Development and implementation of a system to support prediction of suicide risk in the Department of Veterans Affairs - DR. Robert Bossarte and Paul Bradley
Development and implementation of a system to support prediction of suicide risk in the Department of Veterans Affairs - DR. Robert Bossarte and Paul Bradley
Revenue opportunities in the management of healthcare data delugeShahid Shah
Healthcare data is hard to deal with and getting even harder and more expensive. In this presentation, Shahid Shah covers why:
* Healthcare data is going from hard to nearly impossible to manage.
* Applications come and go, data lives forever.
* Data integration is notoriously difficult, even in the best of circumstances, and requires sophisticated tools and attention to detail.
And, then talks about how new techniques are needed to store and manage healthcare data.
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
Conducting a Clinical Trial is a complex process, consisting of activities such as protocol preparation, site selection, approval of various authorities, meticulous collection and management of data, analysis and reporting of the data collected
Each activity is benefited from the development of point applications which ease the process of data collection, reporting and decision making. The recent advancements in mobile technologies and connectivity has enabled the generation and exchange of a lot more data than previously anticipated. However, the lack of interoperability and proper planning to leverage this data, still acts as a roadblock in allowing organizations truly harness their data assets. This document will help life sciences IT professionals and decision makers understand challenges and opportunities around clinical data integration
At RavenTek, we help healthcare providers secure what matters most, build organizational resilience against cyberattacks and maximize provider Return On Life. We combine world-class technologies, innovative security ideas and a forward-thinking team of problem solvers and consultants to secure healthcare providers. We believe enterprise visibility and persistent, always-on security testing is the essential foundation of every cybersecurity program.
Ryan Coleman is Vice President of Healthcare Cybersecurity at RavenTek.
Healthcare is changing rapidly. It is clear that humans need mechanisms to automate some parts of data processing and help humans in decision making. This talk will concentrate on how to improve the machine understanding of unstructured data.
As the author of “Big Data in Healthcare Hype and Hope,” Dr. Feldman has interviewed over 180 emerging tech and healthcare companies, always asking, “How can your new approach help patients?” Her research shows that data, as an enabling tool, has the power to give us critical new insights into not only what causes disease, but what comprises normal. Despite this promise, few patients have reaped the benefits of personalized medicine. A panel of leading big data innovators will discuss the evolving health data ecosystem and how big data is being leveraged for research, discovery, clinical trials, genomics, and cancer care. Case studies and real-life examples of what’s working, what’s not working, and how we can help speed up progress to get patients the right care at the right time will be explored and debated.
• Bonnie Feldman, DDS, MBA - Chief Growth Officer, @DrBonnie360
• Colin Hill - CEO, GNS Healthcare
• Jonathan Hirsch - Founder & President, Syapse
• Andrew Kasarskis, PhD - Co-Director, Icahn Institute for Genomics & Multiscale Biology; Associate Professor, Genetics & Genomic Studies, Icaahn School of Medicine at Mt. Sinai
• William King - CEO, Zephyr Health
New York eHealth Collaborative Digital Health Conference
November 18, 2014
Our Journey to Release a Patient-Centric AI App to Reduce Public Health CostsDatabricks
Health costs are exploding year by year. Thanks to Artificial Intelligence it is possible to address patient needs in a cost-efficient manner.
In the case we will present, we will demonstrate how as part of a telemedicine service we implemented a solution allowing to reduce triage cost of patients by leveraging AI. The app we developed not only allowed to reduce cost but is significantly improving the patient experience.
HXR 2016: Data Insights: Mining, Modeling, and Visualizations- Niraj KatwalaHxRefactored
Data is useless if it fails to inform, which is precisely what data experts are furiously working on: turning raw informatics into meaningful narratives that begin to shift our standards. From the individual to the population level, data is leading both policy and better decision making in the clinical sphere.
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...TechSci Research
According to #TechSci Research report, United States Diagnostics Market stood at USD30.08billion in 2020 and is expected to grow at a steady rate of 5.17% during the forecast period.
Gain More Insight: https://bit.ly/3wWI0do
Get Sample Report: https://bit.ly/3ltFdo6
Website: https://www.techsciresearch.com/
Market Research News: https://techsciblog.com/
This white paper offers a detailed perspective on how big data is impacting the healthcare industry and its underlying implication on the industry as a whole. It outlines the role of big data in healthcare, its benefits, core components and challenges faced by the healthcare sector towards full-fledged adoption & implementation.
Med Device Vendors Have Big Opportunities in Health IT Software, Services, an...Shahid Shah
If you’re in the medical device manufacturing or hardware sales business your revenue growth (CAGR) is under pressure like never before. You’re being asked to do more with less but you’re probably going to find that hard to accomplish because of one or more of the following challenges:
* Longer product development timelines caused by more FDA and other government regulations
* Increased demand by customers to have your devices deliver user experiences that are more like “consumer” devices such as cell phones and tablets
* Lower margins as a reaction to commodity competition (your sensor hardware business will be commoditized faster and faster over time)
* More complex and longer sales cycles because devices are now being approved for sale not by facilities and clinical executives alone but increasingly by CIOs and IT teams
* Increased cost of risk management and compliance caused by connectivity requirements
Any one of these challenges is difficult to meet but these days you’re probably being asked to meet more than one simultaneously. The solutions are not simple but the good news is that medical device manufacturers have many revenue generation opportunities today that can fund the new strategic imperatives you’ll need to put into place to meet the challenges listed above.
This briefing, presented by Netspective CEO Shahid Shah, describes some of the opportunities and how device vendors can take advantage of them.
The biggest opportunities in digital health for Turkey's Medical Sector Shahid Shah
This was presented at the Digital Health Summit Turkey 2014 in Istanbul. It is an American healthcare expert's viewpoint on what should matter to Turkey based on lessons from the USA. Designed for a mixed audience of providers, pharma, and bio entrepreneurs and executives.
The Barriers to Military Healthcare Technology Innovation and What We Can Do ...Shahid Shah
This briefing was presented at the Military Electronic Healthcare Records Symposium in Washington DC. It answers the following questions:
* Is disruptive innovation in military healthcare technology possible?
* What does innovation in military healthcare mean?
* Where are the major areas in military healthcare where innovation is required?
Revenue opportunities in the management of healthcare data delugeShahid Shah
Healthcare data is hard to deal with and getting even harder and more expensive. In this presentation, Shahid Shah covers why:
* Healthcare data is going from hard to nearly impossible to manage.
* Applications come and go, data lives forever.
* Data integration is notoriously difficult, even in the best of circumstances, and requires sophisticated tools and attention to detail.
And, then talks about how new techniques are needed to store and manage healthcare data.
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
Conducting a Clinical Trial is a complex process, consisting of activities such as protocol preparation, site selection, approval of various authorities, meticulous collection and management of data, analysis and reporting of the data collected
Each activity is benefited from the development of point applications which ease the process of data collection, reporting and decision making. The recent advancements in mobile technologies and connectivity has enabled the generation and exchange of a lot more data than previously anticipated. However, the lack of interoperability and proper planning to leverage this data, still acts as a roadblock in allowing organizations truly harness their data assets. This document will help life sciences IT professionals and decision makers understand challenges and opportunities around clinical data integration
At RavenTek, we help healthcare providers secure what matters most, build organizational resilience against cyberattacks and maximize provider Return On Life. We combine world-class technologies, innovative security ideas and a forward-thinking team of problem solvers and consultants to secure healthcare providers. We believe enterprise visibility and persistent, always-on security testing is the essential foundation of every cybersecurity program.
Ryan Coleman is Vice President of Healthcare Cybersecurity at RavenTek.
Healthcare is changing rapidly. It is clear that humans need mechanisms to automate some parts of data processing and help humans in decision making. This talk will concentrate on how to improve the machine understanding of unstructured data.
As the author of “Big Data in Healthcare Hype and Hope,” Dr. Feldman has interviewed over 180 emerging tech and healthcare companies, always asking, “How can your new approach help patients?” Her research shows that data, as an enabling tool, has the power to give us critical new insights into not only what causes disease, but what comprises normal. Despite this promise, few patients have reaped the benefits of personalized medicine. A panel of leading big data innovators will discuss the evolving health data ecosystem and how big data is being leveraged for research, discovery, clinical trials, genomics, and cancer care. Case studies and real-life examples of what’s working, what’s not working, and how we can help speed up progress to get patients the right care at the right time will be explored and debated.
• Bonnie Feldman, DDS, MBA - Chief Growth Officer, @DrBonnie360
• Colin Hill - CEO, GNS Healthcare
• Jonathan Hirsch - Founder & President, Syapse
• Andrew Kasarskis, PhD - Co-Director, Icahn Institute for Genomics & Multiscale Biology; Associate Professor, Genetics & Genomic Studies, Icaahn School of Medicine at Mt. Sinai
• William King - CEO, Zephyr Health
New York eHealth Collaborative Digital Health Conference
November 18, 2014
Our Journey to Release a Patient-Centric AI App to Reduce Public Health CostsDatabricks
Health costs are exploding year by year. Thanks to Artificial Intelligence it is possible to address patient needs in a cost-efficient manner.
In the case we will present, we will demonstrate how as part of a telemedicine service we implemented a solution allowing to reduce triage cost of patients by leveraging AI. The app we developed not only allowed to reduce cost but is significantly improving the patient experience.
HXR 2016: Data Insights: Mining, Modeling, and Visualizations- Niraj KatwalaHxRefactored
Data is useless if it fails to inform, which is precisely what data experts are furiously working on: turning raw informatics into meaningful narratives that begin to shift our standards. From the individual to the population level, data is leading both policy and better decision making in the clinical sphere.
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...TechSci Research
According to #TechSci Research report, United States Diagnostics Market stood at USD30.08billion in 2020 and is expected to grow at a steady rate of 5.17% during the forecast period.
Gain More Insight: https://bit.ly/3wWI0do
Get Sample Report: https://bit.ly/3ltFdo6
Website: https://www.techsciresearch.com/
Market Research News: https://techsciblog.com/
This white paper offers a detailed perspective on how big data is impacting the healthcare industry and its underlying implication on the industry as a whole. It outlines the role of big data in healthcare, its benefits, core components and challenges faced by the healthcare sector towards full-fledged adoption & implementation.
Med Device Vendors Have Big Opportunities in Health IT Software, Services, an...Shahid Shah
If you’re in the medical device manufacturing or hardware sales business your revenue growth (CAGR) is under pressure like never before. You’re being asked to do more with less but you’re probably going to find that hard to accomplish because of one or more of the following challenges:
* Longer product development timelines caused by more FDA and other government regulations
* Increased demand by customers to have your devices deliver user experiences that are more like “consumer” devices such as cell phones and tablets
* Lower margins as a reaction to commodity competition (your sensor hardware business will be commoditized faster and faster over time)
* More complex and longer sales cycles because devices are now being approved for sale not by facilities and clinical executives alone but increasingly by CIOs and IT teams
* Increased cost of risk management and compliance caused by connectivity requirements
Any one of these challenges is difficult to meet but these days you’re probably being asked to meet more than one simultaneously. The solutions are not simple but the good news is that medical device manufacturers have many revenue generation opportunities today that can fund the new strategic imperatives you’ll need to put into place to meet the challenges listed above.
This briefing, presented by Netspective CEO Shahid Shah, describes some of the opportunities and how device vendors can take advantage of them.
The biggest opportunities in digital health for Turkey's Medical Sector Shahid Shah
This was presented at the Digital Health Summit Turkey 2014 in Istanbul. It is an American healthcare expert's viewpoint on what should matter to Turkey based on lessons from the USA. Designed for a mixed audience of providers, pharma, and bio entrepreneurs and executives.
The Barriers to Military Healthcare Technology Innovation and What We Can Do ...Shahid Shah
This briefing was presented at the Military Electronic Healthcare Records Symposium in Washington DC. It answers the following questions:
* Is disruptive innovation in military healthcare technology possible?
* What does innovation in military healthcare mean?
* Where are the major areas in military healthcare where innovation is required?
In July 2016, the Institute of Internal Communication (IoIC) hosted the first in a series of three seminars looking at the role of internal communicators in the organisation's employer brand.
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Gaining C-Suite support for a robust cyber security strategy is critical for funding, adoption and overall success. To ensure organizational support, there must be a solid understanding of cyber security, how to protect the organization.s technology and data assets, the intersection of risk management and the impact cybercrimes can have on the organization.s financial viability, operations, patient care and reputation. The session addresses the current state and emerging trends with digital disruptions, cyber crimes and threats along with the impact they have on organizations. This session will discussed how this is changing the ways CIOs approach technology deployment and security management.
Learning Objectives:
Describe the components of effective cyber security and latest trends
Describe effective approaches addressing cyber threat and risk assessments
Describe the importance of investing in cyber security and the risks involved with not adequately addressing cyber security
Discuss ways to educate and drive awareness of on the importance of cyber security and risk management so it becomes part of the organization's culture
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?" with Mac McMillan, FHIMSS, CISM, CEO & Founder, CynergisTek, Inc.
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Gaining C-Suite support for a robust cyber security strategy is critical for funding, adoption and overall success. To ensure organizational support, there must be a solid understanding of cyber security, how to protect the organization's technology and data assets, the intersection of risk management and the impact cybercrimes can have on the organization's financial viability, operations, patient care and reputation. The session addresses the current state and emerging trends with digital disruptions, cyber crimes and threats along with the impact they have on organizations. This session will discussed how this is changing the ways CIOs approach technology deployment and security management.
Learning Objectives:
Describe the components of effective cyber security and latest trends
Describe effective approaches addressing cyber threat and risk assessments
Describe the importance of investing in cyber security and the risks involved with not adequately addressing cyber security
Discuss ways to educate and drive awareness of on the importance of cyber security and risk management so it becomes part of the organization's culture
Mac McMillan, FHIMSS, CISM
CEO and Founder
Cynergistek, Inc.
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
Presentation by Mary Alice Annecharico, former CIO, Henry Ford Health System: Cyber Risk in Healthcare. Some of the issues discussed include Building a Culture of Confidentiality, Executive leadership engagement, Board of Director sponsorship, Institutional Stressors that encircle all cyber-risk issues, the Clinical mission, CMS cuts, Revenue downturns, budget cuts, availability of funding for priorities. Assessing and Managing Cyber-risk, etc.
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?Diaspark
According to OCR, there were 253 breaches affecting 500 individuals or more w/ a combined loss of over 112M records. Healthcare Failing to secure their data
48% encountered a data breach or failed a compliance audit in the last 12 months
26% are protecting data because of a past data breach
138% jump in number of breached healthcare records since 2012
The estimated cost for HIPAA breaches since 2009 has reached over 31 billion dollars.
Healthcare IT Challenges
42% of 2014 data breaches were in healthcare
90% of healthcare organizations have had at least 1 data breach in past 2 years
40% report that they have had more than 5 incidents of the entire U.S population was impacted by cybercrime in 9 months
Healthcare Cost of Breach
29% Reputation and brand damage
21% lost productivity
19% Lost Revenue
12% Forensics
10% Technical Support
8% Compliance Regulatory
With Data breaches expected to reach $2.1 trillion globally by 2019, which is four times the expected cost for cybercrime in 2015, It's apparent that a new approach to data security is needed if organizations are to stay ahead of the attackers and more effectively protect their intellectual property, data, customer information, employees, and their bottom lines against data breaches in the future
Contact us to learn how to safeguard against such breaches and implement it security strategy.
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
PYA Principal Barry Mathis presented “Hot Topics in Privacy and Security,” at the Florida Hospital Association's 14th Annual Health Care Corporate Compliance Education Retreat.
The presentation explored:
• Changes in the privacy and security ecosystem.
• Emerging technology risks and hot topics.
• What happens to hacked data.
• How to best protect data.
2015 Global Threat Intelligence Report - an analysis of global security trendsDImension Data
The 2015 Global Threat Intelligence Report is an annual report which gives an overview of the biggest threats, and most prominent trends in the cyber security landscape.
"Case Studies from the Field: Putting Cyber Security Strategies into Action" with Miroslav Belote, Director of Systems & Privacy Officer, JFK Health Systems
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
QA Paediatric dentistry department, Hospital Melaka 2020Azreen Aj
QA study - To improve the 6th monthly recall rate post-comprehensive dental treatment under general anaesthesia in paediatric dentistry department, Hospital Melaka
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfSachin Sharma
Pediatric nurses play a vital role in the health and well-being of children. Their responsibilities are wide-ranging, and their objectives can be categorized into several key areas:
1. Direct Patient Care:
Objective: Provide comprehensive and compassionate care to infants, children, and adolescents in various healthcare settings (hospitals, clinics, etc.).
This includes tasks like:
Monitoring vital signs and physical condition.
Administering medications and treatments.
Performing procedures as directed by doctors.
Assisting with daily living activities (bathing, feeding).
Providing emotional support and pain management.
2. Health Promotion and Education:
Objective: Promote healthy behaviors and educate children, families, and communities about preventive healthcare.
This includes tasks like:
Administering vaccinations.
Providing education on nutrition, hygiene, and development.
Offering breastfeeding and childbirth support.
Counseling families on safety and injury prevention.
3. Collaboration and Advocacy:
Objective: Collaborate effectively with doctors, social workers, therapists, and other healthcare professionals to ensure coordinated care for children.
Objective: Advocate for the rights and best interests of their patients, especially when children cannot speak for themselves.
This includes tasks like:
Communicating effectively with healthcare teams.
Identifying and addressing potential risks to child welfare.
Educating families about their child's condition and treatment options.
4. Professional Development and Research:
Objective: Stay up-to-date on the latest advancements in pediatric healthcare through continuing education and research.
Objective: Contribute to improving the quality of care for children by participating in research initiatives.
This includes tasks like:
Attending workshops and conferences on pediatric nursing.
Participating in clinical trials related to child health.
Implementing evidence-based practices into their daily routines.
By fulfilling these objectives, pediatric nurses play a crucial role in ensuring the optimal health and well-being of children throughout all stages of their development.
One of the most developed cities of India, the city of Chennai is the capital of Tamilnadu and many people from different parts of India come here to earn their bread and butter. Being a metropolitan, the city is filled with towering building and beaches but the sad part as with almost every Indian city
Navigating the Health Insurance Market_ Understanding Trends and Options.pdfEnterprise Wired
From navigating policy options to staying informed about industry trends, this comprehensive guide explores everything you need to know about the health insurance market.
Telehealth Psychology Building Trust with Clients.pptxThe Harvest Clinic
Telehealth psychology is a digital approach that offers psychological services and mental health care to clients remotely, using technologies like video conferencing, phone calls, text messaging, and mobile apps for communication.
The dimensions of healthcare quality refer to various attributes or aspects that define the standard of healthcare services. These dimensions are used to evaluate, measure, and improve the quality of care provided to patients. A comprehensive understanding of these dimensions ensures that healthcare systems can address various aspects of patient care effectively and holistically. Dimensions of Healthcare Quality and Performance of care include the following; Appropriateness, Availability, Competence, Continuity, Effectiveness, Efficiency, Efficacy, Prevention, Respect and Care, Safety as well as Timeliness.
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfSachin Sharma
This content provides an overview of preventive pediatrics. It defines preventive pediatrics as preventing disease and promoting children's physical, mental, and social well-being to achieve positive health. It discusses antenatal, postnatal, and social preventive pediatrics. It also covers various child health programs like immunization, breastfeeding, ICDS, and the roles of organizations like WHO, UNICEF, and nurses in preventive pediatrics.
1. A CHIME Leadership Education and Development Forum in collaboration with iHT2
What is Cyber Security and Why is it
Crucial to Your Organization?
_______
Key Attributes for Success, Challenges and
Critical Success Factors
● Mac McMillan | FHIMSS/CISM | CEO | CynergisTek, Inc. ●
#LEAD14
2. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Sun Tzu & Cybercrime
“If you know the enemy, and know yourself,
then you may not fear the results of a
hundred battles. If you know yourself but
not the enemy, for every victory gained you
will suffer a defeat.”
3. HIMSS Cyber Security Survey
Limited Disruption to Operations
Loss of Data/Information
Significant Impact on IT Systems
Damage to IT Systems
Other Impact
62%
21%
8%
8%
7%
4. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Threat Actors & Their Motivation
• Organized Crime
• Hacktivists
• Cyber Thieves
• Malicious Insiders
• Careless Insiders
• Busy Insiders
• State Actors
• Financial Gain
• Intellectual Property
• Extortion
• ID/Med ID Theft
• Espionage
• Embarrassment
• Good Intentions
5. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Accidents, Mistakes & Deliberate Acts
• Phishing/hacking nets nearly $3M from six healthcare entities
• Vendor sells hospital’s X-rays (films) to third party
• Resident loses track of USB with over 500 orthopedic patients information
• Portable electronic device with patient data stolen from hospital
• Physician has laptop stolen from vacation home
• 2,200 physicians victims of ID theft/tax fraud
• Printers returned to leasing company compromise thousands of patient records
• Health System reports third stolen laptop with 13,000 patient records
• 400 hospitals billings delayed as clearinghouse hit with ransomware
• Children’s hospital hacked with successful DOS for three days in protest for treatment and
holding of girl by Anonymous
• Physician robbed at gun point, phone and computer taken, thief demands passwords
• International hacking group uses phishing, then steals information on almost 80M people
• Medical devices hacked to compromise hospital networks using MedJack attack
• Seven health systems hit by phishing resulting in major breaches
• New York hospital hacked by pro-ISIS supporters, website defaced with ISIS propoganda
• And, on and on it goes…
6. A CHIME Leadership Education and Development Forum in collaboration with iHT2
The Emergent Threat
DefCon/BlackHat 2015 Syllabus
• Medical Devices: Pawnage and Honey Pots
• Shall We Play a Game?
• USB Attack to Decrypt WiFi
• WhyMI so Sexy? WMI Attacks & Defense
• I Will Kill You
• Scared Poopless – LTE and “your” Laptop
• Confessions of a Professional Cyber Stalker
• From 0 to Pwnd – Social Engineering
• Jailbreaking & Rooting Devices
• Advanced Infrastructure Hacking
• Advanced Windows Exploitation
• Advanced Web Attacks
7. Significant Threats of the Future
34%
39%
49%
50%
53%
53%
59%
63%
65%
69%
Brute Force Attacks
Denial of Services (DoS)
Social Engineering Attacks
Malicious Insiders
Exploit Known Software Vulnerabilities
Zero Day Attacks
Cyber Attacks
APT Attacks
Negligent Insiders
Phishing Attacks
8. Challenges To Data Security
CISOComplexity
Insiders
Vendors
Mobile
Devices
mHealth
Fraud
ID Theft
Physical
Loss/Theft
Cyber
Attacks
Regulations
Staffing
9. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Increased Reliance
• More than 98% of all processes
are automated, more than 98%
of all devices are networkable,
more than 95% of all patient
information is digitized
• Hyper connectivity dominates
what we do
• IT systems and applications
are critical to care delivery,
business operations
• Moving to a patient centric
model will only further
complicate the enterprise
10. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Insider Abuse: Trust, But Verify
• It is estimated that more than half of
all security incidents involve staff.
• 51% of respondents in a SANS study
believe the negligent insider is the
chief threat.
• 37% believe that security awareness
training is ineffective.
• Traditional audit methods & manual
auditing is completely inadequate.
• Behavior modeling, pattern analysis
and anomaly detection is what is
needed.
11. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Questionable Supply Chains
• Better inventories of vendors w/ PHI
• Risk based approach to managing third
parties
• Greater due diligence in vetting vendors
• Security requirements in contracting
should be SLA based
• Particular attention to cloud, SaaS,
infrastructure support, critical service
providers
• Life cycle approach to data protection
• Detailed breach and termination
provisions
12. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Devices Threaten Safety & Information
• 2010/2011 successful hacks of an
insulin pump and ICD
• In June 2013 the DHS tested 300
devices from 40 vendors, ALL failed
• 2014 multiple variants of a popular
blood pump hacked
• 2015 MedJack hacks demonstrates
vulnerability of the network from
medical devices
• We are no closer….
“Yes, Terrorists could have
hacked Dick Cheney’s heart.”
-The Washington Post
13. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Malware & Persistent Threats
• 3.4 million BotNets active
• 20-40% of recipients in phishing exercises fall for
scam
• 26% of malware delivered via HTML, one in less than
300 emails infected
• Malware analyzed was found undetectable by nearly
50% of all anti-virus engines tested
• As of April 2014 Microsoft no longer provides patches
for WN XP, WN 2003 and WN 2000, NT, etc.
• EOL systems still prevalent in healthcare networks
• Hardening, patching, configuration, change
management…all critical
• Objective testing and assessment
“FBI alert warns healthcare
not prepared”
2006
200K 2008
17M
2013
73M
14. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Mobility & Data
• Medical staff are turning to their mobile devices to
communicate because its easier, faster, more efficient…
• Sharing lab or test results, locating another physician
for a consult, sharing images of wounds and radiology
images, updating attending staff on patient condition,
getting direction for treatment, locating a specialist
and collaborating with them, transmitting trauma
information or images to EDs, prescribing or placing
orders
• Priority placed on the data first and the device second
• Restrict physical access where possible, encrypt the
rest
15. A CHIME Leadership Education and Development Forum in collaboration with iHT2
ID Theft & Fraud
• Medical identity theft and fraud costs billions
each year, affecting everyone
• US CERT estimates 47% of cybercrime aimed at
healthcare
• Healthcare directed attacks have increased more
than 20% per year for the last three years
• Identity theft comes in all forms and is costly
– Insiders selling information to others
– Hackers exploiting systems
– Malware with directed payloads
– Phishing for the “big” ones
16. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Theft & Losses Thriving
• 68% of healthcare data breaches due to
loss or theft of assets
• 1 in 4 houses is burglarized, a B&E
happens every 9 minutes, more than
20,000 laptops are left in airports each
year…
• First rule of security: no one is immune
• 138%: the % increase in records exposed in
2013
• 6 – 10%: the average shrinkage rate for
mobile devices
• Typical assets inventories are off by 60%
“Unencrypted laptops and mobile devices
pose significant risk to the security of
patient information.” -Sue McAndrew,
OCR
17. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Hacking & Other Cyber Criminals
• Defenses are not keeping pace
• Three most common attacks: spear
phishing, Trojans & Malvertising
• APTs, phishing, water cooler attacks, fraud,
etc.
• Most organizations can’t detect or address
these threats effectively
• An advanced incident response capability is
required
• Results in losses of time, dollars, downtime,
reputation, litigation, etc.
• Conduct independent risk assessments
regularly
0 50 100
Organizations suffering a
targeted attack
Sophistication of attack
hardest element to defeat
No increase in budget for
defenses
Targeted Attacks
“I feel like I am a targeted class, and I
want to know what this institution is
doing about it!” -Anonymous Doctor
18. A CHIME Leadership Education and Development Forum in collaboration with iHT2
More Government Oversight
• OIG shifts focus to OCR, MU & Medical
Devices
• OCRs permanent audit program will resume in
FY 2015 with new capabilities
• Improvements and automation in reporting
and handling complaints
• Meaningful Use takes a step backwards with
Stage 3
• The FTC, FDA, FCC, HHS and DoJ take a more
active role in healthcare privacy and security
• States continue to create new laws
– Florida Information Protection Act
– New Jersey Health Insurers Encryption Law
When organizations tell consumers
they will protect their personal
information, the FTC can and will
take enforcement action to ensure
they live up to these promises.
19. A CHIME Leadership Education and Development Forum in collaboration with iHT2
CISO Needed…
• HIMSS Cyber Security survey found 52%
had a full time security person
• In a 2014 study HC CISOs gave themselves
an average maturity rating of 4.35 on a scale
of 1-7
• Many report missing critical technologies
to fight today’s threats, improving in 2015
• More than half of healthcare entities spend
less than 3% of their IT budget on data
protection, no improvement
• Focus, alignment, and staffing challenges
• Many healthcare security managers are first
timers
Healthcare finds itself in a contest for
security professionals when everyone,
both government and private sector,
need them – and the outlook is not
positive.
20. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Board Involvement
• 70% of Board Members feel they
understand cyber risks
• 43% of CIO/CISOs think Boards are
informed about threats to IT
• Board members do admit their knowledge
about cybersecurity is limited
• Board members and IT security need to
communicate more often
• It took major breaches like Target, Anthem
and Community Health to get the Board’s
attention
• Boards are still in the dark concerning
security risks and incidents
21. Barriers to Successful
Implementation of Data Security
Percent
Lack of Personnel 64%
Lack of Financial Resources 60%
Too Many Emerging/New Threats 42%
Too Many Endpoints 32%
Not Enough Cyber Threat Intelligence 28%
Too Many Applications 25%
Lack of Tools to Use/Deploy Cyber Threat Intel 20%
22. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Healthcare’s Culture Must Change
“We are who we are, and companies are what
they are, because we want to be. If we wanted to
be different we would be about change.”
“We need CISO’s who are not afraid to be a
change agent in their institution.”
23. A CHIME Leadership Education and Development Forum in collaboration with iHT2
What We Can Do Together
• Actively participate in AEHIS
• Create a body of knowledge
for all
• Open and maintain a useful
dialogue
• Work on changing the
perception
24. Q & A
Mac McMillan
mac.mcmillan@cynergistek.com
(512) 402-8555
A CHIME Leadership Education and Development Forum in collaboration with iHT2
@mmcmillan07