Cyber Security in Healthcare.

It is commonly understood that the recent UK hacking situation in the NHS, was via its connected machinery, rather than direct into the hospital servers. We focus on what’s up at the forthcoming conference in San Francisco, with this  timely announcement from Tel Aviv based company Cynerio, who today announced its mission to protect the future of healthcare by focusing on its weakest link – the connected medical device ecosystem.

What they say is, by building a tailor-made solution for healthcare providers, they deliver  complete visibility into a healthcare organization’s medical device ecosystem, protecting it from cyber threats and helping the organization meet HIPAA regulatory requirements.

The company was founded by cybersecurity experts Leon Lerman, CEO, and Daniel Brodie, CTO, to deliver a cybersecurity solution specially designed for healthcare providers, based on the industry’s first technology that combines device behavior modeling with medical workflow analysis to provide full visibility into medical device behavior and activity on the network, accurately detect anomalies with deep understanding of the medical context and stop the threat to ensure patient safety and data protection.

“Connected medical devices are delivering a new level of patient care, but present new challenges of managing and securing the growing clinical ecosystem. For attackers, medical devices are easy targets, as the devices aren’t built with security in mind and healthcare security teams have limited ability to protect these devices with traditional IT security solutions that are more focused on standard platforms. Our technology offers a comprehensive solution, purposely built to protect the medical device ecosystem and their sensitive data,” explained Lerman.

Cybersecurity again in the News…

We look briefly at two companies that have got in touch…

Fortified Health Security have recently recently partnered with Beacon Health System to strengthen the health system’s overarching cybersecurity program. Their Kristin Deuber writes to us to say:

“The program kicked off in April 2017, during the formation of Beacon, which required the health system to consolidate policies and to implement a more unified and centralized cybersecurity program. Fortified discovered through its baseline research that the health system had moderate cybersecurity system development with data loss prevention, and had deployed a SIEM solution on limited systems. In addition, like most healthcare organizations today, there was zero SIEM visibility into their medical device inventory, as well as the risks associated with those connected devices.”  She attached some deeper info, which is available on demand from us here at ProfoMedia. And we have invited their President, Dan Dodson,  to write a guest article – so watch this space.

Also out of the blue, is the Proficio company, whose Tamara Yaravoy says that they have won some eleven Cybersecurity Excellence Awards. This is clearly better than my 200 mtrs  swimming certificate when I was a kid.  She goes on to explain in more detail:

“In the Cybersecurity Excellence Awards, Proficio won gold in the Best Managed Security Services and Cybersecurity Team of the Year – North America categories. The company was also recognized with a bronze award in the Best Cybersecurity Company category, where they had competed against forty other cybersecurity companies.

Proficio secured top honors in the Info Security PG’s Global Excellence Awards, placing in four different categories. The company won gold in the Cyber Security Vendor Achievement of the Year category for significantly expanding its operations in North America, EMEA, and APAC, silver for Best Security Company of the Year (Services), bronze in the Best Overall Security Company of the Year category, silver in the Managed Security Services category for its SOC-as-a-Service offering, and bronze in the Managed Security Services category for its Splunk Enterprise and Splunk Enterprise Security services. Proficio was the only cybersecurity company to be recognized with two awards in the Managed Security Services category.

In the Cloud Computing Excellence Awards, Proficio was recognized for excellence and innovation in their SOC-as-a-Service offering. Proficio was one of only nine companies selected for this award which honors vendors that have most effectively leveraged cloud computing in their efforts to bring new, differentiated offerings to market.

Proficio was once again awarded a placement on the Security 100 of CRN’s 2018 MSP 500 list as well as San Diego Business Journal’s Top Cybersecurity Organization List. The CRN Security 100 list is designed to help partners wade through the ever-expanding security market, from the long-standing legacy vendors to the niche players, and navigate the fast-growing security vendor market.”

Cyber security in healthcare,  is expected to be the target of choice for those malovelences trying to destabilise how our services work. Last year’s attacks on UK hospitals showed the issues of Windows XP reliance, and that was just a baseline start.

You can look back at our earlier pages on other cyber vendors. Do contact these and the above vendors as this topic will become more visible as the year goes on.

WHAT IS THE PROBLEM WITH MAKING DECISIONS?

We look at the increasing lack of leadership in our UK Public Services, and its negative impact – and we say; its time to do something.

The question really is; “why”, – is it necessary to do something? Public Services are not going to disappear overnight. Whether you take a week to do nothing at all – or a year – will not necessarily impact on your own job. It might, however, impact on someone else’s life – but as a Clinical Director told me recently – “I have a nice house, and nice holidays; why am I putting myself on the line?”

Lack of decision-making means that the people who we entrust to look after us, provide our essential services, and who we had hoped would go the extra mile – have no need to do so. This results either in a lack of engagement, where – according to a colleague of mine recently moved from the private sector into local government – that her colleagues already had their coats on by 16.58 each day… or an increasing level of stress related absence through the paralysis of moving things forward, in times of increasing pressure and demand for the very services they feel unable to deliver.

It’s not our job here to tell others how to do their job. But it is our job to explain the damage that simply putting things off, keeping things the same, and hoping that maybe tomorrow things will work out – doesn’t fly. Particularly as we are moving, and have moved – into an arena of “personalised service”, where our individual use of personal data, our smartphones, our iPads, our fitness trackers – means that technology exists to deliver great improvements in quality of pubic service.

As Bogi Eliasen of the CIFS in Copenhagen said at the HIMSS Conference almost one year ago – by harnessing the data that is flowing, in realtime, across our desks every minute – we can better employ our people, enable them to make decisions related to the data that they themselves have access to, reduce the stress in our places of work – and actually do what the public are asking us, and expect us – to do.

Because – the fact is – we no longer have the option of simply throwing more people, and more cash, to continue doing things the way we always have – because it just doesn’t work any longer. There are just too many people living longer, with too many orthopaedic ailments, exponential rises in diabetes sufferers, that having a few more nurses, a few more clinics, some more phone-lines – can never hope to keep pace with the needs of society that are getting worse.

It is for this reason that the recent PR from NHS England, about its new Diabetes Partnerships, – is like adding an Elastoplast to cover my broken leg. It misses the fundamental point. Hospitals that prefer to use in house resources rather than engage with specialist IT help, are simply putting off the moment of truth – that we have reached a tipping point.

What we have seen is that, due to the new personal focus of our provision of services, we need to move out of the “silo” mentality of me doing my job, and you can do yours. We need to start looking at how we treat society as a whole, in particular the mix of Community based solutions linked to (say) hospital services.

In the same way that “if you always do what you always did – you will always get, what you always got~’ so it is obvious that our current ways of doing things, at just about every area of Management that we have looked at for this Article – simply do not deliver the results that society is increasingly asking for.

This means investment in new technologies, that are proven, and that can link performance to results and to costs. The technology exists and has done for some time. The question tho – is whether our Social and Public Service leaders can take the lead and deliver what the rest of us are asking. After all – they have nice houses and nice holidays to go to. We wouldn’t want them to risk all that, now would we?

IS IT THE END OF THE THE BIG-BUDGET PROCUREMENT PROCESS?

We look at changing demands within the UK NHS

I am going to start this all back-to-front. My suggestion is; simply giving the NHS “more money” – is cementing out of date working practices. The problem is – there are things called “patients”. There are more of them, and they are being quite unreasonable by living a lot longer than they should. This is redolent of my Data discussions about relational databases; they are just to clunky to handle the volume of patient data we have (so goes the argument). If Hospitals are going to continue to be relevant, then they need to start with a blank piece of paper, adopt radical new ways of doing things, and that includes how they pay for stuff. Putting in place new practices is inextricably linked to finding innovative ways of paying for them.

The problem is – people don’t like change. Nobody likes change. Our comfort zone is precisely that; why not keep things the same? The common unspoken argument goes something like – It’s all worked more or less, up to now.

Except that it doesn’t any longer. As indicated above – there are just too many people wanting healthcare. And if you believe the guys at CIFS in Denmark, “hospitals” are no longer in the driving seat anyway; it is the patient – or “consumer” – that is increasingly driving us to adopt new facilities and services for which we have no plan and no budget.

But maybe we don’t need a budget. Maybe we should just” do”. One way around this obstacle, is the following:

My colleague, who is a Head of Finance at a major UK Trust – sips his coffee and says; “you know , Richard, – apart from essential capital costs – we have stopped making big budget procurements. We now pay as we go. Suppliers enter into flexible monthly contracts, and we pay for what we use.”

Companies in the UK such as System C, are already looking at these sort of innovative practices; similarly in Scandinavia, the EVRY company now offers iPad based versions of its solutions for smaller clinics, based on a mobile SIM tariff. This is the tip of a very large iceberg

And it is seismic; it brings to an end the five-year contract, the large software acquisition. It means that suppliers can no longer promise to deliver but never deliver (we have seen this several times) – or supply goods and never train their hospitals (and we have seen this too). It also means that as hospital flexible demands change, – so can their supplier, and in real-time.

There are two win/wins here. The first is that hospitals can now engage in new technology Pilots, to prove clinical concepts and prove commercial viability, without fear of long term commitment. It means there need no longer be a “budget hiatus” every year, around now, that delay the introduction of new services that clinicians are desperately calling for.

A direct result of the mobile world we live in, is that increasingly, suppliers are linking their offer to commercial or clinical results in some way. This is important, because it allows much better monitoring; the introduction of new services can be far better and much more simply controlled – with the minimisation of implicit greater risk.

But it also means that hospital management needs to throw out the hostility that routinely surfaces towards the very organisations that are able to help. For this quiet revolution to happen, there needs to be what I will call a “Scandinavian Partnership” model, of engagement. It is an ironic description; Scandinavian procurements and “upphandlings” are some of the most heavily legally monitored in the world – but that in itself misses the point.

In a world where you and I are now able to tell our Doctor and Hospital what they need for us – who needs a procurement process anyway? Just go and do it.