It's Time To Re-Engineer Health Care Cybersecurity

As recently as May 5, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.'s National Cyber Security Centre (NCSC) issued a joint alert to warn that "advanced persistent threat (APT) groups are exploiting the Covid-19 pandemic" to specifically target "healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments," presumably in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.

While it's disheartening that our global health crisis comes accompanied by increased health care cyber threats, it shouldn't be surprising. Cybersecurity in the health care sector is completely fractured and thus ripe for an incursion.

The situation was dire even before the pandemic. According to HIPAA Journal, "510 healthcare data breaches of 500 or more records were reported" in 2019, representing a 196% increase from 2018. The number of individual health care records breached so far in 2020 is likewise troubling, with the journal reporting a staggering 1,531,855 in February 2020 alone.

These cybersecurity issues aren't harmless, and they affect everything from care delivery to solvency. Health care IT News noted that "according to a 2019 American Medical Association-Accenture Medical Cybersecurity Survey, 36% of health institutions were unable to provide care for at least five hours as a result of cyberattacks." Separately, Security Boulevard noted that the average cost of a health care data breach is $6.45 million, adding that "the 2019 Cost of a Data Breach Report by the Ponemon Institute and IBM indicates that healthcare is the most expensive industry in terms of the total average cost per breach. They also had the longest data breach lifecycle—the time it takes to identify and contain a breach—of 329 days."

It's not that competent people aren't trying to defend health care. Every modern health care organization has some combination of IT security package, services and/or policy. The problem is that none of it is really working.

Ask almost any health care leader if their organization's data was stolen today. Or whether unauthorized access to patient records occurred in the last hour. Or if their employees were targeted by a phishing scam this week. Or how likely they are to fall victim to a ransomware attack this year. Then ask how each of those will affect their operation. They likely will not be able to give you definitive answers because existing health care cybersecurity doesn't work that way — but it should.

There's no "set it and forget it" cure for cybersecurity, but until health care cybersecurity achieves the same level of sophistication established in industries such as aerospace or finance, the full power of IT remains suppressed in the industry.

Systematized Specialization

In the second half of the 20th century, if Red Adair and his team arrived to fight an oil fire, you could rest easy that the job would get done. He was a larger-than-life firefighting superhero famous for putting out over 2,000 fires in his lifetime, including the infamous and seemingly unstoppable Phillips gas well fire in the Sahara, known as the "Devil's Cigarette Lighter."

However, he was also a natural engineer, a prodigious inventor, highly innovative, specialized and methodical — and he assembled a body of similar experts directing their combined talents on a single area of expertise.

Sure, they capped blown wells, but what rarely made headlines was their continuous development of well blowout control equipment and unique techniques designed specifically to stop uncontrolled blowouts. There are untold quantities of fires that never happened because of Adair's efforts and the methodologies he helped to establish as standards for managing risks particular to a singular global industry.

Health care cybersecurity demands similar specialization. It may not require its own Red Adair, but a purpose-driven and industry-specific health care cybersecurity model akin to his approach to oil fire prevention and containment needs to be established. We need to fundamentally re-engineer the way we conduct cybersecurity in health care.

Critical Need

Despite over 20 years of critical infrastructure protection efforts by a variety of companies and organizations, including the creation of Information Sharing and Analysis Centers (ISACs) and the ISAO (established in 2015), attempts to improve U.S. cybersecurity posture by identifying standards for robust information sharing and analysis related to cybersecurity risk, incidents, remediation and best practices have not supported health care sector needs.

There are operational realities that exacerbate the problem. U.S. health care is highly fragmented, multidisciplinary and compartmentalized — and so is its technological infrastructure, which runs the gamut from circa-2010 PACS radiology systems to IoT-enabled ventilators. One need only look at the failings and limitations of electronic health record (EHR) development to grasp the varied and disjointed nature of the industry's IT systems, services and standards.

Health care cybersecurity intelligence thus remains proprietarily siloed and bereft of real-time function, operational visibility or capacity to quickly adapt to threat evolution. Any available analyses on such matters amount to floods of irrelevant minutiae or one-size-fits-all vagary, and they arrive too late for decisive action.

There is no situational awareness nor any mechanism for providing it. Despite the legions of security associations and committees and advisories, health care cybersecurity is still pervasively weak. This results in wasted resources and scattershot defense, akin to tending to an endless stream of potential fires ad infinitum without any strategic visibility into their source, scope, cost or cure. It's enormously expensive and ineffectual, and it's limiting the magnitude of IT-enabled advances across the industry.

We don't need to establish another arm of the federal government to rectify health care cybersecurity, but we do need to stop reacting as we have in the past and invest in developing solutions customized to work for the new realities of a health care business.

If we ever hope to get health care cybersecurity under control, we could use some Red Adair-style engineering and innovation specific to our risks and weaknesses as an industry.

2020 Best Tech Startups in Menlo Park

The Tech Tribune staff has compiled the very best tech startups in Menlo Park, California. In doing our research, we considered several factors including but not limited to:

  1. Revenue potential
  2. Leadership team
  3. Brand/product traction
  4. Competitive landscape

Additionally, all companies must be independent (un-acquired), privately owned, at most 10 years old, and have received at least one round of funding in order to qualify.

8. Health2047


Founded: 2015

“Health2047 Inc. is a Silicon Valley business formation and commercialization enterprise.

We are developing and commercializing healthcare solutions that:

  • Enable data liquidity protected by world-class security
  • Realign healthcare systems around chronic care
  • Produce radical productivity at all levels of care and support
  • Facilitate value-based payments”

14 Tech Pros Predict The 'Next Big Thing' In Cybersecurity And Encryption

Cybersecurity is a constant arms race. Because of its continuous evolution, what firms have solved for today might be obsolete by tomorrow. But unfortunately, many media outlets don't focus on the technical innovations of the industry and prefer to look at the failures of cybersecurity.

Instead of covering how encryption technology has evolved, media outlets cover how hackers have bypassed security measures. As a result, people may be less aware of what the current and future trends of cybersecurity and encryption are. To help educate and inform others, 14 experts from Forbes Technology Council explore the latest innovations and trends coming soon in the world of cybersecurity and why they are important.

4. More Customization And Smarter Solutions

The next big thing in cybersecurity will be responsive and predictive technologies underpinning sector-specific, real-time defense systems. There will be a shift away from reliance on one-size-fits-all security services and toward more intelligent and informative cybersecurity solutions customized to better engage, protect and serve particular industry ecosystems. - Charles Aunger, Health2047 - American Medical Association

'Chain' Reaction: The New Decade Will Bring Blockchain Piloting To Fruition In Healthcare And Beyond

Today, blockchain no longer rates as a hot buzzword. But its absence from headlines belies the fact that blockchain is more important in 2020 than ever before. Leaving the bitcoin association completely out of the equation, the blockchain paradigm now underpins the best hopes for future function in the increasingly complex and digitalized business world globally.

At a fundamental level, blockchain was developed to be an irrefutable database and log for distributed exchange and reconciliation. The ability to digitally establish and manage trust and transactions among multitudes of far-flung individuals and/or organizations is blockchain’s source of power. It is no wonder, then, that trades as divergent as journalism and diamond sales have turned to blockchain infrastructure to retool business practices and operations for the modern age.

The healthcare sector is no exception. Over the past few years, there’s been a lot of investment and experimentation on how to best use blockchain technology to alleviate serious choke points and inefficiencies hampering U.S. healthcare modernization.

Those efforts are now beginning to bear fruit. We’re finally starting to see the roll-out of potentially transformative healthcare applications using blockchain as the connector. Here are two important areas I predict blockchain’s real impact on healthcare will become evident early in the new decade:

Payment Transformation

Because blockchain was initially designed as a public transaction ledger for cryptocurrency, related finance functions formed the obvious first wave of expanded use cases. The ensuing proliferation of blockchain-based fintech capabilities for digital payment has matured to the extent that it’s not just represented in the infrastructure of finance upstarts like Ripple, but is functional in interactions among institutional banking entities and even central banks.

Basic payment reconciliation within healthcare ecosystems represents the low-hanging fruit, and blockchain solutions are already entering the space. I expect blockchain payment mechanisms to become even more prominent in the next 18 months to two years.

The benefits of blockchain payment mechanisms in healthcare cannot be understated. Consider the way Square revolutionized point-of-sale systems with mobile technology so that small merchants could accept payment digitally without expensive hardware, massive service fees or the cost burden of waiting 30 days for credit card fulfillment. If you can reduce the amount of time and equipment required for a transaction, you reduce your overhead. And payment processing overhead is a big pain point in healthcare. Blockchain can digitize that process.

Blockchain-based healthcare payment solutions can address partnership agreements through smart contracts that execute when conditions are met — securely and automatically. The introduction of real-time applications for payment authorization will institute vastly improved mechanisms for validation and remittance without having to wade through reams of paperwork.

Such efficiencies in payment infrastructure could invite new organizations to offer insurance, different types of self-pay models or cooperative payment plans. Better payment processing might seem like a small thing, but improving the way it is handled in healthcare represents massive cost savings and makes grander improvements possible.

Pharmaceutical Pioneering

Forging a path for the greater healthcare ecosystem, blockchain is already making an impact on the pharmaceutical industry in a number of ways. For example, information about pharmaceutical research and development is traditionally very siloed, and surfacing information requires enormous expertise and effort. Even for knowledgeable medical professionals, such details are spread among myriad old-school databases and incompatible platforms.

Being able to pull drug development information from, or push queries out to, a distributed mechanism that ensures they’re relayed to applicable pharmaceutical organizations would be of tremendous help to researchers, patients, care providers and drug manufacturers especially.

Blockchain makes that possible. Just last year, the Institute of Electrical and Electronics Engineers (IEEE) announced an initiative to leverage blockchain in clinical trials because “the estimated $44.2 billion global clinical trials market is facing a number of challenges related to patient recruitment and retention, rising costs to meet regulatory policies, data governance, and more.”

Further, by being able to “spend” information securely and anonymously, pharmaceutical companies can also better digitally manage functions such as supply chain, quality assurance and fraud prevention. If you look at what’s happening with Walmart and its foray into IBM’s Food Trust blockchain for tracing grocery provenance or its enormous supply and logistics blockchain, this same type of infrastructure can apply to better managing medications (not coincidentally, Walmart is also pursuing drug tracking blockchain systems with pharmaceutical partners).

Pharmaceutical companies are also using blockchain to enable other revolutionary technologies in the pursuit of new treatments and products. In Europe this past summer, the blockchain-based Machine Learning Ledger Orchestration for Drug Discovery (MELLODDY) was launched to train machine learning on chemical libraries from Amgen, AstraZeneca, GlaxoSmithKline, Janssen, Merck and Novartis, among other participating companies. According to The Lancet (registration required), MELLODDY will “accelerate the drug discovery process by making it easier to identify promising compounds” without having to pool data and while still preserving each company’s intellectual property, privacy, and control.

Why Now?

Blockchain’s emergence now springs from legacy technology’s inability to adapt to the enormous amounts of data now flowing from every interaction. There’s value in all that information, but only when it can be properly exchanged and digested while preserving the security and privacy protections essential to the sector.

But there is no single blockchain platform for the world: It’s not like the internet. What we do have today — that was not available even a few short years ago — is a host of increasingly cross-functional blockchain-as-a-service platforms supported by reliable technology companies such as Amazon, Microsoft, IBM and others. Such off-the-shelf infrastructure frees healthcare organizations from needing to create their own blockchains and lets them simply develop or adopt more efficient applications that are built on a blockchain. That shift is game-changing.

Because of this, we’re going to be using a lot more blockchain-powered technology platforms and apps to improve a lot of things in healthcare, including transaction logging, validation, contracts, health records, credentialing and more.

Payment practices and pharmaceutical projects may lead the way, but 2020 will be the start of the blockchain decade across healthcare.

AMA innovation arm spins out data access startup led by Geisinger alum

Health2047, the American Medical Association's innovation enterprise, announced on Feb. 27 its fourth spinout company: Medcurio, which develops software to improve healthcare organizations' data access and usage.

Medcurio is led by CEO Walter "Buzz" Stewart, PhD, who previously served as chief research officer at Sacramento, Calif.-based Sutter Health and associate chief research officer at Danville, Pa.-based Geisinger Health System, where he also founded the Center for Health Research.

Medcurio's software offers care teams simplified, self-serve access to approved de-identified patient data, eliminating the need for extraneous data support roles and allowing for immediate access to requested data.

"Vast amounts of useful healthcare data are constantly being collected, but most of it remains inaccessible beyond siloed applications, and we need a solution to leverage its full value," Health2047 CEO Lawrence Cohen said in the announcement. "Our spinout of Medcurio is a critical step in enabling data liquidity and giving healthcare organizations the ability to instantly access all data needed to derive insight and make decisions, without compromising patient data privacy."

Healthcare: In service of the people

In the age of consumerism, chronic disease, and technological innovation, the future of patient-centered healthcare will be very different from today’s experience. That is a good thing.

Healthcare is a service. Transformative methodologies deployed for decades in other service industries will be adopted, albeit evolved, into healthcare. And by far, the foremost service trend across all sectors is heightened personalization and greater choice — expressions of brand empathy with the customer.

The future of healthcare lies in authentic empathy for the individual patient — healthcare’s ultimate customer — and cultivating long-term relationships with brands based on trust and value.

At the recent HLTH conference in Las Vegas, there appeared to be some confusion around identifying healthcare’s ultimate customer. Speakers intermixed “consumer” and “patient” throughout their talks. It raises a question, “How about person?” A talented patient engagement leader exclaimed, “Our patients are just like the real people in the community.” News flash: They are the real people in the community.

This muddling reflects the perceptual difficulty healthcare faces as it tries to adapt to a modern continuous engagement model. The old idea that “patients” are event-driven phenomena requiring treatment at a hospital on the hill is fine for acute illness and injury. But it does not work for conditions that individuals live with continuously. Today’s most pressing health issues overwhelmingly skew toward chronic disease prevention and management — which requires a much more cooperative and participatory care and service paradigm. You probably will not need to see an endocrinologist at a big medical center tomorrow if you join your neighborhood diabetes prevention program (DPP) today: People require both kinds of healthcare delivery and they need to be treated as people just like any other industry selling services.

The future face of healthcare also requires contemplating brand and its role in service delivery. The incentive structures, technologies, and care requirements of our system traditionally encourage shining temples of exemplary care — where glitzy décor, classical statuary, and a hotel-like experience convince you where you should have your surgery.

Beyond the “fanciest building” approach to drawing customers, health systems have not contemplated the lifetime value of the people they engage — preferring, more typically, a distinctly transactional outlook. Our engagement and evaluation tools reflect this, and few large systems have an engagement plan that matches the shine of their new hospital building.

On the other end of the spectrum, a company like BMW can tell you the long-term value of all its customers. This Customer Lifetime Value (CLV) is a measure that drives the automaker’s decision-making around marketing, sales, product development, service, and more. The underlying logic is to get you started with a 3 Series, upgrade you to a 5 Series, and ultimately shepherd you into an MClass, SUV, or 7 Series. BMW’s goal is to be your preferred car provider through all the stages of your driving life.

Conceptually, CLV traces back to the late ’80s, when marketing had a revolution in data-driven analytical approaches to better business insight. The work helped justify spending early to forge a customer relationship and fostering profit growth over time. CLV heuristics are obviously rooted in general business sentiment — the idea that it’s good to keep a customer is not new. Yet advancement in data-based spending and profitability models supporting long-range customer engagement strategy has transformed our entire retail experience and most service segments. And it should transform future healthcare delivery as well.

This model has further matured as companies like Amazon and Google articulate the value of investing to perpetuate customer loyalty — acceptable losses today incurred as a pathway to steady profits tomorrow. At the core of this analytic mindset is a very simple concept: empathy.

Exponential tech advances will change the world faster than we think

We live in a world of exponentially increasing technology advancements. Never in the history of mankind have so many such advancements emerged in parallel and in combination, carrying so much impact.

The phenomena are marked in time: The timing from what once seemed impossible to possible and functional can become extremely short – sometimes measured in just days or weeks. Ever heard the maxim that internet years are like dog years, where one in actual elapsed time equates to seven? Exponential advancement is the reason.

Some exponential advancements are now so predictable, such as the rate of growth of computing power, that companies have baked-in the expected advancements in their products. Similarly, it is fairly predictable that full genome sequencing today can be done for a few hundreds of dollars, as opposed to the thousands required in 2015, or the millions in 2006, or the billions for the first full sequence in 2003. The speed of wireless communications will soon multiply by at least 10X, and deep learning will continue to exponentially advance in capability in our near future. And all of this is happening in concert. As a result, it has become harder and harder to develop new companies based on any of these advancements alone.

The greatest opportunities for new venture breakthroughs come when we apply multiple exponentially growing advancements of these technologies together. Call this the “collision of exponential technologies.” This collision amplifies both power and possibility. It’s not the old business adage of 1+1=3. It’s 1+1=1000.

At HLTH, 3 patient experience officers indicate emergence of new era of patient engagement

Jack Stockert, managing director at Health2047 and who was the panel moderator, asked them to share some examples to illustrate their feelings about enhancing the patient experience. Dubovsky offered a quote from a former head of spiritual care, underscoring health’s transitory nature: “Cedars Sinai is a place where the temporarily well take care of the temporarily unwell.”

Boissy talked about one of her multiple sclerosis patients, who had been hospitalized for an infection. She found him crying in his room and soon learned his son had been killed but was still on life support at another Cleveland hospital. She had the son transferred so her patient could say goodbye.

“This is about recognizing the work we do is incredibly human, and it haunts people,” said Boissy. “Whether it’s cool technology or simply recognizing that we have human beings delivering human being care, we will go much further, faster.”

In keeping with the conference’s attention towards precision medicine, Dubovsky discussed precision engagement.

“We’ve convinced ourselves that every single patient discharge from our facility needs the exact same survey at the exact same time with the exact same questions…It just makes no sense.”

He wants to reverse-engineer this approach, starting with the patients and determining which questions are most appropriate for a woman who just delivered a baby or someone with stage 4 cancer.

The panel agreed they have a long way to go, but expressed optimism that cultures are changing and they will ultimately get there.

“So, for the first time we have a clearly articulated strategy about what we’re hoping to accomplish,” said Boissy. “I feel a tremendous amount of hope around all of us…united around what we’re hoping to accomplish in this strategy and then building it out.”

Cybersecurity Is Not Necessarily A Technology Issue

The latest affront to cybersecurity in the healthcare space is an investigation conducted by ProPublica discovering that medical images and health data belonging to over 5 million Americans have been sitting on 187 servers across the nation that are unprotected by passwords or basic security precautions and accessible to anyone with internet access and "basic computer expertise."

It made for shocking headlines, and steps have been taken to rectify the situation. However, most people will no doubt soon forget it, just like the 551 active cybersecurity breach investigations currently listed on the Department of Health and Human Services website. The ProPublica investigation noted that incidents have affected over 40 million individuals in the U.S. over the just past 24 months.

Cybersecurity failures involving what should be sacrosanct health information have become so frequent and common that we are collectively desensitized.

There's even a now-standard response usually involving many apologies and promises to do better, followed by a brief witch hunt and the purchase of some supposedly improved technology or security system. Then it's back to business as usual. Like popular consumer security systems for the home, we collect the greatest new gadgets, install them and play with them for a few days. Then we quickly decide they're too much of a hassle to activate all the time or maintain, and we forget about them — until porch pirates attack and we decide it's time to buy the latest upgrade.

The same thing happens in healthcare cybersecurity. We buy lots of software and technology and then hope for amazing miracles to ensue so we don't have to worry about it anymore.

But that's not how cybersecurity works. Technology will not fix this problem.

AMA CEO: Innovation isn't about theory — it's 'a new idea'

Innovation is not merely a synonym for brainstorming, but should instead describe the process of developing actual life-changing solutions, according to James Madara, MD, CEO and executive vice president of the American Medical Association.

During a recent program updating AMA employees and partners on the work of Health2047, the organization's Silicon Valley-based innovation arm, Dr. Madara explained the AMA's innovation philosophy.

"Think of innovation as a new idea that's helpful brought to market," he said, per a recap of the program from the AMA. "It's not theory. It's something that can be applied and can change lives."

Among Health2047's ongoing projects is an initiative to improve interoperability and the exchange of data. "The problem with healthcare data is it's sort of like your grandmother's attic. It's got all this stuff up there; nobody really knows what's up there, and it's not organized. … That data should be assisting us in how we do healthcare," Health2047 CEO Larry Cohen, PhD, said at the program.

As such, Dr. Madara quipped that success for Health2047 and the AMA's innovation efforts would be like "cleaning Grandma's attic."

Read more here.