Pediatricians work to help children growing up in poverty

Healthtech Security

Article | August 31, 2023

The healthcare industry has become a prime target for cybercriminals in recent times. According to The State of Ransomware in Healthcare 2023 report from Sophos, six in 10 healthcare organizations have been hit by ransomware in the last 12 months, up from 34% in 2021. Among this uptick have been several headline-grabbing attacks. For example, Shields Health Care Group became the subject of the single-largest breach affecting any organization globally in April 2023, when 2.3 million patients of the Massachusetts-based medical services provider had their personal data stolen after a cybercriminal gained unauthorized access to the organization’s systems. Meanwhile, in the UK, a ransomware attack on the University of Manchester occurred in June, affecting an NHS patient data set holding information on 1.1 million patients across 200 hospitals. Critically, the wealth of data housed in healthcare networks, and the potential impact of data unavailability in healthcare, make the industry both attractive and lucrative to threat actors. It’s no coincidence that the Sophos report shows the rate of encryption in the healthcare sector is at its highest level in recent years. Of those healthcare organizations which suffered a ransomware attack in 2023, 73% had their data encrypted – up from 61% in 2022. When cybercriminals can successfully take down hospital systems and/or encrypt patient data so it can’t be used, they can blackmail health service providers, demanding significant sums before reinstating systems and/or data availability. Considering healthcare's critical role as the highest-stake industry in our society, where people's lives depend on its success, the likelihood of attackers achieving their goals is greater than in other sectors, as confirmed by the Sophos report. Indeed, of the 73% of healthcare organizations that had their data encrypted, 42% reported that they paid the requested ransom to recover data. DSPT and the compliance burden Without question, the security-related challenges in healthcare are mounting. Right now, industry organizations are operating against a backdrop of unprecedented operational and workforce pressures, spiralling demand for care and industrial action. Moreover, there is a growing regulatory burden, with organizations continually asked to comply with evolving cybersecurity rules, battling with multiple compliance mandates at any given time. Take the NHS as an example. According to the 2023 NHS Providers’ Regulation Survey, just over half (52%) of respondents said the regulatory burden on their trust had increased. And this is expected to ramp up further in the future, with the UK government setting out a new 2030 strategy aimed at bolstering cyber resilience in healthcare. Among the compliance burdens that the NHS faces is the challenge of meeting the requirements of the newly updated Data Security and Protection Toolkit (DSPT). Mandated to minimize cyber risks and enable healthcare providers to maintain a robust information security posture, the DSPT is not a simple checklist of security controls, but a comprehensive toolkit to evaluate current security maturity and establish a risk management programme. Indeed, in more recent times, DSPT has moved away from being a guide for achieving certain levels of assurance, and toward a mandatory evidence-based system which demands NHS organizations align with 10 precise National Data Guardian (NDG) standards: 1. The organization assures good management and maintenance of identity and access control for its networks and information systems. 2. The organization closely manages privileged user access to networks and information systems supporting essential services. 3. The organization ensures passwords are suitable for the information being protected. 4. Process reviews are held at least once a year where data security is put at risk and following security incidents. 5. Action is taken to address problems as a result of feedback at meetings. 6. All user devices are subject to anti-virus protections, while email services benefit from spam filtering and protection deployed at the corporate gateway. 7. Action is taken on known vulnerabilities based on advice from NHS Digital, and lessons are learned from previous incidents and near misses. 8. The organization has a defined, planned and communicated response to data security incidents impacting sensitive information or key operational services. 9. The organization has demonstrable confidence in the effectiveness of the security of technology, people, and processes relevant to essential services. 10. The organization securely configures the network and information systems that support the delivery of essential services. Reducing Compliance Challenges with the Right Solutions Taken individually, these standards may not seem too strenuous to adhere to. However, to be compliant with DSPT, all 10 items need to be completed and deemed ‘satisfactory’. To tick all 10 key boxes in the most effective and efficient manner simultaneously, organizations should consider their strategy carefully. This could involve embracing supportive tools to accelerate and enhance their compliance journey. Boiled down, DSPT demands several key things, including unincumbered visibility of the entire ecosystem, as well as the ability to demonstrate secure access, logs and storage, and essential auditing processes to maintain data security. Achieving these things might appear complicated, even daunting. However, there are solutions known as Security Information and Event Management (SIEM) systems on the market that can make achieving these capabilities, and in turn DSPT compliance, easy. Here, we outline some of the key features to look out for to meet compliance: • Log retention: A modern SIEM should be able to provide a centralized log storage and big data platform that scales to any organization’s size. Platforms should be able to provide role-based access to log data, including ‘data privacy’ functionality that can mask sensitive data until approved. Log data should not be modified or removed by users once ingested into the platform, while all data held should also be indexed and fully searchable. • Identifying and disabling unnecessary accounts: A good SIEM will also provide account auditing facilities for Active Directory that allow administrators to quickly identify dormant accounts. They should also be able to remove privileged user access when no longer required or appropriate. More sophisticated platforms will be able to do this in an automated manner. • Easy identification of issues: Clear and easily readable dashboards, alerts and reports for user logging activity should be provided, including failed login, apparent brute-force attempts, and bad password management practices. Further, those using machine learning will be able to identify unusual behavior patterns based on a baseline of activities of users and their peer group. • Integrate with third-party threat feeds: It will also be able to integrate with a wide variety of third-party threat feeds that provide information about specific known threat payloads/hashes and destination domains/addresses. Meeting the mandate Of course, having the right features in place is only part of the puzzle. For organizations to be truly successful in embracing tools that enable them to meet DSPT compliance more effectively, they should work to ensure that solutions providers offer them ongoing support – both in terms of ease of deployment and to ensure that they are using key systems in an optimal manner. Scalability is another important aspect to consider. Systems should be able to scale and continue to support the organization as data volumes increase and become more complex over time. In respect of scalability, organizations should take time to think about pricing models, ensuring that these are based on the number of devices (nodes). In doing so, it will become easier to accurately budget future costs, as well as provide greater budgeting certainty over the short, medium and longer term. A converged SIEM allows organizations to prioritize the big picture over individual tools, enabling them to develop a seamless and easy to use security operations setup. Not only does this approach boost cost transparency and eliminate potential complexities with managing a variety of siloed products – equally, it reduces the burdens on security teams, eliminating complexities over system integration and enhancing performance. A converged SIEM combines key technologies easily to offer improved security outcomes. In doing so, organizations can easily home in on specific standards and adopt security best practices while reducing the burden on security teams tasked with meeting DSPT compliance.

Healthtech Security

Article | November 29, 2023

Prioritizing health and managing it, has become highly important because our lifestyle is continuously evolving in ways that take a toll on us mentally, physically, and emotionally. However, the major issue for the patients lies in the inaccuracy of treatment due to the lack of complete health records in any hospital. With the recent changes in privacy legislation and data management, patients are even unable to retrieve their own health records. For example, someone had an accident and was taken to the emergency room. The first thing they will need to do in their condition is to fill the hospital’s form. Then, for the treatment, if the injured person is conscious enough, doctors ask questions like if they are allergic to some medicines or do they suffer from diabetes or any other disease. Besides, what if the individual denies having allergies or diabetes in their half-conscious state? And the previous hospitals where they have already had treatment before have denied sharing the medical details of the person either due to privacy issues or data corruption. Well, it can create a lot of fuzz. Solely, to improve the health industry without compromising the security of the individuals, blockchain has remained in the discussion. It has the potential to address the operability challenges present in the healthcare industry. But, what is blockchain, what are its underlying fundamentals, why blockchain, and what are its advantages? Today’s blog will help in understanding every aspect of blockchain and its impact on the healthcare industry. So let’s get started! What is Blockchain? Blockchain is a P2P or peer-to-peer distributed or decentralized ledger technology. It stores a chain of data called blocks of information. These blocks are chained together by cryptographic signatures. These signatures are called hash that is stored in the shared ledger and backed by a connected processes network - node. These nodes reserve a copy of the complete chain and get continually updated by synchronization. Though, to include blockchain in the process it’s necessary to hire a developer who has prior experience and knowledge about its architecture and can work with the components efficiently as blockchain is a designed pattern that consists of three major constituents - a distributed network, a shared ledger, and all the digital transactions. a. Distributed Network As discussed before, blockchain is built on peer-to-peer networks. While having no central point of storage, it makes the information on the network less vulnerable to being lost or exploited. Unlike the traditional client-server model that has a centralized storage point or controlling party, all the information in the blockchain network is constantly recorded and transferred to the participants of the network that are also known as nodes or peers. These peers also own several identical copies of the information. That’s why blockchain is seen as a huge improvement to centralized models and is considered the future of data storage and ownership. b. Shared Ledger Each authorized participant in the network records the transactions into the shared ledger. If they want to add any transaction, it is important to run algorithms that evaluate and verify the transactions. If the majority of members agree to the transaction’s validity, a new transaction gets added to the shared ledger. The changes done in the shared ledger is reflected in minutes or even seconds in the copies of the blockchain. Once the transaction is added, there’s no way to modify or delete it. Also, as the copy is shared in the form of a ledger to each member, no single member can alter data. c. Digital Transaction Transactions are information i.e. data transmission to one block. During the process of data transmission, each node acts as a central point to generate and digitally sign the transaction. As the nodes connect each other in the network, each of them has to verify the transaction independently for its conflicts, validity, and compliance. Only after the transaction passes the verification, the information is added into the shared ledger. The major element that makes digital transactions successful is cryptographic hashing that encrypts the data for security. Why Blockchain technology in healthcare? It has happened so often that the patient remains unable to gather all of their previous medical records in one format from one place swiftly or sometimes cannot even collect the required information at all. Unfortunately, in most cases, the information of critical patients remains scattered across several different institutions of healthcare that too in different formats. Besides, the data management systems along with the security regulations also vary in different institutions making it difficult to trace and fix mistakes. But, what can blockchain do? A blockchain is a system used for storing and sharing information with security and transparency. Every block in the chain is an independent unit of its own and a dependent link among the collective chain that creates a network controlled by participants rather than a third party. As blockchains are managed by network nodes instead of central authority, they are decentralized that prevents one entity from having complete control over the network. With the incorporation of blockchain, the need for a central administrator will be removed by cryptography. Healthcare providers will be able to promote data management processes beyond perception. It will help in collecting, analyzing, sharing, and securing medical records. It will provide the access to healthcare workers for retrieving health records with the cryptographic keys provided by patients from anywhere without creating any privacy or security problems. Advantages of Healthcare Blockchain Although applications of blockchain in the healthcare industry are inceptive, some early solutions have shown the possibility of reduced healthcare costs, improved access to information among different stakeholders, and streamlining the entire business process. So, keeping aside the buzz, let’s see the real advantages of blockchain in healthcare. 1. Master Patient Indexes The master patient index helps in the identification of patients across separate administrative systems. It is often created within the EHR or electronic health record system. As these EHRs have different vendors, there are several irregularities of MPIs. In many cases, the data of a patient between these healthcare systems become mismatched. However, with the nature of decentralization in Blockchain, it possesses the ability to solve the issue. In the blockchain-based MPIs, the data will be hashed to the ledger and content will remain unique as only the authorized nodes of the data can make changes to the hashes while all parties with access can only check the related information. 2. Single, elongated patient records Blockchain technology is potent to transform health care by placing patients at the center of the system while increasing the security and privacy of health records. It provides a new model for health information exchange by forming electronic elongated patient records secured and efficient. Additionally, the fact that the data is copied among all the nodes of the blockchain network creates an atmosphere of clarity and transparency that enables healthcare providers and patients to know how their data is handled by whom, how, and when. It can also help healthcare from potential frauds, data losses, or security attacks. 3. Supply Chain Management Supply chain management in healthcare is a challenging aspect. With scattered settings for ordering drugs, medical supplies, and critical resources, there’s an inherent risk of compromising the supply chain that might impact patient safety. Indulgence of blockchain technology in the transactions can tap into the complete process of medicine or drug products movement. As all the transactions will be recorded onto the shared ledger with every block recording and maintaining every transaction, it will become easy to verify the vendor, distributor, and origin of the drug within a matter of seconds. It will also enable healthcare physicians and officials to check the authenticity of the supplier’s credentials. 4. Claims Justification Currently, the insurance claim processes face difficulties like lack of transparency i.e. most customers don’t even know how insurance works; human errors and inefficiencies i.e. insurances are full of confusion along with human errors that create inefficiencies that lead to the increased cost to customers; higher frauds in claims. But, blockchain technology can simplify and enhance recordkeeping, payment processing, claims registration, contract management, and closure with its immutable ledger. 5. Interoperability Interoperability is the capability of distinct healthcare information technology to interpret, exchange, and use data. Due to the privacy issues, the alphanumeric code to identify a patient has been revoked that caused problems in gathering the required record of the patient. Enforcing measurement standards for industry-wide interoperability is also a challenge in interoperability. With blockchain in healthcare interoperability, data can be shared in real-time on the trusted network and provides access to the patient’s record in a secured manner. Moreover, with the pri

Digital Healthcare

Article | November 29, 2023

Government bodies have organized vaccination drives from the days of paper, pen and file folders. Nations across the globe have successfully run vaccination programs on a large scale. In countries such as India, with the second-largest population, a vaccination campaign to eradicate polio was delivered at specified centers and going door-to-door. India was declared officially polio-free in March 2014. All without technology! Routine vaccination administration has always been either by a scheduled or walk-in appointment. Vaccinating populations for polio, smallpox or similar diseases has always been a part of a multi-year plan for governments.

Article | April 16, 2020

Virtual care and telehealth are no longer seen as merely an innovative method of delivering healthcare; technology is now indispensable to protecting patients, staff, and PPE resources amid the coronavirus pandemic. In a recent Harvard Medical School blog, Lee H. Schwamm, MD, shared that “telehealth, the virtual care platforms that allow health care professionals and patients to meet by phone or video chat, seems tailor-made for this moment in time… The current crisis makes virtual care solutions like telehealth an indispensable tool.” He believes that the role of telehealth is vital to our country as “it can help flatten the curve of infections and help us to deploy medical staff and lifesaving equipment wisely.”