With new technology comes to new terminologies, like cybersecurity. Unfortunately, this new technology also spawns the creation of new methods to bypass security measures. And while data breach may not be a new term or even a new problem, in 2019, it’s become a massive issue, particularly in the healthcare industry.
In 2015 alone, there were more than 750 cyber data breaches, with the top seven cumulatively involving 193 million personal records that were available for hackers to use for fraudulent activities and identity theft. The top three data breaches that year were all in the healthcare industry.
Healthcare records are full of highly sensitive information, from social security numbers and other personal data to medical histories and health insurance information — everything a hacker needs to steal someone’s identity. But besides the wealth of juicy details these records include, it’s the vulnerability that exists in the industry that attracts trouble.
Besides being a repository of vital information that hackers need, the healthcare industry has been particularly vulnerable because of the weak link philosophy. You’ve probably heard that a chain is only as strong as its weakest link. This is also true when it comes to cybersecurity. And it’s something hackers prey on.
According to a 2016 Healthcare Industry Cybersecurity Report, the healthcare industry had the fifth highest amount of ransomware counts of all industries. The report also stated that more than 77 percent of the entire industry was infected with malware. According to the report, the most prevalent weaknesses existed in “health treatment centers, insurance providers, manufacturers and hospitals.” In other words, everywhere.
The authors of the report mention how the industry is facing pressure from both sides ? from hackers who specifically target them and employ different methods in doing so, and from regulatory agencies who are trying to prevent this from happening.
The problem doesn’t rest with the IT departments in most cases, but rather with the employees who aren’t prioritizing, or even aware of, security issues and with those who have been tasked with training and managing them.
“The low social engineering scores,” the report states, “among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient and this poses a real risk to those organizations.” Hackers know that these employees represent low-hanging fruit. This is why they’ve become such a target.
The main risks, according to the report, are the wireless devices so prevalent in the industry and the amount of information that’s exchanged through them. While these devices are beneficial for their speed and access to information, the way in which they’ve been mishandled and implemented is resulting in added security risks.
How these breaches affect consumers
A survey by Accenture in February of 2017 revealed that healthcare security breaches affect 26 percent of U.S. consumers. And 50 percent of those had their identity stolen, resulting in an average out-of-pocket cost of $2,500 per person. That means for every eight people, one person has had their identity stolen as a result of a healthcare data breach. But perhaps the greater aspect of this problem is reach, as in nearly everyone has health records in the system.
In the largest healthcare data breach to date, Anthem Blue Cross, in January of 2015, had 78.8 million patient records stolen. This included information such as dates of birth, addresses, and social security numbers ? the information hackers most need to steal someone’s identity.
In the case of the Anthem Blue Cross breach, consumers weren’t told about the breach by law enforcement or Anthem themselves. They found out the hard way: by noticing something was wrong on their bank and credit card statements.
How healthcare companies can improve security
The need to take extra precautions when dealing with sensitive healthcare data is obvious. But if the problem was easy to solve, it wouldn’t be a problem to begin with. And unfortunately, for every zig in security measures, there are a hundred hackers ready to zag.
Assess the larger risk as it pertains to the entire system, rather than relying on specific vulnerability analyses.
Always know where your sensitive data is being stored.
Improve training across the board. Impart the risks and precautions to employees, and make certain all understand policies and procedures before handling any consumer data.
Address the issue of third-party vendors. Make sure they’re handling your sensitive data properly.
Reinforce the infrastructure, including all software, with extra cybersecurity measures.
While the theft of information that leads to someone’s identity being stolen is the main risk, it isn’t the only risk. When sensitive medical conditions are made public, it can affect a person’s ability to get or keep a job and their professional and personal relationships.
The impact on businesses and organizations is also dire when leaks occur, as their trust, credibility, and reputation suffer dramatically. They also open themselves up to the possibility of massive fines and lengthy investigations.
The FDA recently issued new guidelines for securing data in medical devices, such as smartphone apps. This is especially important, as the HIPPA (Health Insurance Portability and Accountability Act) Journal has stated that 91 percent of cyberattacks are the result of personalized phishing emails sent to employees.
While you may think of technology in terms of the CT scanner, the advancements made in recent years in cardiac monitors, portable x-ray equipment, sonography, bedside lab testing, even IV needles are all part of how tech is improving healthcare.
Just ask the medical staff of inpatient and outpatient rehab centers. Point of care testing allows blood testing to be done at the bedside. Results for electrolytes, hemoglobin and hematocrit, glucose, blood gases and several other essential blood tests can be in the doctor’s hands in the time it used to take to run the blood to the lab.
Every discipline of medicine is evolving because of the changes in technology. First, there were x-rays then CT scans and MRIs. Now PET scans routinely diagnose very early cancers because they scan the body at a cellular level, often finding tiny areas of increased activity that wouldn’t show up on a CT scan or MRI. Speaking of pets, tech has helped improve the health of our dogs and cats. Whether simply treating a constipated dog or detecting cancer in a cat, the same image scans that serve to help people are being used to help their pets. Robotic surgery sounds like science fiction, but the discipline is gaining acceptance everywhere. Very small incisions have replaced long scars as surgeons control miniaturized instruments from a monitor with magnification that enables very precise work.
Even common health problems, such as diabetes and asthma, are affected by improved technology. Advanced diabetic pumps and monitors help to control blood sugars more exactly as well as improving the quality of life for many diabetics. The newer asthma inhalers deliver a more accurate dose and are easier to use, especially for elderly and young patients.
Computers connect health care agencies and allow researchers to gather data in real time. The diagnosis of a case of influenza or meningitis can be reported to the CDC within minutes to hours, helping to stop the spread of epidemics.
Rural healthcare organizations and their patients are up against a myriad of challenges, from minimal funding and resources to limited access to care, social determinants of health, and more barriers that stand in the way of effective care delivery. Unfortunately, nearly half of rural hospitals operate at a negative margin and are struggling to survive, according to iVantage’s 2017 Rural Relevance Study.
The number of rural hospital closures has risen to 87 in the last eight years, according to the National Rural Health Association (NRHA). The closures create a large gap in healthcare resources available in rural communities, as the residents cannot always drive or fly great distances to access needed care. Virtual care technology can address gaps in care and help rural providers continue to deliver care for the vast populations and geographies they support.
Increased re-admission rates amongst rural patients are driven by inadequate care and support after the patient returns home. Home health organizations now play a critical role in helping hospitals reduce these rates by providing care to rural patients, especially during the initial thirty days after discharge. Home health organizations are actively implementing virtual care platforms to automate the post-discharge follow-up with a rural patient by sending reminders to schedule appointments for post-discharge virtual visits via the communication channel of the patient’s choice – e.g., text, SMS, email or even a phone call. Follow-up care can be provided in a cost-effective video call (for home health providers and patients) which optimizes the caregiver’s productivity by minimizing excessive transportation time, travel costs and related liabilities typically associated with driving to/from patient homes.
To help home health agencies, there has been a longstanding Medicare rural add-on for home health services. Federal add-on payments through the Center for Medicare and Medicaid Services (CMS) have been crucial to these agencies operating in rural regions of the country. The 3 percent payment modifier to reimbursements for services provided in rural and underserved areas helps these agencies which face higher overhead expenses through factors such as increased travel time between patient visits and demands for extra staff. This payment modifier is imperative so that rural agencies will be able to keep their doors open and provide necessary care to home-bound patients.
However, the Centers for Medicare & Medicaid Services (CMS) has proposed payment rules which may impact the delivery of home health care in rural communities. The shift was mandated by the Bipartisan Budget Act of 2018. Under the new methodology, CMS is varying add-on amounts depending on a rural county’s home health utilization, population density and other factors. Unlike the current standard of a 3 percent three percent rural add-on, CMS’s proposed payment rule segments counties into “high utilization,” “low population density” and “all other” categories:
High-utilization counties are “rural counties and equivalent areas in the highest quartile of all counties and equivalent areas based on the number of Medicare home health episodes furnished per 100 individuals who are entitled to, or enrolled for, benefits under part A of Medicare or enrolled for benefits under part B of Medicare only, but not enrolled in a Medicare Advantage plan under part C of Medicare.” Low population-density counties are designated due to their population density of six individuals or fewer per square mile of land. The all-other category includes counties and areas that don’t fit into either definition.
Technology advancements are helping many industries thrive in the current Computer Age. One of these is the healthcare industry. The advancement in technology within healthcare is more noticeable today especially since some technology is wearable and can be seen on many different people. Some physicians are even monitoring their patients through their patients wearables. This article takes a look at the different types of wearable technology associated with keeping people healthy and examines how people can benefit from it.
One of the most common and noticeable wearable technologies is a fitness tracker. Since the release of the first Fitbit fitness tracker in 2015, people have incorporated these devices into their everyday lives. And since then, many companies have now invested in creating their own activity monitoring wearable devices. These activity monitoring wearable devices have gotten so big that they have even become a fashion statement. The Fitbit Versa, Garmin Vivoactive series, the Nokia Steel HR, and the Apple Watch are just some of the fitness trackers that can be seen on people no matter the occasion. Fitbit has taken it a step further and plans to use Google’s Cloud Healthcare API to help physicians manage their patients remotely.
Eyeglasses for the blind
Fitness trackers are not the only healthcare related wearable technology. Eyeglasses are now being fitted with technology that can help the wearer with their day to day life. Amazon’s Echo Frame glasses feature Alexa. This is revolutionary and you can get prescription lenses for Echo glasses, so no matter what your visual needs are, this is an option for you. In another great leap for tech, Aira has created a pair of glasses to help blind people throughout their day. The Horizon is the first pair of smart glasses designed for remote visual assistance.
The Aira kit comes with a pair of glasses, a phone, and accessories to help with connectivity. The glasses have a built-in camera that is connected to an Aira agent that can help walk the user through any obstacles they need assistance with. With a touch of a button, the user will get real-time assistance as needed. When at home, Aira, can help the user do everyday tasks such as sort mail and medications, read recipes, and separate laundry. When at school, Aira can help the user get around the campus, find a seat, choose food at the cafeteria, and read the whiteboard.
While at work, Aira, can help the user operate office equipment, interpret presentation slides, and sort papers. Aira can also help users explore the world around them. Aira can help users go on a hike, sightsee a park or zoo, and even help find equipment at the gym. The Aira Horizon can help users enjoy everyday tasks with a different sense of freedom.
Breast cancer-detecting bra
The iTBra by Cyrcadia Health is more than a bra, but a piece of wearable technology that can help women detect breast cancer. Doctors advise women to have an annual mammogram, but many patients still fail to detect tumors early. The dual breast patches in the iTBra monitor circadian metabolic changes in heat, which is related to cellular activity found often in breast tumors. This data is sent to the users’ device, which can be easily shared with the users’ doctor. Cyrcadia believes that this method can help detect cancer in dense breast tissue four to six times better than mammograms. Cyrcadia believes that this can lower avoidable breast biopsies by 1.2 million.
Hip airbags for the elderly
Some companies are focusing their efforts on creating wearable technology for the elderly. Helite, the airbag technology expert, has created the Hip’Safe specifically with seniors in mind. According to the Centers for Disease Control and Prevention, over 300,000 people 65 and older are hospitalized for hip fractures. Helite’s Hip’Safe is a wearable fanny pack looking device that includes houses sensors, an air cartridge, and airbags. When the device detects the user is falling, the airbags on each side will deploy to prevent the user from a serious injury. The Hip’Safe comes at a hefty price tag of about $750, and the unnatural form factor of the product may deter some people from purchasing the product.
By Shane MacDougall, senior security engineer, Mosaic451
Shane MacDougall
The other day I was asked what is the biggest information security threat facing any company in 2019. Is it ransomware? Some AI powered malware? Overpowering DDOS attacks? I didn’t hesitate – the answer is the same as it has been since I was first asked the question over two decades ago. The biggest threat to our infrastructure remains our users.
Social engineering, an attack where hackers extract information and access, not from traditional hacking attacks, but rather by interacting with a person in conversation, remains a devastatingly effective method of gaining unauthorized information or access to a network. It’s an attack vector that rarely fails. Unlike logical attacks, social engineering leaves no log entries to trip IDS or alert security admins. As organizations invest more dollars into security appliances and next-gen blinky boxes designed to harden their perimeter, attackers are increasingly opting to target the weakest link – the end user.
Recently, I was in Canada at the Hackfest hacker conference in Quebec, as host and organizer of the second installation of its social engineering “capture the flag” competition. The three part competition had the competitors first spend a week searching for specific pieces of information (flags) about their target company, from a list of items provided by Hackfest. The flags range from information that can be used for an onsite attack (who does your document disposal, what is the pickup schedule), those that can be used for a logical attack (type of operating system, service pack level, browser and email client information), networking information which gives the attacker information about the infrastructure (wifi info, VPN access, security devices), and finally information about the employee and the work environment, which could be used to help the attacker pose as an insider.
The second portion of the competition had the contestants hop into a sound proof booth, and were given 25 minutes to call their target company in front of an audience, and to gather as many flags as possible based on their dossier information. The third and final segment had competitors randomly draw a target, then each contestant had 30 minutes to use the audience members to search the web for flags or phone numbers to create a workable dossier. Each competitor was then put back into the booth to make another 25 minutes worth of calls in hunt of flags.
The results of this year’s contest were eye opening, but sadly reminiscent of last year’s event. Of the eight companies targeted, all gave out information that would give an attacker an advantage for a remote attack, on-site attack, or both. Specific breakdowns of results include:
75 percent visited a URL provided by their attacker
100 percent gave information about what version operating system/service pack version they were running
88 percent gave detailed information on what internet browser they were using
75 percent divulged information about Wi-Fi within their network
63 percent divulged information about secure document shredding, including their provider and the schedule for disposal
63 percent divulged detailed information about their email client
75 percent gave detailed information about the internal computer network
75 percent shared personal information about themselves and their work history
One of America’s oldest toy companies, Hasbro, recently gathered 150 developers and created 45 products that would have cost billions of dollars in a traditional research setup. How did they do it? They held a hackathon. When a traditional toy company sees the rewards of hackathons, everybody else should be paying attention.
And in some industries, they are doing just that. Hackathons have been taking place for years in tech, manufacturing and consumer goods markets, but then there’s healthcare: an industry known for its conservative, slow-to-adopt philosophy when it comes to new technologies. But the good news is that hackathons have now gone viral in healthcare—a market where innovation and talented minds are sparking the next wave of care transformation. The reason for this revolution is rather simple: When like-minded individuals across disciplines, with lots of energy get together, great things can happen.
So what exactly are hackathons all about?
New ideas, fast
Think of a hackathon as product ideation, development, and roll-out on steroids—often in a single day. Hackathons bring the adrenaline and clarity that comes from working under a tight deadline to a motivated group of individuals dedicated to a single task. The tight timeframes of hackathons compress grand ideas and distill them into an actionable approach that can be reasonably delivered.
And we’re talking about more than the creation of a simple app. A requirement for a hackathon can also be to define the business case behind a new product or to conceive of the infrastructure that will support it.
For example, the Icahn School of Medicine at Mount Sinai recently hosted its third annual Health Hackathon. With more than 100 participants from clinical, scientific, computer science, business and engineering backgrounds, this year’s theme was problems related to rare diseases, a major challenge in healthcare. Finalists presented solutions, such as a reinvention of the walker for patients with Huntington’s Disease, smartphone-based eye-tracking technology so immobile patients can interact with connected devices, and a smartphone app to provide diet-based tracking for those with metabolic disorders.
In another example, the Cleveland Medical Hackathon hosted at the HIMSS Innovation Center, produced revelations such as a wristband that senses stress levels in the blood and electrical activity in the heart to help a patient monitor cardiac activity at home; a health portal that rural patients can access without the Internet through an SMS-based interface; and headgear to help blind and visually impaired people navigate unfamiliar environments—created using $20 in parts and open-source technology.
Herald Health, a company recently acquired by Persistent Systems, also recently launched an intelligent workflow and care delivery solution to address the deluge of data overwhelming healthcare professionals. The solution was created at a hackathon sponsored by the Digital Innovation Hub (iHub) at Brigham and Women’s Hospital.
The value of perspective
Your internal teams may be excellent, but there’s something extraordinary in getting insight and inspiration from someone on the outside, with a new perspective, who is new to your particular challenge. And, with low cost of failure, a developer can pursue innovations that would be impossible with accountable budgets and board members to answer.
Chairman Lamar Alexander (R-Tenn.) welcomes Senators Mitt Romney (R-Utah), Mike Braun (R-Ind.) and Jacky Rosen (D-Nev.) to the Senate Health, Education, Labor, and Pensions (HELP) Committee, after Senate leaders announced committee assignments for the 116th Congress:
“I welcome Senators Mitt Romney, Mike Braun and Jacky Rosen to the HELP committee and look forward to working with them on reducing healthcare costs for Americans, making the cost of college worth it for all students, and continuing to work with the Trump Administration to help grow jobs and raise family incomes. The work we do in our committee touches the lives of virtually every American—former Chairman Ted Kennedy once said that the committee had 30 percent of the legislative jurisdiction of the Senate—so we are very fortunate to have such a talented roster of senators.”
The Senate HELP committee will be composed of 12 Republicans and 11 Democrats. Sens. Todd Young (R-Ind.) and Michael Bennet (D-Colo.) vacated the committee after the 115th Congress.
Below is the full list of the Republican members of the HELP Committee for the 116th Congress:
The approval of electrocardiogram’s (EKG) through the FDA that enables atrial fibrillation detection right from a patient’s watch band is just one example of how the digitization of medical devices, a part of the Internet of Things movement, is leading product development and innovation in medicine. However, while medical devices built on a connected services platform include components for data storage, security, accessibility, and mobile applications, along with advanced analytics, successfully implementing artificial intelligence to drive actionable intelligence remains a challenge from an execution perspective. According to Gartner, 85 percent of data science projects fail. Successful integration of data science into medical device development requires a rethinking around the role of data science in product design and life-cycle management.
Viewing data science as a product
While data science is rightly defined as the process of using mathematical algorithms to automate, predict, control or describe an interaction in the physical world, it must be viewed as a product. This distinction is necessary because, like any medical product, data science begins with a need and ends with something that provides clear medical utility for healthcare providers and patients.
It is erroneous to restrict the realm of data science to just the designing of algorithms. While data scientists are good at fitting models, their true value comes from solving real-world problems with fitted data models. A successful algorithm development process in data science includes business leaders, product engineers, medical practitioners, and data scientists collaborating to discover, design and deliver. For instance, a typical data science integration with a medical device product would include many of the following activities:
Identifying the medical need
Identifying proper data variables
Developing the right analytic models
Designing analytic algorithm integrations
Performing testing and verification
Deploying beta versions
Monitoring real-time results
Maintaining and updating algorithms
Considering data science as a product or feature of a product provides organizations with a different paradigm for execution focused on a tangible outcome. Data scientists are trained to develop accurate models that solve a problem, but the challenge many companies face is operationalizing those models and monetizing their outputs. Furthermore, conceptualizing data science as a product will ensure companies focus on its implementation, rather than just its development.
Advanced analytics: Part of the process, not an afterthought
Designing intelligence (even AI) into a connected medical device first depends on whether the data is being used to make a real-time decision or report on the outcome of a series of events. Most companies don’t realize the layers of advanced analytics that create actionable intelligence. By understanding these layers, which range from simple rule- and complex rule-based analytics to asynchronous event rules, complex event processing, and unsupervised learning models, companies can move quickly into developing mature analytics that have an impact from day one. As a company matures its analytics system from descriptive and diagnostic to predictive and prescriptive, it should also evolve to include strategic opportunities to provide business value, including automating decisions that can be delegated to a smart decision-support system.
Successful integration involves viewing advanced analytics as an architecture and not as a single solution to be implemented. The best way to make sure that you are successful in analytic development is to follow a continual process of discovery, design and delivery. For instance, data science architecture may begin with a business question, requiring you to determine if you have the right data and can actually leverage that data in the existing IT system. If you don’t answer this basic question, you will have challenges fully vetting the analytic opportunities available to you.
Recognizing common challenges in data science execution
Data science execution is often impaired by common missteps, like incongruence between customer and business needs and solving technical problems when it’s too late to have a positive impact. Another significant mistake from the business side is treating data science like a one-time accomplishment and not realizing it is a continuous process, or like a software development process with an unwarranted fixation on tools rather than skills and capabilities.
To use a common metaphor, data science is not a single moon shot, but laps around a track. Ultimately your goal is to run progressively faster around the track. An equally major drawback hindering execution is artisan thinking where design is seen as the ultimate end to the data science process. In fact, the most desirable approach is a modular system with emphasis on consistently maintaining and improving what has already been designed. This is particularly true for medical devices where innovation and changes in technology are continuing to better support and enable patients and practitioners.
With new technology comes to new terminologies, like cybersecurity. Unfortunately, this new technology also spawns the creation of new methods to bypass security measures. And while data breach may not be a new term or even a new problem, in 2019, it’s become a massive issue, particularly in the healthcare industry.
While you may think of technology in terms of the CT scanner, the advancements made in recent years in cardiac monitors, portable x-ray equipment, sonography, bedside lab testing, even IV needles are all part of how tech is improving healthcare.
