• Cyber-security
  • AI is also attractive for cyber-criminals

    As healthcare increases investment on eHealth projects and services, there should be synchronous investment in security measures.  In 2017, 25% of all data breaches were related to the healthcare industry.  This is because cyber-criminals have been working to make their attacks more advanced to easily target connected devices, cloud, and multi-cloud environments.  These advanced cyber-attacks are even able to evade detection by most legacy security solutions in place. 

    Advancements are aided by adopting AI and machine learning to carry out complex attacks at a rapid pace. Botnets such as Reaper have been made more sophisticated, enabling them to target multiple vulnerabilities at once.  Others, such as polymorphic malware allows for hundreds of variations of a threat to be created for different purposes in a matter of hours. 

    To address these challenges, Fortinet has recently released a few product enhancements that will tip the scales back in the favour of the healthcare industry;

    Fort iOS 6.0 – provides an integrated security architecture that spans the distributed networkFortiGuard AI – is an AI solution that is able to address automated attacksThreat Intelligence Services (TIS) - provides visibility into network activity and metrics to give healthcare security teams an understanding of their threat landscape 

    It has become inexpensive for criminals to mount attacks on healthcare data, but increasingly expensive for their targets. One key to the healthcare security transformation is flipping this paradigm.

  • AlienVault insider’s guide to cyber-security incident response can help

    Preventing cyber-security breaches is a top priority. On its own, it’s not enough. Cyber-criminals are at least one step ahead, so sound preparation for an incident response’s vital.  A book from Alien Vault can help. It's an Insider’s Guide to Incident Response in one eBook! 

    It provides a detailed insight into the fundamental strategies of efficient and effective incident response that security teams need. The goal should be to do more with less to deal with the rapidly changing cyber-threats. The guide deals with: 

    Arming and aiming an incident response teamIncident response processes and proceduresTypes of cyber-security incidentsIncident response toolsIncident response training

    Combating cyber-threats needs teams with a strong mental constitution.  Techniques are needed too. The guide sets out how to build an incident response plan and develop a team that has the right tools and training.

    Observe, Orient, Decide and Act (OODA) loop’s the core methodology.  It’s a cycle developed by military strategist and United States Air Force Colonel John Boyd. He used it to help to prepare for combat operations processes. It’s now applied to understand commercial activities. 

    Benjamin Franklin, the 18th century polymath promoted the original concept. “By failing to prepare, you are preparing to fail.” It applies to eHealth too.

  • Cyber-security projects reveal priorities

    As cyber-security activities step up, Barkly shows how their priorities can indicate strategies that organisations can adopt. 

    Its report identifies twelve cyber-security investment in relative priority order. They’re: 

    Endpoint security using advanced malware protection and prevention, the top priorityAccess and authorisationEndpoint protection using response and threat huntingCyber-security intelligenceData protection using encryptionApplication securityNetwork traffic visibilityWireless securityIncident response toolsBring Your Own Devices(BYOD) securityEmbedded security in IoTDistributed Denial of Service (DDOS) protection, the lowest priority. 

    Alongside these initiatives, cyber-security teams are researching and evaluation cyber-security tools. It’s an activity that needs considerable cyber-security skills and resources. For Africa’s eHealth, it means two initiatives are needed, one to recruit, train and retain experts, and provide additional resources needed by them to fulfil their role. 

  • Healthcare enters the blockchain ecosystem

    Over the last few years, healthcare has seen a record number of security breaches involving healthcare data.  This has prompted several start-ups to realise the work that needs to be done on the cyber-security front to make healthcare data secure.  Blockchain offers one potential solution to this challenge. Other solutions offered by blockchain include interoperability and the ability to connect data silos for more seamless systems and improved patient safety.

    SimplyVital Health is one of those start-ups experimenting with blockchain technology to give the healthcare industry a facelift. The company has developed a decentralised open-source protocol that will enable frictional-less sharing of healthcare data.  Their Health Nexus is a public-permissioned blockchain. It provides a platform to build advanced healthcare applications while maintaining the privacy and security required in the healthcare industry. 

    The developer tools on the Health Nexus are open source and available for free.  Members are able to build and deploy distributed apps utilising the blockchain protocol for transactions, identity and smart contracts, and a distributed hash table (DHT) for data storage, managed by a governance system. This will allow developers to create valuable solutions for pharmacies, healthcare providers, insurers, clinical researchers or patients.  

    Blockchain is certainly paving opportunities for new business models in healthcare.  The trajectory it will follow in the coming years, however, is an unmapped terrain waiting to be explored.  The road ahead for blockchain and healthcare will also require substantial intra-industry cooperation as well as dialogues between the public and private sectors regarding standards and regulatory frameworks.

     

  • Cisco’s umbrella can help deal with cyber-attacks

    Simple, open, automated and effective: these are the four cornerstones of Cisco Umbrella set out in its solution brief. Cisco sees its value in dealing with the complexity, range and reach of eHealth services. It’s continuously expanding, along with its cyber-security requirements and gaps. Available from Health IT Security, the brief sets out its functions as: 

    Covering gaps without any hardware to install or software to manually updateProtecting any device and every port without configuration changes or latencyExtending existing protection and incident response data through integrationsProtecting all devices, locations, and users on and off networksPredicting threats before they happen by learning where attacks are stagedBlocking malicious domains and IPs before connections are establishedStopping threats before they reach networks and endpointsIdentifying infected devices faster and preventing data exfiltration.

    Cisco recognises that cyber-security isn’t an absolute, 100% state. Its goals are to maximise prevention and achieve early, effective responses to cyber-attacks.  This is realistic, and offers an option for Africa’s eHealth.

  • Some employees can be a cyber-security threat

    Uncomfortable as it may be, Imperva says employees are the greatest cyber-security risk. They may be careless, become compromised or have malicious intent, and their trusted access to data can expose organisations. 

    An Imperva blog proposes the action needed to minimise the risk.7 Steps to Protect Your Data From Insider Threats are: 

    Discover and classify sensitive dataMonitor all user access to dataDefine and enforce organisational policiesLeverage advances in artificial intelligence detectUse interactive analytics tools to investigate security incidentsQuarantine risky usersGenerate reports to document security events.

    These aren’t proposed as absolute solutions. Imperva offers them as a guide to help detect and contain insider threats. Perhaps the most modern feature’s using machine learning to uncover unknown threats. It can sift through massive amounts of detailed data access logs so security teams can establish behavioural baselines of users’ access to data and rapidly identify changes, inappropriate or abusive data access. Drilling down’s more manageable. 

    The seven steps provide a framework for Africa’s eHealth cyber-security. Applying them needs resources, especially skilled people to manage and operate the process.

  • India’s patient and personal information data's been hacked

    Wide-ranging, Interoperable (IOp) eHealth depends on effective, secure Unique Patient Identifiers (UPI). India’s extending Aadhaar, its national identity number, as the UPI for healthcare. The Tribune has a report saying it’s been hacked. Rs 500, 10 minutes, and you have access to billion Aadhaar details refers to the Unique Identification Authority of India (UIDAI), responsible for Aadhaar, claim in November that Aadhaar data for over a billion people’s fully safe and secure and there has been no data leak or breach.

    A Tribune employee paid Rs500, about US$8, for a service offered by anonymous sellers to provide unrestricted access to details for Aadhaar numbers. Contact was made over WhatsApp, and took ten minutes to complete. Data provided included a login ID and password for access to any Aadhaar number in the portal and access the data that individuals have submitted, including name, address, postal code, photo, phone number and email address. Another Rs300, almost US$5, bought software that can facilitate Aadhaar card printing by entering an Aadhaar number of any individual.

    The Tribune says IDAI officials in Chandigarh were shocked at the revelations. It’s classified as a major national security breach. It seems the breach was some six months ago. Anonymous groups were created on WhatsApp. They targeted over three unemployed Village-Level Enterprise (VLE) operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS). 

    CSCS operators produced Aadhaar cards. They lost their jobs when the service was restricted to post offices and designated banks to avoid security breaches. Initial illegal Aadhaar access was used to print and sell Aadhaar cards to low income villagers. Cyber-criminals have expanded the service.

    There are several lessons for Africa’s planned UPIs. Cyber-security should never be seen as safe. It required constant vigilance. Changes in personnel and providers always need corresponding changes in access rights and monitoring. These should be part of a rigorous cyber-security strategy.

  • Two bugs, Meltdown and Spectre, render your devices vulnerable

    An alarming start to eHealth’s New Year’s a claim by The Register that there are two bugs in chips used in the vast majority of computers and smart phones. It’s important for Africa’s eHealth vulnerability. It says severe design flaw in Intel microprocessors allows sensitive data, such as passwords and crypto-keys, to be stolen from memory.

    It seems that Intel's CPUs could allow applications, malware, and JavaScript running in web browsers to access confidential information in private, hidden memory areas. These zones often contain files cached from disk, a view onto the machine's entire physical memory. Intel's flaw’s called Meltdown. 

    Arm and AMD processors are affected too, but Meltdown doesn’t affect AMD processors. AMD says there its chips risk are near-zero. Arm has produced a list of its affected cores, typically in smartphones, tablets and other handheld devices. It links to a set of workaround patches for Linux systems. 

    Chips in desktop PCs, laptops, phones, fondleslabs and backend servers don’t completely walk back every step they take when they've taken a wrong path of code. Consequently, data remnants they shouldn't have been allowed to fetch remain in their temporary caches and can be accessed later. 

    Spectre allows apps to extract information from other processes running on the same system. It can be used by code to extract information from its own process too. AMD says its processors are practically immune to Variant 2 Spectre attacks. As for Variant 1, microcode updates or recompiled software’s needed. Google’s confident that ARM-powered Android devices running the latest security updates are protected due to measures already in place to thwart exploitation attempts, especially access to high-precision timers needed in attacks. The Register lists security patches, mitigations and updates for Google's products, including Chrome and ChromeOS. 

    It remains to be seen if the proposed fixes, patches and updates fix the vulnerabilities. It leaves Africa’s eHealth with a big headache in their current limbo.

  • eHealth's 'good to great' formula offers success for 2018

    Amit Ahlawat in his book, “Seven Ways to Sustained Happiness”, says, “New doors open up; we stop looking back, enjoy the present and start planning and prioritising for the future in an optimal and optimistic manner." Similarly, as the doors of 2018 have swung open, eHealth must look forward, carrying with it the wins and lessons from 2017 to plan for an optimistic future. So, what does this future look like?  More importantly, what are Africa’s  eHealth priorities in 2018?

    2017 left us with a whirlwind of eHealth innovation, some big wins and some great lessons. Over the past few days, every noteworthy eHealth blogger, author and fund have written about their insights for 2018. As a young voice in this industry, I’d like to share my eHealth predictions for the year ahead. 

    My infatuation with analytics leads me to my first prediction; 2017’s curiosity with BDdata will result in greater investment in analysing data and making it more useful in 2018. eHNA’s published several articles over the last two years around the need for predictive analytics and the applications of Machine Learning (ML) in Africa’s healthcare. Micromarket Monitor predicts a Compound Annual Growth Rate (CAGR) of over 28% in predictive analytics investment in the Middle East and Africa by 2019.  Growth will be driven by the high penetration of new technologies in eHealth, rapidly increasing eHealth start-ups in Africa and the deluge of data they generate.

    Next, the rise in mHealth applications will swing more users towards Bring Your Own Devices (BYOD). While  it’s been a hot topic in 2017, Africa’s eHealth seems unconvinced by it. An eHNA article reported that over 90% of healthcare workers own a smart device. Barring security concerns, mHealth’s growing use in clinical decision support and healthcare delivery will propel government and organisations towards developing BYOD strategies. 

    Unsuspectingly, gamification may grab lots of attention this year. As healthcare moves away from a reactive to a proactive response, gamification may provide a large helping-hand in behaviour modification and awareness. It’s already created a sensation with Pokemon Go. Research suggests it improves physical and mental health.

    There’ll be many more predictions and events for Africa’s eHealth in 2018. The success of these will be underpinned by prioritising and investing in:

    Developing eHealth leadershipChange managementRisk managementCyber-security. 

    eHealth needs a unique type of leader with the right eHealth perspective, insight and skills to identify and maximise Africa’s eHealth opportunities. Without this, opportunities may not be seized. Acfee feels strongly about this and has put together a number of resources to develop eHealth leaders and champions.

    Change management’s vital for eHealth transformation. It helps stakeholders understand, commit to, accept and embrace the changes that eHealth brings with it. Prosci reports that projects with excellent change management are six times more likely to meet their objectives than projects with poor change management.

    Lastly, no endeavour is without risk. England’s WannaCry crisis and spambot Onliner are proof that eHealth and innovation will attract a fair amount of risk. 2017’s frenzy around cyber-security has taught us some valuable lessons. Lessons that need to carried into this year and strongly embedded into risk management protocols. For preparedness is no luxury, but a cost to eHealth’s progression and efforts.

    I look upon 2018 with great zeal and zest for the infinite opportunities that lie ahead. 2017 has shown that Africa has a promising eHealth future ahead of us, and the contributions you make as innovators, collaborators and visionaries can only strengthen it. I wish you all a prosperous new year and hope that you will remain in our readership as we unfold 2018’s innovations and breakthroughs.

  • What were the top ICT stories in 2017?

    Now 2017’s history, the significant ICT themes can be seen. A retrospective by Health IT Analytics found the top ten from its posts. They’re Big Data, Fast Healthcare Interoperability Resources ( FHIR) and machine learning are included. They’re:

    Top 10 Challenges of Big Data Analytics in HealthcareTop 4 Machine Learning Use Cases for Healthcare ProvidersWhat is the Role of Natural Language Processing in Healthcare?Judy Faulkner: Epic is Changing the Big Data, Interoperability GameHow Healthcare can Prep for Artificial Intelligence, Machine LearningExploring the Use of Blockchain for EHRs, Healthcare Big DataHow Big Data Analytics Companies Support Value-Based HealthcareBasics to Know About the Role of FHIR in InteroperabilityData Mining, Big Data Analytics in Healthcare: what’s the Difference?Turning Healthcare Big Data into Actionable Clinical Intelligence. 

    It’s a valuable checklist for Africa’s health informatics and ICT professionals for there personal development plans. eHealth leaders can use it too to ensure their eHealth strategies either include initiatives for the top ten, or lay down the investigative and business case processes for future plans.