely left its audience spellbound. I have always said that, for newcomers to opera, make sure you go to an ENO Mozart performance – then this production (and it was the second time I have seen it) – came alive. You got to go.

So why a difference? You could argue that Figaro of all operas, is the easiest to get along with. Nobody does a bad Figaro. And that misses the point, because yes indeed you can do a boring Figaro. The real trick is to engage with the audience, and this takes subtlety, exquisite direction, timing of humour and of music and dramatic art – all of which this performance has in spades. And it plays to mature opera-goers as well as newbies; my colleagues alongside me were humming along to the melodies, that everyone knows – but we all wanted to hear. The timing particularly of Lucy Crowe, debuting as the Countess, excelled in her “dove sono i bei momenti” aria.

What is there to love?

Sure, the visual complexity of the revolving stage creates the confusion and the rapid movement of players as the drama speeds along, compounds that – but the secret sauce of this production is the speed of the orchestra, that forces the pace.

This in turn forces the key protagonists, particularly in the close ensembles, to be rock solid in timing and harmony – and they belt out their parts. Each player has a point to make. nobody takes any prisoners in this performance but surprisingly, the performance is actually funny! I found myself LOL at the absurdity of it all, and how many times have I seen this opera?

Whilst every singer/performer absolutely does justice to their respective roles – the standout performance that is the glue that links the others – has to be Rhian Lois who has nothing to fear in commanding the big Coliseum stage. Rhian is a Harewood Artist and she reminds me of Mary Bevan in her role in Cosi Fan Tutte.

The ENO bars are closed by the time the performance finished, which is a pity. I took a glass of wine at the adjacent St Martins Hotel hidden gin bar. At times like this, you need to raise your glass.

Cybersecurity again in the News…

We look briefly at two companies that have got in touch…

Fortified Health Security have recently recently partnered with Beacon Health System to strengthen the health system’s overarching cybersecurity program. Their Kristin Deuber writes to us to say:

“The program kicked off in April 2017, during the formation of Beacon, which required the health system to consolidate policies and to implement a more unified and centralized cybersecurity program. Fortified discovered through its baseline research that the health system had moderate cybersecurity system development with data loss prevention, and had deployed a SIEM solution on limited systems. In addition, like most healthcare organizations today, there was zero SIEM visibility into their medical device inventory, as well as the risks associated with those connected devices.”  She attached some deeper info, which is available on demand from us here at ProfoMedia. And we have invited their President, Dan Dodson,  to write a guest article – so watch this space.

Also out of the blue, is the Proficio company, whose Tamara Yaravoy says that they have won some eleven Cybersecurity Excellence Awards. This is clearly better than my 200 mtrs  swimming certificate when I was a kid.  She goes on to explain in more detail:

“In the Cybersecurity Excellence Awards, Proficio won gold in the Best Managed Security Services and Cybersecurity Team of the Year – North America categories. The company was also recognized with a bronze award in the Best Cybersecurity Company category, where they had competed against forty other cybersecurity companies.

Proficio secured top honors in the Info Security PG’s Global Excellence Awards, placing in four different categories. The company won gold in the Cyber Security Vendor Achievement of the Year category for significantly expanding its operations in North America, EMEA, and APAC, silver for Best Security Company of the Year (Services), bronze in the Best Overall Security Company of the Year category, silver in the Managed Security Services category for its SOC-as-a-Service offering, and bronze in the Managed Security Services category for its Splunk Enterprise and Splunk Enterprise Security services. Proficio was the only cybersecurity company to be recognized with two awards in the Managed Security Services category.

In the Cloud Computing Excellence Awards, Proficio was recognized for excellence and innovation in their SOC-as-a-Service offering. Proficio was one of only nine companies selected for this award which honors vendors that have most effectively leveraged cloud computing in their efforts to bring new, differentiated offerings to market.

Proficio was once again awarded a placement on the Security 100 of CRN’s 2018 MSP 500 list as well as San Diego Business Journal’s Top Cybersecurity Organization List. The CRN Security 100 list is designed to help partners wade through the ever-expanding security market, from the long-standing legacy vendors to the niche players, and navigate the fast-growing security vendor market.”

Cyber security in healthcare,  is expected to be the target of choice for those malovelences trying to destabilise how our services work. Last year’s attacks on UK hospitals showed the issues of Windows XP reliance, and that was just a baseline start.

You can look back at our earlier pages on other cyber vendors. Do contact these and the above vendors as this topic will become more visible as the year goes on.

FUTURE OF FINANCE 2018 CONFERENCE

We take a look at the latest IQPC Conference formula and ask – does it work for us?

The man opens the inner door as I and my two colleagues from Portugal – who I have never met before- enter from the outside courtyard.

He is dressed in a Polo shirt, and a bath towel. He has no trousers, and his hair is damp. He has some soft leather sneakers on.

“Are you lost?

Yes of course we are. It is a ten minute walk from the Putney Bridge tube station, past the security barrier and through the immaculate lawns of the Hurlingham Club, and the arboressence of pathways. We are trying to find the Conference.

“Then let me show you a shortcut”.

The man beckons us through, we enter a further courtyard, the man slides into a black 4×4 and we walk up the stone steps into a modern but eloquent glass atrium, which is indeed – where the Conference is.

The Hurlingham Club is as distant as it needs to be. This is no typical Conference mingling among the tourists who are checking out of whatever four star hotel they have found in the city. This is a venue for serious players. The 100 or so Delegates who have found their way here, a sort of crystal maze if you will – are all serious players. Large corporates do not send their key financial execs to this sort of Conference unless they can deliver, and can feel at home on this global stage fo financial business decision makers.

The Future of Finance Conference is three days long. It is a Management Conference, not a Tech event. Sure, the topics discussed inevitably contain technology, but this is no GDPR Roadshow. Life has already moved on. The focus is as much about corporate vision than AI and Robotics. Typically, the 40 minute sessions – and there are many and varied and you pick and choose the ones that work for you etc – focus on Transformation – how to bring your team with you, establishing a culture of improvement – and inevitably, something about Brexit. I could go on. And in between, people mingle and chat in the frequent coffee breaks. Everybody shares anecdotes and business cards.

I had long gone by that time. But it establishes a central truth, that the value in IQPC Conferences is as much in the informal networking amongst peers, as in the more formalised presentations.

My colleagues from Portugal are taking a quick cigarette outside the exit as I make my own way back to the exit. They give a cheerful wave – “see you in Lisbon?” It turns out we both used to work for the same company. The next IQPC Conference will be in Lisbon, and I have been invited.

Will I come?

You bet!!

ENO SCORE ANOTHER HIT!

We look in wonderment at one of ENO’s best productions yet of this classic modern masterpiece.

Alexander Soddy strides into the orchestra pit, waves and encourages his team, and then there is silence for a full five seconds. And then we are off! And its a strange, curious, beginning…

This is redolent of the performance of Wagner’s ”The Mastersingers” a few years earlier; the feeling somehow that this will be the epic performance – when everything goes right. That night, at the end of five hours, all the orchestra hugged each other at the finale. And so it was last night. From whatever opera or music background you come from, this is a performance you have to see.

The secret sauce of this production is the fluidity, sensibility, and sheer forcefulness and continuation of the orchestra – which allows the drama to experiment, to be funny, aggressive, romantic, and convey sincere emotion – without ever losing sight of the fact that essentially, this opera is a dream.

The whole stage is one giant bed. The production relies on the singers/actors/actresses hopping from bed to stage, from awake to asleep, from fantasy to reality. The melodic lines of the music never give away anything you can hum along to, no nice chord progressions and cadences; there is this sense of being suspended somewhere and indeed the third act is precisely that – the three beds suspended in mid air.

And then there is the humour which is less rather than more, – subtle at its best. My standout performance was Eleanor Dennis as Helena, very similar to Mary Bevan some years earlier, also a former Harewood Artist.

But this is to be picky; all of the singing, the characterisation, the direction, was spot on, an integrated whole. Sometimes, particularly at the end of the second act, the drama and clever direction took your breath away

The humour reached its peak at the finale. This was the nearest we got to traditional Shakespeare productions and slapstick humour. It reminded me of the last time I saw this, in Devon – just a couple of years ago.

The difference here – is that the music adds the extra dimension, at times searing, to force the drama.

And then Puck wraps it up… we are back to the original Shakespeare lines…

Was I dreaming? I have no idea. But I am still rubbing my eyes. I can’t believe it.

….They Put Up a Parking Lot

We interview Shaz Ahmad, Nextgate’s VP of Cloud Operations to find out why people don’t miss something until it’s gone.

It is 02.00am Pacific Time and this is the preferred hour of the day for Shaz Ahmad, in his T shirt, to handle an interview. He is a self confessed night owl, but I would’ve thoughts there are limits. For me, it is 10.am GMT and there could be no worse time to make a constructive assessment of why Nextgate’s time has come. I have told my office to hold my calls.

But Shaz is as eloquent as I am even in mid morning, and he needs to be. Nextgate identity management technology is the secret sauce that make your hospital data work, seamlessly, that you do not realise you ever needed, until something goes wrong. It is the one line of code you never appreciated, but which makes your data work. As they say in the song, isn’t it the way it goes, you never realise what you’ve got – until its gone.

Except that with Nextgate – the thing that you don’t “get” – is the problem that you’ve got. As we move more and more into a connected and multiple data source environment, where patients not techies are driving that source of data, so (to paraphrase). Hospitals increasingly cannot map or match the data that they have. In short, the HL7 data is neither clean from one source or another, nor do existing systems talk to each other. And whilst this is technical issue, the problem is commercial. Putting it right takes man hours and costs money.

Except that it doesn’t. And it comes through the decision of starting again, and putting your data on a cloud. What that means is, a cloud-based solution that does identity management, allows hospitals and organisations to rapidly and accurately deliver a patient record at the point of care – with the flexibility and scalability you need in today’s evolving and digital environment.

Shaz does not talk about technology. He talks about Service Level Agreements. He talks about peace of mind. The idea that you as a Hospital (say). can access all of your data, 24/7, safely on a cloud, without the need for local expert support. Amongst all of the solutions that a hospital might have, Nextgate is the single line that makes not just a difference – it is THE difference.

It is the reason why Shaz left his  job at Orion, where he was a user of Nexgate technology, to take up an offer with the company that created the stuff.

Nextgate competes with the big IBM and Corporate Players in data integration. But it is addressing a real market need. The Obama driven “spine” of data accessibility mirrors the attempts in the UK to formalise data accessibility. Nextgate has reference sites and projects that are pan-Atlantic.

Yet it is a hard sell – what Nextgate are saying is; don’t wait until you have an issue before talking to us about our Cloud benefits.   As they say in the song, –  don’t lose sight of Paradise.

FORGET ACCREDITATION. LETS TALK ABOUT RISK MANAGEMENT

We talk with the EHNAC Executive Director, Lee Barrett, and ask – why now their time has come.

You could say it’s not what you say – it’s how you say it. You could argue that everything about EHNAC is a contradiction, a misnomer.

The image of silver-haired Lee Barrett as he sits back in his university-like Office, gently guiding me into his world – where he has been active for more years than I have fingers and toes – belies the relevance of EHNAC in the current medical world stage.

And that’s the problem. Or to put it another way in marketing-speak – maybe it is the “opportunity”.

EHNAC is a nationwide accreditation process for healthcare players. Up to now, and since its origins in 1993 – its focus has been to give you and I a framework, if you will, a set of guidance, that says you have passed the test – whatever that may mean. You would be forgiven to think that this is akin to taking your driving licence; you get the magic certificate, the nod from the examiner and off you go.

And this approach misses the point. Because EHNAC have moved on. To understand its importance, is to recognise that in getting accredited for your internal and external processes – you are protecting your entire business against the risk of the unforeseen. By complying with industry standards, you are mitigating your exposure to malevolence or just pure chance of things going wrong. A tick in the box from EHNAC means that your processes are reasonable and acceptable.

It’s not like the Assessors at EHNAC don’t have the know how to guide you. The academic atmosphere of Lee’s office gives rise to years of practical experience, across some of the key issues of modern healthcare, which EHNAC imparts to its accredited organisations as part of the deal.

EHNAC is currently active across all of the USA – and mandated in New Jersey, Maryland, and Texas, Compliance with individual State legislation is not a quick process at a government level. But it can be an immediate step at the individual vendor level.

In the litigious world we live in, never has Risk Management become so important. Lee’s parting words to me were:

“We are agnostic; our years of experience has taught us how to deliver standards that give a meaningful structure for each of our varied accredited organisations. What they actually do – is not important. It is how they do it”.

Lee can be contacted at HIMSS in his meetings onsite.