Keys to Winning the Cybersecurity War

A cryptographer, a cyber security guru, and an NSA agent walk into a bar. Who buys the first round of drinks?
This is not farfetched, 43k people descended on San Francisco in February for this year’s RSA to discuss the future needs to secure our data and the technology that we use. Hot relevant topics to healthcare and pharma included – privacy, cyber threats, artificial intelligence, blockchain, and of course… hacking.

The Keys to Winning the War on Cyber Crime: Think Small & Collaborate: Chris Young of Intel security raised concern about the integrity of small data and called for collaboration in the industry as the only way to effectively secure our future. He expressed concern about the ways in which small data can be manipulated to disrupt our decision making and more.  For example, false information can be fed into automated cars to disrupt traffic systems. He focused in on the homes and the smart devices being recruited into the Mirai botnet army. He highlighted three collaborations: GitHub/OpenDXL, nomoreransome.org, and the Cyber Threat Alliance.

The call to cooperate and collaborate was echoed by Virginia Governor Terry McAuliffe who pointed out that states manage massive amounts of constituent data, and would benefit from a ‘unified national cybersecurity framework’. Coincidentally, during the conference, a security company, Recorded Future released a list of more than 60 organizations that had been hacked. The list included universities, city and state government, and federal agencies.

Geneva Convention for Cyber Crime: Microsoft president, Brad Smith called on governments of the world to unite in the fight against cybercrime.  He proposed a group of global tech experts, academics, civil society, and public and private sectors to examine attacks to determine whether it was made by a specific nation-state. While there are currently some information sharing efforts, privacy concerns remain an obstacle.

Nutrition-Like Security Labels: In his keynote at the RSA Security Conference, Hugh Thompson, CTO at Symantec talked about consumer labeling for devices that can be used to spy on us or recruited for another purpose. A possible solution, he said is to require manufacturers divulge the potential faults of their devices and called for a set of ‘security certifications’

Regulating the Internet of Things: Saying the risks of doing nothing are too great, Bruce Schneier, CTO at IBM Resilient called for creating a new government agency focused on IoT regulation to address threats like the Mirai botnet.  The market, he warned is not going to fix the problem of vulnerable devices because neither the buyer nor the seller cares.  “The market tends not to fix safety or security problems without government intervention” he said.

Can Artificial Intelligence Fill the Cyber Security Skills Gap?: As the need for cyber security grows, so too does the global talent shortage. That shortage was evident this month when 17 tech companies took their first public stand against a government policy when they filed a friend of the court brief in the lawsuits on the immigration executive order. They said that tech companies were already competing against each other for limited tech talent.  Can AI fill the skills gap? The consensus is that it cannot single-handedly detect and automatically respond to every possible attack. However, while AI cannot do it alone, several tools using some form of AI were showcased at the conference. Potentially ‘disruptive’ uses of AI are using it to sort the ‘good guys’ from the bad guys.  Those leveraging AI to better understand human behavior focused on identifying insider threats and suspect behavior.


Learn about 94 Brands, like Pfizer, Mayo Clinic, and IBM and their

activities across 1,300 conferences and trade shows –

Download Now!

 

Navigator: HIMSS, Interoperability, Cybersecurity, National Patient ID

Happy St. Patrick’s Day! I hope that everyone has an extra green shirt to wear tomorrow to cheer on my Michigan State Spartans in the NCAA tournament. I cannot just be a pure data geek… I have to have other interests!

Although, being a data geek is not a bad thing; we are welcoming several new clients and exciting things are happening at Lodestone Insights.

Stay tuned in over the next few weeks as we make it easier for you to get access to Lodescore.  Lodescore is the only data-driven resource that helps inform conference choices for speaking, attending, sponsoring, and exhibiting. We are tracking and evaluating over 5,400 conferences in medicine, life sciences, healthcare, and technology. It is the Hotels.com for conferences. Make sure that you are investing your time and money and get the ROI that you hope to achieve at conferences!

Hope that everyone enjoys some college b-ball this week!

Warm Regards,

Kristin Eilenberg
Founder and CEO

News In The News
Distilling Noise into Specific Signals


The 2016 Healthcare Informatics Management Systems Society (HIMSS) conference drew nearly 42,000 professionals to Las Vegas. Interoperability was one of the leading topics.

The Secretary of the Department of Health and Human Services, Sylvia M. Burwell announced on February 29 a pledge to improve interoperability across all healthcare systems and EHRs. Ninety percent of the nation’s EHR vendors signed the pledge, in addition to five of the largest health systems in the country.

The pledge is threefold in that it will strive to provide better access for consumers to their health data, an industry promise against intentional data blocking of data for successful HIE, and finally a promise to develop standards for both interoperability and data storage

Signet Accel was already on top of interoperability coming in to HIMSS, announcing the launch of Avec, a data integration platform created at The Ohio State University, will offer interoperability to healthcare organizations. Interoperability appears in a number of different forms including a technical problem, a policy problem, or a usability problem. Avec is designed to meet the needs of all three of these groups, as well as patients, their families, and communities.

The idea of operating together could be found even without the label of interoperability. Intermoutain Healthcare CIO and senior vice president Marc Probst encouraged hospitals to work more closely to tackle the challenge of cybersecurity at the CHIME CIO forum at HIMSS. “There are many of these problems that I am solving, and others are solving that if [CIOs] get together we could really improve our security profile…we could benefit from the work each one of us are doing,” Probst explained. Watch the entire interview with Suzanna Hoppszallern with Hospitals and Health Networks.

Probst announced at the CIO Forum that CHIME is striving to boost information sharing through several initiatives; The National Patient ID Challenge looks to establish a national patient ID to increase accuracy of patient matching and a partnership with OpenNote looks to increase information sharing between patients and physicians. OpenNote looks to provide for 50 million patients by 2019.

Another highlight of HIMSS 2016 was the closing keynote with Professional football legend Peyton Manning, just days before he announced his retirement from the NFL. Manning spoke on leadership and teamwork.

Former Governor of Massachusetts, Mitt Romney also addressed HIMSS about his speculations for what healthcare could expect from each of the presidential candidates should they win the presidency. While differing in many ways, Romney’s guess was that any of the republican candidates would reform

Navigator: IBM’s Watson Health, Kaspersky Security Analyst Summit & Cybersecurity

The nexus of healthcare, life sciences, and technology is expanding at an accelerated rate. This week’s Navigator highlights a real-life cybersecurity attack on a hospital (with a bitcoin ransom, no less), perspectives on standardizing medical device regulations, and bold moves by IT companies wanting to expand into the healthcare sector.

 

Warm Regards,

Kristin Eilenberg
Founder and CEO

News In The News
Distilling Noise into Specific Signals


IBM’s Watson Health is set to get a bit bigger in 2016 – Make that nearly twice as big. International Business Machines Corporation announced early on February 18 that they would be purchasing Truven Health Analytics for $2.6 billion. Debora DiSanzo announced in the press statement that with the acquisition of Truven “IBM will be one of the world’s leading health data, analytics and insights companies.” As a vendor that manages healthcare data, one of the biggest challenges IBM faces is control and security of these sensitive data sets.

The Kaspersky Security Analyst Summit (SAS) 2016 (Lodescores: E4, BD5, N5) held February 7-11, highlighted how hospitals are very susceptible to cyber attacks as demonstrated by Kaspersky Lab’s Sergey Lozhkin. Lozhkin presented at SAS on how he successfully hacked his own hospital by finding a weak point in the free hospital wifi and infiltrating a tomographic scanner that was connected to it. Both hospital managers and medical equipment developers should be alarmed at the amount of work that needs to be done in securing medical equipment.

Luckily Sergey Lozhkin was not a real hacker, but the problem does not dwell in the hypothetical. On the evening of February 17, 2016 Hollywood Presbyterian Medical Center Officials announced that they paid hackers a ransom of $17,000 in Bitcoin to reclaim control and access over captured data. The hospital decided that the quickest way to regain access would be to pay the hackers, after the computer system was hijacked by a low-tech ransomware, which locked them out of their own networks. The CEO announced there is no evidence that patient data was accessed in the attack.

These attacks showcase the vulnerabilities in the healthcare sector. Scott Erven, a security advocate for medical devices, spoke at SAS on how healthcare is 10 to 15 years behind retail in regards to security. Sooner or later, Ervan warned, things will come to a breaking point.

The Institute for Critical Infrastructure Technology released a report on February 17 calling for regulatory enforcement from the FDA for medical devices. The report cited the “suggestions” from the FDA are not enough protection and that enforceable regulations are needed for manufacturers. Regulatory involvement and oversight has challenged the speed of innovation of new medical devices. However, with the threats of inappropriate access to these devices, standards need to be established and enforced to protect patients and potential life-threatening consequences of the hacking of these devices. This is an ongoing issue as the vulnerabilities of medical devices to hackers was demonstrated at Black Hat back in 2013.

Security is not a backseat issue as the push towards digital transformation, or digitization as it is beginning to be known, is growing across all sectors of business, and the healthcare sector is no exception. Cisco Live Berlin (Lodescores: E4, BD4, N5), which took place February 15-19, focused on how digital growth will allow companies to grow faster and gain competitive edge.

Cisco Live emphasized that part of this digitization is the importance of focusing on the digital customer experience. Customers want access to virtual experts, often through using mobile apps. Although hospitals should proceed with caution. Accenture released a report earlier this year that badly designed apps have the potential to cost hospitals $100 million a year. In-house designed apps infrequently offer what consumers want (access to medical record, ability to schedule and cancel appointments, etc.), and hospitals should instead implement a patient centered approach in app development.


Lodestone Insights is tracking over 5,000 conferences in the life sciences, pharmaceutical, business, and technology sectors. We provide several web-based products to help business leaders make more informed and strategic decisions.

Our proprietary indices rank the conferences by Educational (E), Business Development (BD), and Networking (N) opportunities, and allow you to compare multiple conferences at once.

Noteworthy conferences in Healthcare and Technology coming up:

  • HIMSS 2016: February 29-March 4, 2016 (Lodescores E4, DB4, N4)
  • Medical Informatics World Conference: April 4-5, 2016 (Lodescores: E3, BD5, N5)
  • 13th Annual Health Information Technology Summit: April 10-13, 2016 (Lodescores: E3, BD3, N4)
  • Becker Hospital Review 7th Annual Meeting: April 27-30, 2016 (Lodescores: E4, BD4, N5)
  • 10X Medical Device Conference: May 2-4, 2016 (Lodescores: E3, BD3, N4)
  • Health Datapalooza: May 8-11, 2016 (Lodescores: E2, BD5, N5)