Dry the tears: WannaCry stymied, North Korea hackers suspect. Is this a poke for a worse attack?

Breaking News This morning’s (Tuesday 16 May) news is about reputable security organizations–Kaspersky Lab and Symantec–connecting the dots that lead for now to a North Korea-linked hacking organization, the Lazarus Group. This group has been identified in previous hack attacks and is based upon WannaCry code appearing in Lazarus programs. US Homeland Security has admitted seeing the same similarities, but all are working to gain more information.

Lazarus has been previously identified as the source of the 2014 Sony attack and the theft of $81 million from the Bangladesh central bank, again linked to fundraising for North Korea for its missiles, army, EMP and nuclear arming while its terrorized people starve. However, this attack was a flop; according to US Homeland Security, about $70,000 was raised in ransom. The Homeland Security spokesman also distanced the NSA from the original information which targeted weaknesses in Microsoft’s systems.

According to reports, WannaCry disproportionately affected Russia, Taiwan, Ukraine and India, according to Czech security firm Avast. No US Federal government systems were affected. China on Monday reported that it attacked traffic police and school systems.

The Telegraph has posted a speculative list of 34 NHS organizations which suffered IT failure during the WannaCry attack. The article includes a map produced by MalwareTech that geographically spots the infection locations; the Boston to Washington corridor is a sea of blue dots. And…Marcus Hutchins has been identified as the young UK tech working for Kryptos Logic who redirected the attacks by buying a domain embedded in the WannaCry code. How it worked, according to PC World, is that if the malware can’t connect to the unregistered domain, it infects the system. By registering the domain and creating a page for the malware to connect to, he stopped the malware spread. (Video in Telegraph article)  Also FoxNews

But is this a prelude to more and worse? Is this testing our preparedness? If so, we’ve been found wanting on an enterprise level with vulnerable systems and administrators not updating their software and OS. George Avetisov, the CEO of HYPR, a biometric authentication company, in The Hill, summarized it neatly today: “We’ve also learned the hard way that, simply through a coordinated phishing attack on unsuspecting users, hackers can disrupt the day-to-day activities of enterprises that provide communications, travel, freight and healthcare administration simply by remotely deploying malware.” He then goes on to praise President Trump’s executive order (EO), “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” which he signed on Thursday–right before all this began. As if in confirmation…ShadowBrokers, the group that hacked the NSA files, today announced the availability of a subscription to a ‘members only data dump’ like a Wine of the Month Club. Watch out, banks and healthcare, it’s open season! NHS, better pay attention to another kind of hygiene–cyberhygiene. Without it, plans for patient apps and data sharing will go sideways–and deserved fodder for Dame Fiona [TTA 10 May]. The Hill  Earlier coverage here

Updated 15 May: 20% of NHS organizations hit by WannaCry, spread halted, hackers hunted

Updated 15 May: According to the Independent, 1 of 5 or 20 percent of NHS trusts, or ‘dozens’, have been hit by the WannaCry malware, with six still down 24 hours later. NHS is not referring to numbers, but here is their updated bulletin and if you are an NHS organization, yesterday’s guidance is a mandatory read. If you have been following this, over the weekend a British specialist known by his/her handle MalwareTech, tweeting as @malwaretechblog, registered a nonsensical domain name which he found was the stop button for the malware as designed into the program, with the help of Proofpoint’s Darien Huss.

It looks as if the Pac-Man march is over. Over the weekend, a British specialist known as MalwareTech, tweeting as @malwaretechblog, registered a nonsensical domain name which he found was the stop button for the malware, with the help of Proofpoint’s Darien Huss. It was a kill switch designed into the program. The Guardian tagged as MalwareTech a “22-year-old from southwest England who works for Kryptos logic, an LA-based threat intelligence company.”

Political fallout: The Home Secretary Amber Rudd is being scored for an apparent cluelessness and ‘wild complacency’ over cybersecurity. There are no reported statements from Health Secretary Jeremy Hunt. From the Independent: “Patrick French, a consultant physician and chairman of the Holborn and St Pancras Constituency Labour Party in London, tweeted: “Amber Rudd is wildly complacent and there’s silence from Jeremy Hunt. Perhaps an NHS with no money can’t prioritise cyber security!” Pass the Panadol!

Previously: NHS Digital on its website reported (12 May) that 16 NHS organizations have been hacked and attacked by ransomware. Preliminary investigation indicates that it is Wanna Decryptor a/k/a WannaCry. In its statement, ‘NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.’ Healthcare IT News

According to cybersecurity site Krebs on Security, (more…)

The End or Beginning? Anthem ends Cigna merger, won’t pay breakup fee, seeks damages (updated)

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/05/The-End-Pic-typewriter.jpg” thumb_width=”175″ /]Updated. Anthem on Friday 12 May beat Delaware Chancery Court’s Judge Travis Laster’s ticking clock [TTA 11 May], and finally, formally called off its merger with Cigna. Instead of sighs of relief and seeking oblivion in a few bottles of adult beverages, Anthem still won’t stop and let Cigna go. Anthem now refuses to pay the breakup fee per their agreement, claiming once again that Cigna sabotaged the merger, and wants blood from that rock. From the Anthem announcement:

In light of yesterday’s decision and Cigna’s refusal to support the merger, however, Anthem has delivered to Cigna a notice terminating the Merger Agreement. Cigna has failed to perform and comply in all material respects with its contractual obligations. As a result, Cigna is not entitled to a termination fee. On the contrary, Cigna’s repeated willful breaches of the Merger Agreement and its successful sabotage of the transaction has caused Anthem to suffer massive damages, claims which Anthem intends to vigorously pursue against Cigna. (Editor’s highlight)

Now we have Anthem seeking damages from Cigna, which is a matched set with Cigna’s Funny Valentine of 14 February adding over $13 bn in damages to recoup the unrealized premium that shareholders did not earn as a result of the merger failure. Anticipating Anthem’s position even at that time, they flipped a wicked backhand in their statement:

Anthem contracted for and assumed full responsibility to lead the federal and state regulatory approval process, as well as the litigation strategy, under the merger agreement. Cigna fulfilled all of its contractual obligations and fully cooperated with Anthem throughout the approval process.

Our Readers will also recall that in March, Cigna joined with Anthem in supporting Anthem’s appeal to the DC Court of Appeals, an unusual move in this light, but one that further reinforced their non-saboteur ‘we’re just innocent victims here’ position. Cigna has not yet publicly responded. The AMA cheered its apparent complete victory in the name of doctors and patients.

They hate each other and have from the start. The real victims here are the policyholders–patients–of both companies, with both companies distracted by a legal battle. How different they are from both Aetna and Humana, which (at least publicly) politely ended all efforts after the merger denial, paid out their breakup, and went back to business, which right now presents challenges with ACA hitting the long-predicted Actuarial Brick Wall. (Aetna exiting ACA individual exchange plans in 2018)

Judge Laster’s plans for a restful summer on Delaware’s beautiful beaches and bays are likely to have gone the way of the mouse in Robert Burns’ poem ‘To A Mouse’ (stanza 7). He is not alone in Indianapolis or Bloomfield, Connecticut:

But Mousie, thou art no thy-lane,
In proving foresight may be vain:
The best laid schemes o’ Mice an’ Men
Gang aft agley,
An’ lea’e us nought but grief an’ pain,
For promis’d joy!

See you in court! Fortune, Modern Healthcare, Healthcare DiveInterested in the previous details? See our coverage here, including our take on ‘whither the policyholders (patients) and corporate buyers’.

The weekend charmer: fitness tips from a 105 year-old practicing doctor

How do you get to a very advanced age and still be active in your work, if you’re not the Duke of Edinburgh with a staff (and a younger working wife)? Especially when your 105 years have included being a soldier in WWII and a stint as a Japanese POW? Dr Bill Frankland credits his one hour of daily exercise for his longevity and sharpness, especially repeatedly rising from a sitting position. We also note that he wears a PERS wristlet–just in case. Is someone studying his genome? Learn his secrets in the video from BBC Today.

Anthem-Cigna breaking: lawyers may talk, but Cigna gets to walk–and it continues in court

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/05/The-End-Pic-typewriter.jpg” thumb_width=”175″ /]Breaking, with a whimper. This evening (11 May), the Delaware Court of Chancery released its ruling denying a 60-day injunction requested by Anthem to prevent Cigna from ending their merger. The original merger agreement had an end date of April 30. Judge Travis Laster stayed the implementation of his ruling until Monday noon to give Anthem a chance to appeal to the Delaware Supreme Court. Reuters

Is this The End? In this Editor’s opinion, yes, the petition to the US Supreme Court for a writ of certiorari notwithstanding. I stand by my Monday observation that “the Chancery Court decision to extend for 60 days–into July– is critical to any SCOTUS hearing, as it is unlikely there would be any merit in a review of a dead deal even if there is a potentially novel issue. 

So Cigna can walk, pass ‘go’ and collect…? The open issue is now Cigna’s. There is a contractually mandated breakup fee of $1.85 bn. In February, their Funny Valentine also claimed over $13 bn in damages, on the grounds that Anthem had intent to harm Cigna’s business. Not so fast though–there will certainly be a fight over the damages. According to Bloomberg, “the judge said there was significant evidence Cigna may have violated the merger agreement by dragging its feet on antitrust concerns, which could entitle Anthem to “potentially massive damages.” The next phase of court actions will be around damages awarded to Cigna, if any; if so how much; and what is the final settlement. Dirty laundry and ‘Who Shot John?’ will fly in this same court, unless the settlement is quick and quiet, highly unlikely with these two noisy protagonists. If it remains substantial, Cigna could be shopping for acquisitions–or be a cash-rich acquisition target itself. More distractions for management.

Other mergers may be more palatable in a changing healthcare landscape…just not this one. Also Fortune. Interested in the previous details? See our coverage here, including our take on ‘whither the policyholders (patients) and corporate buyers’.

The stop-start of health tech in the NHS continues (UK)

Continuing their critique of the state of technology within the NHS [TTA 17 Feb], The King’s Fund’s Harry Evans examines the current state of incipient ‘rigor mortis’ (his term). Due to the upcoming election, the Department of Health is delaying its response to Dame Fiona Caldicott, the National Data Guardian for Health and Care (NDG), on her review of data security, consent and opt-outs (Gov.UK publications).

People have significant trust and privacy concerns about their data, which led to NHS England suspending care.data over three years ago. But with safeguards in place, public polling supports the sharing of health data for uses such as research and direct care. But…there’s more. Now there is ‘algorithmic accountability’, which may single out individuals and influence their care, much as algorithms dictate what online ads we’re served. What of the patient data being served to Google DeepMind, IBM Watson Health, and Vitalpac for AI development? Have people adjusted their concerns, and have systems evolved to better store, secure, and share data? And how can this be implemented at the local NHS level? The NHS and technology: turn it off and on again Hat tip to Susanne Woodman of BRE.

A reminder that The King’s Fund’s Digital Health and Care Congress is on 11-12 July. Click on the sidebar to go directly to information and to register. Preview video; the Digital Health Congress fact sheet includes information on sponsoring or exhibiting. To make the event more accessible, there are new reduced rates for groups and students, plus bursary spots available for patients and carers. TTA is again a media partner of the Digital Health and Care Congress 2017. Updates on Twitter @kfdigital17

Hackermania meets The Dark Overlord with 2.3 million 2017 health data breaches

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]It’s a cage match! Reports are soaring, with a proliferation of data breaches year to date, after a relatively quiet period in 2016.

The Dark Overlord (TDO), in the mainstream news with dumping unseen Netflix program episodes on illegal file-sharing sites and demanding ransom (Guardian), also has been hard at work dumping PHI hacked from various clinics. DataBreaches.net tallied it at 180,000 records from at least nine medical clinics.

Health data security developer/provider Protenus, whose Breach Barometer tracks the numbers, counted 2.1 million breaches in 1st Quarter. March spiked with 700,000 coming from Commonwealth Health Corporation of Kentucky.

Our standby Privacy Rights Clearinghouse counted over 175,000 to date, but 160,000 came from MedCenter Health in Protenus’ total, so their net addition was 15,000. But PRC’s detail illustrates that ransomware is alive, well, and invading smaller healthcare organizations. Other reasons are unauthorized data server access, third-party vendors, email error, and theft.

Thinking about a location for your health tech startup? Consider…’virtual’ Estonia!

‘Extreme digital living’ is the norm in the Baltic country of Estonia, which rebuilt itself from the ground up after the formal dissolution of the Soviet Union (and each citizen receiving a distribution of €10) to one of the most advanced online-only countries in the world, far ahead of the US, the UK, and the rest of the EU. Internet access is by law a basic human right in Estonia. Digital signatures are equal in every way to paper signatures, except for marriage and divorce (a nostalgic touch). Everyday living is paperless and programming is taught in early grades. Live in picturesque Tallinn and need a delivery? It may come to your door via Starship robot, founded by one of the former Skype team. (Did you know that former Skypers have funded much of the Estonian tech and investment boom?) They take data security seriously with the Russian Bear growling (and hacking) on the border, so they created a NATO-accredited cyberdefense center in Tallinn and a whole country backup in a Luxembourg ‘data embassy’. Blockchain is a large part of this–and the government is working on using it for mapping the genome data of its 1.3 million citizens and sell it (deidentified) to precision medicine researchers.

So if you are a US, UK, EU, or even Australian-based developer, or already have a small tech company, why is this of interest? Estonia has opened a door for foreigners that is a most attractive one–virtual residency, no matter where you live. Once you’re an e-resident, simply register your company (online of course) and pay a fee of €145. You now can do business in euros–and fully access the EU. Most companies pay monthly administrative and accounting fees in Estonia, providing the country with income. About 1,400 companies have taken advantage of e-residency. It isn’t a tax haven, but if you do have income in Estonia, their corporate taxes are low–20 percent, compared to 19 percent for the UK, 30 percent for Australia, and a shattering 39 percent for the US (at present). Trading Economics And there is that tech and digital-savvy workforce as an additional incentive. Is This Tiny European Nation a Preview of Our Tech Future? (FortuneHat tip to TTA Founder Steve Hards

Tender Alerts: Nottingham NHS telestroke, Scotland remote health and care

Our Eye on Tenders, Susanne Woodman of BRE, brings to our attention two from UK.Gov’s Contracts Finder and TED, with full information at the links:

  •  Telemedicine Solution for Stroke Services from Nottingham University Hospitals NHS Trust. Nottingham City Hospital requires an immediate replacement for a stroke Telecart which deals with out of hours (OOH) stroke emergencies. This system allows the consultants to remotely interact with patients and staff on the stroke unit. The patient is seen in real time video and audio. Future plans, not in this contract, are for a replacement system in multiple locations. Contact is Niall Fowler of the NUH NHS Trust. Closing 26 May.
  • NHS National Services Scotland Remote Health and Care Monitoring and Communication System. The procurement is intended to support the delivery of home/mobile health monitoring and video conferencing enhanced care. At a later date, this will expand to incorporate future digital telecare or wellbeing solutions. A registration of interest is required for more information, available at the Public Contracts Scotland website. Value is £ 2 million. Note: this listing is a Prior Information Notice with estimated publication 21 June. These are generally released for high-value contracts with usually a compressed application period since information has been previously published.

Better than ‘Dallas’? Anthem and Cigna in Delaware court (updated); Anthem’s SCOTUS appeal

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/05/sj8qohs2yc6xbxpx1bmm.jpg” thumb_width=”150″ /]The War of the Payers grinds on. It’s altogether appropriate that this is the 100th anniversary of the US entry into the Great War. It was marked by a costly strategy that stalemated in the trenches and fatally ground into dust over four years men, machines, national treasuries, and ultimately a world order. In this Editor’s view, we are witnessing it writ large in Anthem’s, and to a lesser extent Cigna’s, actions after their merger was put paid to, first by a DC Federal District, then a District Appeals court, in a suit brought by the Department of Justice (DOJ) and 11 states.

Update: In Delaware Chancery Court May 8, Anthem requested a 60-day preliminary injunction to prevent Cigna from ending their merger. This was in a hearing on the February restraining order that Anthem received to block Cigna’s exit, filed in that court, from the merger after the District Court decision. Vice Chancellor Travis Laster said (after five hours of argument) that he would rule as soon as possible. Reuters  New: Even Judge Laster admits it’s a ‘long shot’ that Aetna could find a path to success after two courts turned down the merger. Cigna’s legal spokesperson further amplified that, stating that it was ‘a near impossibility’ and that no “divestiture package would have solved” the merger’s problems. Bloomberg  See the back story below

Watch for fireworks whatever the decision. Antitrust lawyer David Balto rated its potential “more fun than watching an episode of [the television melodrama] Dallas“. CT Mirror

The Chancery Court action is far more important than Anthem’s ‘petition for writ of certiorari’ to the Supreme Court of the US (SCOTUS) for review of the lower court ruling, citing the following:

  1. The 2 to 1 split in the court decision
  2. That the 1960s court precedents relied on by the District Court must be updated to today’s understandings of economics and consumer benefit
  3. And asserting that the loss of the merger “would limit access to high quality affordable care for millions of Americans and deny them more than $2 billion in medical cost savings annually” from the improved bargaining power of the new entity

(What perhaps was not included was that the merger partner, Cigna, wants out, out, out of the merger, which does tend to put a negative cast on the whole affair, as it did for the DC District Court.)

This Editor believes that the Chancery Court decision to extend for 60 days–into July– is critical to any SCOTUS hearing, as it is unlikely there would be any merit in a review of a dead deal even if there is a potentially novel issue. In the Reuters report, Anthem’s attorney mentioned the SCOTUS petition with a decision date by early July (the end of the term). He confirmed their intent to appeal to the DOJ for a ‘negotiation’ once the Trump Administration had its nominated officials in place. In Bloomberg, Cigna’s attorney’s position is that SCOTUS wouldn’t even consider the petition until September, which would put it past the extension and a decision into the next term.

Petitions for writ of certiorari are the Hail Mary pass–the last-ditch move–of court actions. (more…)

d-Lab opens Challenge to transform use, governance of Personal Health Data

d-Lab is calling for international healthcare innovators to take a good, hard look at how we can use, secure and increase access to personal health data (PHD). In this Challenge, d-Lab is seeking innovative ideas, projects, and solutions that consider wider uses of PHD for patients and research, such as:

  • innovative modes of PHD governance
  • future use in health and medical research
  • inclusion of new types of data, such as from wearables
  • contribution to wellbeing and aging solutions
  • innovative business models that assure the long-term sustainability of PHD usage and governance

The Challenge opened this past Tuesday and closes on 27 June, with winners announced in September. There will be a maximum of two
winning proposals that will lead to the setting up of a maximum of two partnerships and two pilots. See here for d-Lab’s website and here for the terms and conditions PDF. d-Lab is a program of Mobile World Capital-Barcelona. The Challenge is supported by Clinic Barcelona, Research2Guidance, and TicSalut.

Two London events worth considering

A quick blog to draw your attention to two events at the Royal Society of Medicine that this editor has been involved in setting up, and that should be of interest.

The first is the Future of Medicine: the Doctor’s Role in 2027, on May 18th, which has a host of excellent speakers looking at how technology is likely to change the way medicine is practised in ten year’s time, to help clinicians, healthcare managers, academics and suppliers prepare for those changes to ensure maximum improvement in patient outcomes. Book here

The second event, in partnership with the IET, Digital Health and Insurance: a Perfect Partnership? on June 1st brings in a wide range of international speakers to explore how, by giving insurers precision over the risks they are taking, digital health is transforming health insurance, both for humans and for pets, and in the process may well result in a fundamentally different way of providing, and paying for, health in the future. Not to be missed! Book here.

As has been said before, the RSM has medical education as one of its charitable objects (the other is promoting medical advances) so their events are extremely attractively priced.

Fitbit reaching out to NHS–but new smartwatch ‘a giant mess’ (updated)

There have been sketchy reports of Fitbit’s CEO James Park meeting with the NHS last month to get Fitbits into the ‘big moves’ in wearables and apps promised by Health Secretary Jeremy Hunt. Mr. Park’s interview with the Sunday Times (limited access) indicated that Fitbit’s NHS project, should it happen, would be for exercise and activity monitoring, similar to the partnership with UnitedHealthcare which reduces premiums based on policyholder exercise monitoring. This move towards payers is in line with reports starting last year of Fitbit’s seeking clinical markets and moving away from the fickle B2C market. City AM

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/05/Fitbit-Watch-FINAL.jpg” thumb_width=”150″ /]Given this week’s leak/reveal and scuttlebutt on the new Fitbit smartwatch, Mr. Park needs to gin up a big payer, quickly. The advance buzz is not positive nor kind. It’s delayed from spring to end of year–in competition with the latest iteration of the Apple Watch. This advance photo of codenamed ‘Higgs’ from Yahoo!Finance indicates a certain clunkiness (and derivation from the panned semi-smartwatch Blaze). It’s pricey, rumored to be priced at around $300. Features include a 1,000nit, built-in GPS, heart-rate monitoring, contactless payments, Pandora and four days of battery life along with connectivity to new Bluetooth headphones. Yet TechCrunch notes “complaints about design, production delays, antenna issues and software problems.” in what they dub “a giant mess”. Forbes notes problems in waterproofing and GPS signal. There are other Android-based smartwatches that do the same for the same price or less. Will this save Fitbit? To be determined….

Update: CEO Park denies delays in the new smartwatch, saying “all new product introductions are on track”, but then again–it hasn’t been officially announced! On the earnings call Thursday, Fitbit stated that new products are now accounting for 84 percent of 1stQ revenue. The company also reported better-than-expected earnings for the first quarter of 2017, reporting an adjusted loss of 15 cents per share on revenue of $299 million. Full year projected at $1.5 – 1.7 bn. Marketwatch, The Verge

A stride ahead in gait analysis for detecting potential health issues

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/05/WiGait-wirelessly-measures-walking-speed-MIT-00_0.png” thumb_width=”175″ /]Readers experienced in senior healthcare know that changes in gait can be predictors or a proxy for negative change in physical or mental status, for instance when walking becomes slow or unsteady and the risk of falling rises. We’re familiar with various remote monitoring approaches such as pads, sensor arrays, camera systems such as the VICON tracker, worn sensors, and Fitbits but none so far have proven workable, widespread, or particularly accurate. A research group at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have designed a system using wireless signals which can measure the walking speed of multiple people with 95 to 99 percent accuracy, the same as clinical measurement and VICON. The WiGait device is the size of a small painting and emits signals at about the level of a smartphone. It analyzes reflected signals off the body and can differentiate through algorithms the type of movement, e.g. walking versus brushing teeth. It can also gauge stride length, since changes in that may indicate progression in diseases such as Parkinson’s. Since the WiGait can be used for longitudinal tracking, gait changes can be further correlated with disease state with the intent of avoiding hospitalization. The researchers built off of previous work on WiTrack, which used signals to track behaviors from breathing and falling to specific emotions.  MIT NewsPaper: Extracting Gait Velocity and Stride Length from Surrounding Radio Signals

Blue Cedar releases new security for health apps, built into the app

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/05/Blue-Cedar-Logo-Asset-1@3x-100.jpg” thumb_width=”150″ /]For healthcare organizations, device and app developers, one stumbling block for apps has been securing data. The endpoint for security has been to secure and manage the device, which constrains widespread BYOD use and convenient downloading. What if, instead, the apps and the data on them were secured without needing to further secure the device? This is what Blue Cedar, a mobile security developer, has done with what they call a mobile device management (MDM) alternative, with security ‘baked into the app”.

One of their first for the new platform is MedStar Health, the largest healthcare provider in the Maryland and Washington, DC region. Blue Cedar’s MDM enabled them to secure their mobile app for clinicians that contained protected patient information (PHI) yet run securely on personal mobile devices.

Blue Cedar’s Chief Product Officer, Chris Ford, spoke with this Editor and explained that their new platform (V3.14) works through injecting a security code in the mobile app, which enforces policy on encryption and use. Their Enterprise Mobility Management (EMM) can now incorporate support for secure apps on unmanaged devices, security and connectivity for VoIP-based apps, and enforcement of granular controls for HTTP-based apps. This and other features of the new platform will permit healthcare app developers to distribute apps through sites like the Apple Store or Google Play and “trust functionality” that allows control of data sharing between apps on the same device.

Blue Cedar spun off last year from IoT security company Mocana, founded in 2002, and now has over 150 customers in multiple verticals. They believe their MDM alternative is ideal for healthcare organizations and health app/wearable developers, recently adding representation in the UK and Europe. Release (PDF)

Is startup funding actually going to startups? Where are all of them, anyway?

Markus Pohl of Research2Guidance, in two successive blog postings, asks provocative questions on Whither Startup Funding. This Editor will attempt to summarize his key points but read both articles to get the real impact–and surprise.

  • There is $4 bn annually managed by accelerators and incubators that invest in health–over $1 bn in 1st Quarter–but only a portion of this funding goes to startups. (The $4 bn / $1 bn are not footnoted, but they are the Rock Health investment numbers [see TTA 10 Jan and 11 Apr])
  • After subtracting for ongoing investments in portfolio companies, operational costs, and ex-healthcare investments, this funding for startups is realistically closer to $300 million
  • This money will only be spent if there are startups that qualify for the 340+ accelerator and incubator programs
  •  According to the last year’s R2G survey, mHealth App Developer Economics, there are 58,000 mobile health app developers. 15,000 are considered to be in the startup phase (eligible for an accelerator or incubator program). But “The majority of mobile app developers in healthcare tend to struggle on the finance and business side.”
  • The surprise: there are not enough quality startups for the available programs, even though most startups apply to more than one.
  • “Accelerators struggle to build up a high-quality selection funnel.” They suffer from lack of awareness, especially regional accelerators.
  • Accelerators and incubators will be adapting to startup candidate scarcity–or fail–within the next two years. Narrowing their focus to certain healthcare niches and focusing on their target may help. (But there may be a bubble here–Ed.)

More than US$4bn funds raised by accelerators & incubators investing in health. Why is only a small portion landing in the hands of start-ups? and Most digital health accelerator and corporate start-up programs must refocus to survive

For TTA readers, the R2G sponsored 7th Annual mHealth App Developers survey is here. It takes about 10-15 minutes to complete, so grab a cup of coffee or tea, and go! The survey is still open for about two weeks more. It is most applicable to mobile health app developers, project managers, publishers, co-founders, digital health experts, influencers, opinion makers, and investors–in other words, our Readers! Anyone who completes the survey will receive a copy near the end of 2017.

The R2G App Developer Economics Survey is supported by a stellar roster of distribution partners, accelerators, and media partners including Bayer, PCHAlliance, Health 2.0, dhaca…and TTA.