By Jacob Denton, chief information security officer, Mosaic451.
Jacob Denton
Unless your security team has been living in a cave in one of the last remaining places on the planet where you can still unplug, you have certainly heard about the Petya and NotPetya ransomware attacks and the chaos caused by them. Petya was a somewhat “typical” ransomware attack in 2016: It encrypted the master boot record of infected computers and asked for ransom in the form of Bitcoin. But NotPetya, a potentially state-sponsored attack against Ukraine, was more similar to WannaCry, which occurred shortly before in 2017. In addition to ransoming companies to pay the hackers in Bitcoin, NotPetya also took advantage of the EternalBlue exploit and was a “worm” that could self-propagate, like WannaCry.
What made NotPetya unique was its intrusion into MeDoc, a Ukrainian tax and accounting software package. About 80 percent of Ukrainian businesses used this software at the time of the attack. The NotPetya hackers employed an innovative strategy: They put in a slightly different version of a file into MeDoc’s software updates.
Since MeDoc was so widely used throughout the Ukrainian business community, the hackers started spreading corrupted versions of MeDoc software in April. By June, undetected, they were able to insert the NotPetya ransomware. And since it was a worm, NotPetya was able to spread rapidly. It was a lot worse than Petya in its scope: It not only encrypted the master boot record, it also encrypted other important files, making the damage to companies’ hard drives even more serious.
Cyber security firm Cybereason reports that NotPetya cost companies approximately $892.5 million in lost revenue. While it first hit Ukraine, it hurt businesses worldwide, including FedEx, Merck, and Reckitt Benckiser.
What lessons have we learned?
First, that hackers have gone way past spamming naive end users. The NotPetya attack was particularly troubling because it was a “clickless” attack that didn’t need to rely on end users for access. It also took advantage of software updates, a holy grail of commonplace cyber security.
Thankfully, there are some precautions cyber professionals can heed from this hack. According to Johns Hopkins University Computer Science Professor Matthew Green, one limited action developers could do to help “prevent their software updates from being corrupted” is to “co-design.” This would mandate that anyone trying to add new code to an application would need to sign with a cryptographic key that cannot be forged. For example, MeDoc did not have co-designing, so hackers were able to alter code in the software update.
Technology is the new creed that has literally touched almost every aspect of our life. Be it communication, traveling, or exercising, we are always interacting with technology. However, healthcare has always been considered a very conservative area in terms of technology deployment. This is because, in its very nature, healthcare mainly deals with human life which calls for utmost precaution. But the emergence of machine learning and artificial intelligence has sparked innovation and a myriad of solutions that are already working in the healthcare industry.
At the forefront of this growth are Android-powered smartphone devices. It’s estimated that 88 percent of all the devices sold in the last quarter of 2018 were all powered by Android. It shouldn’t then come as a surprise that companies are looking to hire Android developers to build health-care related apps.
But what does the future hold for tech solutions in the health industry? In this article, we are going to look at the trends in healthcare to look out for in 2019 and a few examples of apps for healthcare.
Artificial Intelligence and Machine Learning
“If you’re arguing against AI then you’re arguing against safer cars that aren’t going to have accidents, and you’re arguing against being able to better diagnose people when they’re sick.” – Mark Zuckerberg during a live Facebook video in 2016.
Artificial intelligence and machine learning are getting increasingly sophisticated to the extent of surpassing human capability and the potential for these two technologies in the healthcare ecosystem are huge.
One of the biggest potential benefits of AI in 2019 is helping people to stay healthy without consulting a doctor, or at least do it less often. Coupled with the Internet of Medical Things (IoT), AI is already being used to develop consumer health apps that proactively show patients how to stay healthy.
Moreover, AI is increasingly being used by healthcare professionals to gain deep insights and better understand of routine patterns occurring in patients. With these deeper insights, the caregivers are able to give better diagnosis, guidance, and support to the patients. For instance, the American Cancer Society is already using AI to detect cancer at the initial stages with 99 percent accuracy.
Product development is another area that AI and machine learning are being used. R&D in the medical field can be painstakingly slow and costly given that hundreds of variables need to interact with each other. Today, medical researchers are using AI to safely explore biological and chemical interactions of drugs using the discovery process and clinical data.
Another area you can get artificial intelligence in healthcare is through workflow optimization. It helps automate repetitive tasks such as routine paperwork, patient scheduling, and time-folio entry.
Wearables and Augmented Reality
I do think that a significant portion of the population of developed countries, and eventually all countries, will have AR experiences every day, almost like eating three meals a day. It will become that much a part of you.” — Tim Cook at the 2016 Utah Tech Tour – source.
Virtual wearables and augmented reality devices are other emerging healthcare trends proposing to make significant advances in the healthcare space in terms of diagnosis and medical education.
On one side of the scale, virtual reality superimposes a patient in an artificially created surrounding, whereas, augmented reality helps generate layered images to real like objects. As a result, these technologies are and will continue being used by emergency response services providers to relay critical first aid information before the first responders arrive at the hospital.
In the prevention and diagnostics front, VR/AR has allowed medical care providers to create and manipulate different camera colors to reflect or replicate pre-existing effects in their databases.
But perhaps, the biggest impact of VR can be seen in 3D reconstructions of human organs. This has proven important especially when surgeons need to re-create the exact size and positioning of human organs before conducting complicated surgeries. Having the same exact replica of human organs give surgeons the know-how on how to deal with particular organs no matter how small they are.
In terms of medical education, both VW and AR have been great tools in transforming the way students learn. Surgeons are able to rehearse surgery procedures using dummies quicker and without having to use actual human bodies.
The internet age has brought along profound changes in the telemedicine landscape. In the earlier years, telemedicine was strictly limited to doctor and nurse consultation. However, the proliferation of smart mobile devices that are capable of transmitting high-quality videos has opened up avenues for virtual healthcare services from specialists to patients straight in their homes. This is especially paramount in remote areas where doctors can’t easily reach.
Members of the American Health Information Management Association (AHIMA) called on Congress to better serve and protect the growing population of healthcare consumers who use technology – such as social media, wearables and mobile health (mHealth) apps – to manage their health. AHIMA members met with Congressional leaders in Washington, D.C. on this issue, among others relating to the need for HIPAA modernization, during the 2019 AHIMA Advocacy Summit.
These technologies, referred to by the Office of the National Coordinator (ONC) as “non-covered entities” (NCEs), are not covered by the Health Insurance Portability and Accountability Act’s (HIPAA) individual right of access laws, meaning that an individual often times has no right to request their sensitive health information from such technologies. Rather, in many cases, whether such health information may be shared with the individual is left up to the discretion of the application itself.
To ensure this growing patient group’s information is both accessible and protected, AHIMA recommends lawmakers develop or direct the U.S. Department of Health and Human Services (HHS) to define HIPAA NCEs in law, extending HIPAA’s individual right of access to these entities. This will ensure the same uniform data access policy for individuals using health technologies.
Wylecia Wiggs Harris, PhD
“As technology continues to shape healthcare, the number of patients using wearables, social media and mobile apps for health purposes has skyrocketed, but this shift in how patients record data shouldn’t affect their level of protection and access,” said AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “AHIMA’s members are pushing for a solution that balances access to information, patient protection and maximizing use of technology.”
During the Summit, AHIMA advocated for three additional key issues related to patient information and the need for a modernized version of HIPAA:
Seeking to recognize a healthcare delivery organization that takes an outstanding and innovative approach to health information management (HIM), the American Health Information Management Association (AHIMA) is calling for applications for the eighth annual Grace Award.
Interested applicants can submit their entries via ahima.org/grace through May 31.
Ninety years ago, Grace Whiting Myers acted on a sincere conviction to improve the quality of our nation’s health records by founding the association now known as AHIMA. The idea was simple–that advancements in the collection and organization of health information will invariably help to improve public health. As a tribute to Myers’ prescient vision, AHIMA’s annual HIM award bears her name: The Grace Award.
Past winners of the Grace Award regularly demonstrated transformative journeys toward new and innovative HIM practices that also delivered better patient outcomes.
Wylecia Wiggs Harris, PhD
“AHIMA is excited to open nominations for an organization that is taking innovative and novel approaches to using HIM to deliver high-quality care to patients,” said AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “This process furthers an industry dialogue about innovation and excellence and invites us to learn from each other.”
The 2019 award will be presented at AHIMA’s Health Data and Information Conference in Chicago, September 14-18.
A committee of judges, representing healthcare delivery organizations, health information professionals and HIM associations, selects the Grace Award. This year’s judges are:
(CHAIR) Sandra Pearson, RHIA, CHDA, MHA, CPEHR, CDI & Data Governance Director, SCL Health
Agile companies do things faster and efficiently. In agile development, lean startup models apply agile methods to build high-quality systems that meet any industry, regulatory and other relevant standards such as HIPAA and remain “audit ready.”
Agile companies focus on quick wins, external focus, ruthless prioritization, and continuous development. Agile development relies heavily on constant testing to ensure improvement.
Agile compliance management
Lean development refers to a set of principles that are designed to eliminate waste, build-in quality, create knowledge, deliver fast results, defer commitment, respect people and optimize the whole process. At their core, both agile and lean development focus on efficiency, sustainability, speed, quality and communication.
Companies can deliver software faster when they eliminate inefficient processes. Agile development follows the following 12 principles:
Customer satisfaction
Harnessing change to gain competitive advantage
Delivering working software frequently
Bringing together business and development departments
Supporting talent
Conveying information efficiently
Measuring progress by working software
Promoting sustainable development
Focusing on technical excellence
Maximizing the amount of undone work
Using self-organizing teams to build the best designs, architectures, and requirements
Reflecting and adjusting
How Agile development applies to cybersecurity
Agile development methods align well to cybersecurity because they focus on harnessing change, readjustment and reflection. You see, malicious actors (think black hat hackers) have excelled in agile development. They continuously re-adjust their attacks to maintain superiority and remain one step ahead of defensive mechanisms employed by organizations by improving the quality of their software. To combat these threats, you need to come up with a similar agile security-first approach to protect your information and systems.
What is Agile compliance?
Agile compliance also focuses on the 12 principles of agile development; however, it focuses on threat mitigation and not product development. Furthermore, agile compliance prioritizes customer data security as well as stakeholder satisfaction as the primary product as opposed to customer satisfaction, which is the main focus of agile development.
When it comes to cybersecurity governance, risk and compliance (GRC), data integrity and availability leads to customer satisfaction and confidence. With compliance’s security-first approach, you create an iterative process that includes mitigation, monitoring, and review, which is aligned with your controls and protects your data.
In cybersecurity, an agile compliance program is a security-first strategy that is put in place to protect data. This strategy focuses on your data controls’ quality and ensures that even when industry regulations and standards lag behind threat vectors, your company maintains a secure data environment. Here are the 12 principles:
By Chris Hakim, general manager and senior vice president, eHealth.
Chris Hakim
Pharmaceutical manufacturers face growing pressure from legislators, employers and consumers to control prescription drug costs, which have increased by as much as 15 percent between 2008 and 2016. In late February, a congressional committee grilled executives from seven pharmaceutical companies over relentless price hikes and common industry practices that block competition. All along the health care chain, demands for greater transparency and calls to put consumers first are getting louder.
Clearly, there is no magic bullet to tame rising pharmaceutical costs. There is, however, evidence that absent political action, technology can be an effective weapon against price inflation. We witness this dynamic first hand at eHealth, most prominently among seniors, who are putting the power of information and effective technology-based tools to work for themselves as they shop for Medicare coverage.
What’s more, we’ve seen the use of online transparency tools grow. During the recent the 2019 Medicare open enrollment period, eHealth’s provider lookup tool was used by 47 percent of people shopping for 2019 coverage compared to just 5 percent the year before. In addition, 30 percent of people buying Medicare Advantage Prescription Drug plans used the tool compared to 18 percent during the previous annual enrollment period. And nearly one-quarter (24 percent) of customers who bought Medicare Part D plans through eHealth used the online prescription drug coverage comparison tool; those who enrolled in the recommended plan found a median potential annual savings of $531 on prescription drugs.
Data show that seniors are likely to use technology at increasingly higher rates. Four-in-10 now own smartphones, more than double the number in 2013, and 66 percent of individuals 65 and over use the internet, up from 43 percent in 2010. Among so-called “senior surfers,” 53 percent go online for information about health care or medical issues.
As the country’s baby boomer population continues to age, the healthcare industry is gearing up for a whole new level of demand that it has never before gone through. With greater numbers of people requiring doctor visits and hospital care, the industry is looking for ways to be even more productive and efficient to ensure that the quality of healthcare that people are receiving doesn’t suffer.
One of the most exciting advances to hit the health sector is artificial intelligence or AI. This technology is looking to have a huge impact, not just on healthcare in the immediate future but moving forward. Here’s a closer a look at just how it’s changing the course of the industry.
Medical records and data are benefiting from the technology
When it comes to the areas that AI is having the largest impact, medical records and data keeping is a big area to focus on. When you think about the vast amount of information that needs to be collected, stored, and analyzed for each and every patient it can seem rather overwhelming. This is exactly why data management has become such a priority for AI.
Robot technology is now being used to actually collect the information, store it, find specific data when required, and allow for quick and seamless access across the board.
Wearable medical devices
Wearable medical devices are another area where AI is having an impact and bringing about some really exciting and promising products. It’s not just about devices that provide potentially life-saving alerts and information, it’s also devices that can help the wearer better their own personal health by tracking various details. Devices such as the Apple Watch and Fitbit are great examples of this kind of technology that can be useful to everyday people.
Now as for the devices that can actually offer life-saving capabilities and tools, look to options such as the Bay Alarm Medical which is a great medical alert system. While this device isn’t going to track any information or take readings, it can be worn 24/7 and with the push of the button, it connects you to a live operator that can get you the help you need.
Careers that combine specialized skills in health care and data are on the rise. It is estimated that by 2030 healthcare-related jobs could grow by 80 million to 130 million, and equipping these health workers with the latest technology and data skills is critical. To help meet this need, UC Davis Continuing and Professional Education has partnered with the online learning education platform, Coursera, to launch a new program, Health Information Literacy for Data Analytics. This three-month, online program is intended for professionals who work in data and technology with no experience in health care learn how to work with healthcare data and apply their existing skills to the healthcare industry.
Instructors for the specialization are Brian Paciotti, a healthcare data scientist, and Doug Berman, director of data acquisition and architecture, both with the Research IT Department at UC Davis Health System.
“Experience in health care is a critical qualification for people I hire,” said Berman. “This specialization allows people with experience in general IT systems to change or advance their careers in healthcare IT. They are able to demonstrate an understanding of the nuances of working in healthcare information systems and appreciate the unique challenges and opportunities healthcare data systems present.”
The Health Information Literacy for Data Analytics Specialization on Coursera complements the existing Healthcare Analytics Certificate Program offered by UC Davis Continuing and Professional Education. While the certificate program is designed for those with health care and clinical experience to learn the skills of data analytics, the Coursera program is designed for tech and data professionals to learn the terminology and types of data found in health care.
What you’ll learn
The Coursera specialization covers the various types and sources of healthcare data, how to understand and interpret the values of these data, how to assess the quality of data, and how to compare and contrast the common data models used in healthcare systems. Courses in the specialization include:
Healthcare Data Literacy
Healthcare Data Models
Healthcare Data Quality and Governance
Analytical Solutions to Common Healthcare Problems
“The courses in the specialization fill an essential need for data and technology professionals interested in a career in health care,” said Misty Avila, Health Sciences program manager at UC Davis Continuing and Professional Education. “With the knowledge and experience of the UC Davis healthcare data scientists, we are able to help bridge this gap and prepare professionals for a career in healthcare data.”
At the forefront of this growth are Android-powered smartphone devices. It’s estimated that 88 percent of all the devices sold in the last quarter of 2018 were all powered by Android. It shouldn’t then come as a surprise that companies are looking to 
Another area you can get artificial intelligence in healthcare is through workflow optimization. It helps automate repetitive tasks such as routine paperwork, patient scheduling, and time-folio entry.
As the country’s baby boomer population continues to age, the healthcare industry is gearing up for a whole new level of demand that it has never before gone through. With greater numbers of people requiring doctor visits and hospital care, the industry is looking for ways to be even more productive and efficient to ensure that the quality of healthcare that people are receiving doesn’t suffer.
Careers that combine specialized skills in health care and data are on the rise. It is estimated that by 2030 healthcare-related jobs could grow by 80 million to 130 million, and equipping these health workers with the latest technology and data skills is critical. To help meet this need, UC Davis Continuing and Professional Education has partnered with the online learning education platform, Coursera, to launch a new program,