Tag: cyber

Cyber Security in Healthcare.

It is commonly understood that the recent UK hacking situation in the NHS, was via its connected machinery, rather than direct into the hospital servers. We focus on what’s up at the forthcoming conference in San Francisco, with this  timely announcement from Tel Aviv based company Cynerio, who today announced its mission to protect the future of healthcare by focusing on its weakest link – the connected medical device ecosystem.

What they say is, by building a tailor-made solution for healthcare providers, they deliver  complete visibility into a healthcare organization’s medical device ecosystem, protecting it from cyber threats and helping the organization meet HIPAA regulatory requirements.

The company was founded by cybersecurity experts Leon Lerman, CEO, and Daniel Brodie, CTO, to deliver a cybersecurity solution specially designed for healthcare providers, based on the industry’s first technology that combines device behavior modeling with medical workflow analysis to provide full visibility into medical device behavior and activity on the network, accurately detect anomalies with deep understanding of the medical context and stop the threat to ensure patient safety and data protection.

“Connected medical devices are delivering a new level of patient care, but present new challenges of managing and securing the growing clinical ecosystem. For attackers, medical devices are easy targets, as the devices aren’t built with security in mind and healthcare security teams have limited ability to protect these devices with traditional IT security solutions that are more focused on standard platforms. Our technology offers a comprehensive solution, purposely built to protect the medical device ecosystem and their sensitive data,” explained Lerman.

FORGET ACCREDITATION. LETS TALK ABOUT RISK MANAGEMENT

We talk with the EHNAC Executive Director, Lee Barrett, and ask – why now their time has come.

You could say it’s not what you say – it’s how you say it. You could argue that everything about EHNAC is a contradiction, a misnomer.

The image of silver-haired Lee Barrett as he sits back in his university-like Office, gently guiding me into his world – where he has been active for more years than I have fingers and toes – belies the relevance of EHNAC in the current medical world stage.

And that’s the problem. Or to put it another way in marketing-speak – maybe it is the “opportunity”.

EHNAC is a nationwide accreditation process for healthcare players. Up to now, and since its origins in 1993 – its focus has been to give you and I a framework, if you will, a set of guidance, that says you have passed the test – whatever that may mean. You would be forgiven to think that this is akin to taking your driving licence; you get the magic certificate, the nod from the examiner and off you go.

And this approach misses the point. Because EHNAC have moved on. To understand its importance, is to recognise that in getting accredited for your internal and external processes – you are protecting your entire business against the risk of the unforeseen. By complying with industry standards, you are mitigating your exposure to malevolence or just pure chance of things going wrong. A tick in the box from EHNAC means that your processes are reasonable and acceptable.

It’s not like the Assessors at EHNAC don’t have the know how to guide you. The academic atmosphere of Lee’s office gives rise to years of practical experience, across some of the key issues of modern healthcare, which EHNAC imparts to its accredited organisations as part of the deal.

EHNAC is currently active across all of the USA – and mandated in New Jersey, Maryland, and Texas, Compliance with individual State legislation is not a quick process at a government level. But it can be an immediate step at the individual vendor level.

In the litigious world we live in, never has Risk Management become so important. Lee’s parting words to me were:

“We are agnostic; our years of experience has taught us how to deliver standards that give a meaningful structure for each of our varied accredited organisations. What they actually do – is not important. It is how they do it”.

Lee can be contacted at HIMSS in his meetings onsite.

Time to take healthcare security seriously.

We look at the rapid rise of Sasa  Software, and ask; has their time come?

The image of Oren Dvoskin, Commercial Manager at Sasa Software, sitting in his nondescript office, black t-shirt and headphones, looks Californian, as he spells out the pessimism of his profession.

“There are two types of hospital” – he says; “those that have been hacked and know it; and those that have been hacked, but don’t know it.”

Oren’s office is nowhere near Orange County. It is on the border of Israel and Lebanon. If anyone knows about pessimism, it is he. As Sasa Software prepare to face its growing and exponential market at HIMSS 2017 – it surely does not get any more black than this.

Cyber hacking and ransomware, is growing to the point where it cannot be ignored and assumed it is for someone else. But its growth is not the most alarming feature. It is that, for hospitals, any cyber attack would have to be pre-meditated and unique and specifically tailored to find the weak spot, the easiest point of entry, into that particular hospital.

What is worse is – because health records (which are the prime target) are deeply personal and full of personal ID info – any attack is inevitably immediately visible. Unlike say a Bank etc, a Hospital cannot pretend it has not happened and just pay the money.

This is no simple phishing attack.

What that means is, and why Sasa Software believe that this 2017 will be our most “challenging”, i.e. most concerted and worrying – is that Hospitals are still not waking up to this important threat, despite the evidence that 75% have suffered some sort of breach – and that is just those that are publicly noted.

The answer, according to Oren – is to have a mix of baseline protection, the sort that all of us have on our PCs and office servers and Cloud access. This stops the initial and simplest access. But to combat the precise and targeted attack mentioned above, Sasa take the view that every incoming email, data request, every file transfer – is a threat of some sort. Their range of solutions is designed to neutralise any incoming malware or suspicious entry, at source.

But it is also a realisation that files we take for granted – the DICOM image, the voice recording – that we regularly append to our EHR records, are the new source of threat. Viewing images online across the globe, that holy grail of Clinical Consultant interoperability – may be the one area that is the chiles heel for the modern Hospital.

If there is a light at the end of the tunnel, it is not in the fingers crossed hope that that things can get better,. It is the realisation that you can do something about it. Oren is a philosopher with a positive view of human nature, despite the nature of his profession and the market he develops.

The cost of your sorting out a cyber attack ranges from $230.00 – $400.00 per patient record. Sasa Software will be addressing both the Pharma and Clinical markets at HIMSS. Worth having a serious chat.

NEW SOLUTION TO COMBAT THREATS TO PATIENT PRIVACY AND EHR TRUST

We talk with Protenus CEO, Robert Lord, about the danger of complacency in an easy-access interoperable world.
Like all things in life, there are good days, and bad; rainy days and silver linings. With healthcare, the drivers that we have been pushing as we motor down the cloud based highway have lead many to believe that patient record accessibility and interoperability is healthcare’s lone nirvana, its Holy Grail. In the same way that we all focus on paperless hospitals, we assume that, well, total access is a Good Thing.
And we would be wrong. Not that “interoperability” itself is a bad thing – but in a modern and real world, we need to be equally aware of the value of our patient data, and how vulnerable it is to both external and internal threats to patient data.
How so?
Because – if we consider that we would never make our Credit Card PIN available to anybody or that we would stand naked to probably only five people on the world; then our Doctor would certainly be one of them. Our personal patient medical record is private, and Hospitals have a duty of care to keep it so. This is not easy, and Hospitals need to take action.
Protenus is rising as one of the stars of HIMSS 2017. Protenus’ founders, Nick Culbertson and Robert Lord, met in medical school, but previously had careers in intelligence and finance , respectively. They now apply their backgrounds in these fields to the protection of electronic health records.
Robert Lord, CEO of Protenus, told us, when we caught up with him – that this is a matter of trust between you and your hospital. You need to feel secure that your personal data will remain personal to you and not be stolen or hacked. Interestingly, Robert told us that the biggest threat to our data comes from inside, the internal hacking of patient data.

Protenus has developed a platform that monitors access to patient data from employees, affiliates and business associates and ensures that every access is appropriate. Through using machine learning and rich clinical context, their system is highly accurate, and vastly improves the efficiency of privacy teams.
Robert is due to speak on this issue, alongside the CMIO of Johns Hopkins, Dr. Peter Greene, at HIMSS itself. What he said to us is: “We see a continuing transformation in the market – we believe that 2017 will be the year of insider threat awareness. While the challenges of inappropriate access and privacy violations have consistently plagued health systems, awareness of this issue has hit an important inflection point, with leaders throughout healthcare technology ready to change the way that we ensure trust in healthcare.”
The Protenus solution is enterprise software-as-a-service that can protect EHRs, HIEs, payors, and any other institution that stores and accesses patient data.