Who’s buying, selling, funding wrapup: athenahealth IPO deux?, NextGen EHR buys reseller TSI for $68M, Cloudwave buys Sensato; fundings for Lumen, UpStream, Aide Health

December 3, 2022 | by

athenahealth may go public a second time. This was teased by CEO Bob Segert in the Boston Globe (paywalled) earlier this week. He claimed in the article that since the company went private in 2019, they have added nearly 2,000 clients each year of the past three and that revenues are in the billions. Healthcare IT News recaps some of their moves from going from public to private and downsizing to today. Their other news is that they have instituted a clinical advisory board of 30 members (!) to provide feedback and guidance on clinical features and direction to athenahealth’s product team. One hopes that the sharper members advise a change in the first letter of their name from the oh-so-twee lowercase to an uppercase ‘A’. 

NextGen Healthcare, an EHR/EMR and revenue cycle management software provider for medical/dental practices, is acquiring reseller partner TSI Healthcare. The agreement is for $68 million in cash upfront, with a contingent consideration of up to $22 million in cash if TSI meets certain goals by March 2025. TSI has been a NextGen reseller for 16 years. The acquisition will enable NextGen to expand in key specialties including rheumatology, pulmonology, and cardiology. No mention is made of management or staff transition, nor of SEC review as NextGen is a publicly traded company on Nasdaq. Hat tip to HISTalk 2 Dec. Release, BusinessJournals Triangle

Massachusetts-based Cloudwave is acquiring Sensato Cybersecurity to increase cybersecurity capabilities. Cloudwave provides cloud services hosting with cybersecurity capabilities exclusively to healthcare organizations. Sensato adds cybersecurity-as-a-service (CaaS) to manage security needs, determine where security gaps are, and threat intelligence. Transaction price and details were not disclosed, but Sensato’s founder John Gomez will join CloudWave as chief security and engineering officer. Healthcare IT News  Cybersecurity continues to be top-of-mind for healthcare organizations. The latest Big Data Breach at CommonSpirit Health system hospitals got even worse, with the third-party breach of an undisclosed number of patient records at their Franciscan Health hospitals in September and October. This followed the ransomware attack on other CommonSpirit system hospitals’ EHRs in October. Healthcare IT News

As we near the end of the year, funding is wrapping up with a flurry in some surprising areas such as optimizing metabolism and care coordination for chronic conditions, reducing burden on primary care practices/GPs. One is for an early-stage company in the UK for the latter.

  • Lumen’s $62 million Series B was led by Pitango Venture Capital with Hanwha Group and Resolute Ventures.   Lumen measures metabolism via a handheld, breathalyzer-like device equipped with a CO2 sensor that analyzes whether the body is burning fats or carbs for fuel which can promote weight loss, energy for fitness, and sleep. With that data, the app delivers to users personalized meal plans and nutrition along with when to eat. The new funding will be used to expand these nutrition and lifestyle coaching services. The device is sold direct to consumers, with the app services sold on a SaaS basis: three yearly plans with a range of services from $249 to (on sale) $349.  Mobihealthnews, MedCityNews
  • Another Series B raise of $140 million went to UpStream, for total funding of $185 million. UpStream is in the decidedly unsexy area of care coordination, workflow, and financial platform technology for groups of advanced primary care practices enrolled in value-based full-risk care models, most of which are centered around Medicare and Medicare Advantage. They also deploy pharmacist-led care teams into primary care practices. Their platform and services are free to the practice, with a risk-sharing agreement that pays UpStream through savings (upside risk) but also holds them accountable if savings are below the benchmark (downside risk). Practices are paid on quality during the performance year versus having to wait for CMS to pay in Q3-4 of the following year. This is an MSO (management services organization) ‘in a box’ versus organizing ACOs that is mainly technology-based, a new wrinkle for this Editor who used to be in marketing this area. MedCityNews, Mobihealthnews
  • Aide Health is a clinician-to-patient platform for better management of chronic conditions now bolstered with £1 million in pre-seed funding. Founded by Ian Wharton, CEO, and Brian Snyder, COO, the platform measures physical, mental, and social wellbeing markers for more proactive care. Aide is piloting with the NHS for asthma or Type 2 diabetes with a cohort aged 18 to 75.  Funding was led by Hambro Perks through its EIS fund, with participation from Fuel Ventures, 1818 Ventures, and APX. BusinessCloud (UK)

News roundup: cybersecurity benchmarking study, Tyto Care’s Home Smart Clinic, Long Island’s $2.6B life sciences hub, Singapore’s Speedoc raises $28M, NantHealth’s sinking feeling, Hims & Hers revenue up 95%

November 10, 2022 | by

Censinet, the American Hospital Association (AHA), and KLAS Research announced at industry confab CHIME22 Fall Forum a benchmarking study on health system cybersecurity. The study, currently enrolling hospital and health system participants, according to the release will enable a comparison of cybersecurity investments, resources, performance, and maturity to peer organizations across key operational cyber metrics. It will also cover NIST Cybersecurity Framework (NIST CSF) and Health Industry Cybersecurity Practices (HICP). Censinet provides healthcare risk management solutions, consolidating enterprise risk management and operations capabilities. Hat tip to HISTalk 9 Nov.

TytoCare’s latest is the rollout of the Home Smart Clinic, a platform that combines TytoCare’s FDA-cleared handheld for remote physical exams; Tyto Insights, their AI-powered diagnostic support that aids diagnosis in remote physical exams; Tyto Engagement Labs, a suite of user engagement services including behavioral science-backed blueprints, consulting services, and marketing tailored to each specific program and cohort; and support for multiple provider models and different patient populations. The new platform is targeted to health plans and providers. Release (Yahoo)

Long Island NY’s proposed Midway Crossing project, creating a life sciences hub in quaintly named Ronkonkoma, would cost about $2.55 billion, but create an estimated 4,300 science, technology, engineering, and healthcare positions. They’d also be lucrative, with salaries mostly well over $100,000 a year. The proposal was authored (sic) by Michael Dowling, president of Northwell Health, and James Hayward, PhD, president and CEO of Applied DNA Sciences, and appeared in Newsday (paywalled). Its 179 acres would include a STEM educational center, research labs, biotech manufacturing facilities, health care offices, a hotel and convention center plus connect to the LIRR and Long Island-MacArthur airport. While approved by local authorities, it now needs funding. Becker’s

Traveling to the far Pacific…Speedoc, a home health company based in Singapore, raised $28 million. Speedoc offers app-based video consults and home visits, non-emergency ambulance transport, and remote monitoring for several chronic conditions. It is available in nine cities in Singapore and Malaysia. According to Mobihealthnews, it is also one of the technology partners for the two-year pilot of the Mobile Inpatient Care@Home initiative by the Ministry of Health’s Office for Healthcare Transformation. The pre-Series B funding round was led by its new investors Bertelsmann Investments, Shinhan Venture investment, and Mars Growth. Vertex Ventures Southeast Asia & India, which led its $5 million Series A funding round in 2020, also participated. 

Our Readers with very long memories will remember that transformative health darling, NantHealth. This Patrick Soon-Shiong NantWorks company, originally in genetic sequencing for cancer research, was caught en flagrante in a ‘pay to play’ scheme with the University of Utah funding NantHealth and providing data that would prove useful to other Soon-Shiong companies [TTA 18 April 2017]. It’s long since pivoted to payer/provider data solutions (NaviNet). What’s not improved is their bottom line. It lost $13.7 million, or $0.12 cents per share, increasing loss by 26% from 3Q 2021. Shares on NasdaqGS are trading at $0.31. Yahoo!Finance/SimplyWallSt. Another tip of the cap to HISTalk 9 Nov.

And who said all of telehealth is suffering? Online direct-to-consumer marketer Hims & Hers posted a third consecutive $100 million+ quarter in revenue. Their Q3 revenue was up 95% versus Q3 last year, reaching $144.8 million. They also gained 70,000 new online subscribers for a total of 991,000, up 80% year over year. Q4 guidance is up to $159 million to $162 million, with a full-year revenue forecast of $519 million to $522 million. And yes–they’re profitable. Their embarrassing TV spots notwithstanding, they seem to have found The Magic Formula. FierceHealthcare

Weekend reading: HHS Office of Information Security presentation on security risks in AI, 5G, nanomedicine, more

September 20, 2022 | by

Earlier this month, the US Department of Health and Human Services (HHS) Office of Information Security’s Health Sector Cybersecurity Coordination Center issued a presentation/paper that discussed the cybersecurity risks for healthcare organizations in implementing artificial intelligence, 5G cellular, nanotechnologies in medicine (nanomedicine), ‘smart hospitals’, and quantum computing.

Each area is defined, benefits listed, and then security concerns.

Highlights of the cybersecurity risks:

  • AI: requires very large collections of data in order to learn; privacy and security concerns regarding personal health information (PHI); de-identified data can be re-identified (as TTA posited several years ago!)
  • 5G overlaps with IoMT (internet of medical things) tech: both devices and data need to be secured end-to-end as they connect to the network and on devices themselves; design and implementation of the software in medical devices should include a specification of cybersecurity features and validation of those features; regular updating needed
  • Nanomedicine: remote connectivity leading to ransomware and the disruption of nanotechnology devices with theoretically fatal consequences; weaponized inhalable particles as a delivery system for bioterrorism
  • Smart hospitals: an expanded attack service; considerations same as above; resilience and continuous monitoring critical
  • Quantum computing: affects all cryptographic algorithms, requiring review and updating of those that are part of  information infrastructure

Emerging Technology and the Security Implications for the Health Sector (34 slides)  Also Becker’s Health IT

Week-end news roundup: Fold Health launches OS ‘stack’; admin task automator Olive cuts 450 workers; 38% of UK data breaches from cyber, internal attacks; hacking 80% of US healthcare breaches; does AI threaten cybersecurity?

July 21, 2022 | by

Startup Fold Health launched this week. It’s developed a suite of modular tools that are interoperable with existing EHRs or platforms to enable them to work better, together. Fold’s main claim is to “move primary care beyond the constraints of a 15-minute visit and provide a revolutionary consumer first experience through micro, automated workflows and campaigns of care.” There is an athenahealth connection, in that the founders were from Praxify, a virtual assistant/patient engagement app bought by athenahealth for $65 million in 2017. It has a $6 million seed investment from athenahealth. FierceHealthcare

On the other side of the funding mountain,  Olive, an AI-enabled data cruncher that automates routine administrative healthcare processes such as revenue cycle management, has pink-slipped 450 employees, about one-third of its staff. In a letter to employees excerpted in Axios, Olive cites ‘missteps’ and ‘lack of focus’. It follows hiring freezes, major staff departures, and overpromising/underdelivering, including not using AI or machine learning for automating tasks, featured in an April Axios investigation. Olive has gone through over $850 million in nine rounds of funding (the last July 2021, Series H–Crunchbase). FierceHealthcare

Cyber attacks with internal breaches account for 38% of UK organizations’ (of all types) data losses in 2022. This is based on the Data Health Check survey of 400 IT decision makers compiled by Data Barracks, a cloud-based business continuity organization. The second and third reasons for data loss are human error and hardware failure. Of those surveyed, over half have experienced a cyber attack, most commonly caused by ransomware. 44% paid the ransom, 34% didn’t and used backups. Their recommendations include frequent backups and keeping track of how many data versions–both will minimize downtime and data loss. Release, full report

By contrast, returning to the US and healthcare, malicious hacking activity accounts for nearly 80% of all breaches. Fortified Health Security’s mid-year report on the state of healthcare cybersecurity, reviewing HHS Office for Civil Rights (OCR) data,  noted that in first half 2022:

  • Healthcare data breaches primarily originated at providers– 72%. The remainder were at business associates at 16% and health plans at 12%.
  • The number of records affected was 138% higher than the first half of 2020 at over 19 million records
  • Breaches were concentrated in relatively few organizations: Seven entities experienced breaches of more than 490,000 records each, in total 6.2 million records or 31% to date.  
  • OCR’s data breach portal recorded 337 healthcare data breaches that each impacted more than 500 individuals, a small decline from 2021’s 368
  • Hacking incidents rose to 80% from 72% in 2021. Unauthorized access/disclosure incidents totaled 15%; loss, theft, or improper disposal accounted for only 5 percent of breaches.
  • AI and ML-enabled security offerings can bolster cyber infrastructure. Organizations should also look at how IT staff shortages impact their planning and security.    HealthITSecurity

Can AI (and machine learning-ML) lessen breaches–or open the door to worse problems, such as algorithmic bias, plus data privacy and security concerns? Vast quantities of data pumped through AI or ML algorithms are harder to secure. If the algorithms are built incorrectly–such as eliminating or underrepresenting certain populations–what comes out will be skewed and possibly misleading. In the Healthcare Strategies podcast, Linda Malek of healthcare law firm Moses & Singer, who chairs their healthcare, privacy, and cybersecurity practice group, discusses the problems. She suggests some best practices around transparency, security, privacy, and accuracy when developing an AI algorithm, including collecting as much data as possible, and as diverse as possible, for accuracy. Additionally, the design should incorporate privacy and security from the start. HealthcareExecIntelligence

Predictions, predictions for telehealth, digital health, and all those cybersecurity risks

February 3, 2022 | by

crystal-ballJanuary is the month for predicting what’s ahead, and while this Editor has no pretensions to be Sibyl the Soothsayer despite the picture, let’s look at what others see in their cloudy crystal balls.

Frank McGillin, CEO of The Clinic by Cleveland Clinic, works intensively with telehealth in this joint venture between Cleveland Clinic and Amwell. His prediction: telehealth will evolve towards concierge care, as providers reduce “platform sprawl”, coordinate the virtual care experience, and provide multidisciplinary virtual care.

  • Telehealth is now “a permanent mode of access”, though the pandemic created “platform sprawl” as providers reached for any and all modes and providers which could be implemented quickly
  • Healthcare providers and plans now have to scale back and reconcile all this to “design a digital trajectory with intention”
  • This means developing a personalized approach to telehealth delivery and to provide a seamless, highly coordinated care experience
  • Their approach is to focus on multidisciplinary virtual visits and case analysis for patients with complex conditions, such as their Virtual Second Opinions program for conditions such as brain tumors and prostate cancer.
  • Virtual multidisciplinary support reduces the risk of suboptimal treatment plans and can eliminate long travel times and exposure to COVID-19 for vulnerable patients. For payers and employers, this can add up to better outcomes and reduced cost of care.
  • “Intelligent” remote monitoring also removes another layer of risk in providing the right care at the right time
  • Continuation of relaxed interstate licensure requirements are needed to provide fast access to medical experts, particularly for primary care providers.

Interview with Healthcare IT News 

Healthcare Dive has been running a series on industry trends, and this installment focuses on digital health.

  • Healthcare will become more predictive and proactive, with insights fed by connected devices and analytics (commonly lumped under AI) that enable organizations to collect, analyze, and act on massive amounts of data.
  • But algorithms don’t have judgment and data can have bias, leading to poor decisions, such as the distribution of vaccines. Expect more oversight from the Federal level down on AI research and policymaking, 
  • Virtual care will continue to grow in virtual diagnostics, patient-reported outcomes applications, and digital homecare platforms
  • Telehealth and digital health is integrating into the traditional delivery and payment model–partnerships with health systems, payers, and employers.
  • Virtual care access is booming in niche areas such as women’s health, hospital at home, and mental health, with investment dollars flowing in. Telemental health is moving into consolidation.
  • Cybersecurity will become more of a focal point for healthcare companies in 2021, with hackers finding their way into all these contact tracing apps designed in a hurry, plus digital health systems, many of which are poorly protected. Targeted attacks have skyrocketed.

And speaking of cybersecurity, over at HealthITSecurity, they rounded up the experts to opine on All Those Security Risks that fast implementation of telehealth and moving devices out of the hospital walled garden have created. Remote patient management is now an asset, no longer a ‘nice to have’, for providers, setting up a situation where patients are increasingly both the beneficiaries of more convenient health delivery and victims of security breaches and ransomware.

  • ‘Out of hospital’ care means that data is being transmitted between multiple points. Network security isn’t guaranteed. So attacks can originate at the weak points–either the home or hospital environment.
  • The fast implementation of telehealth during the pandemic meant not only did systems not work together well, it also meant multiple points of vulnerability
  • Over 80% of surveyed healthcare providers globally harbor concerns about data security and privacy (Kaspersky/Arlington Research). And a shocking 70% admitted that their practice used outdated legacy operating systems, exposing them to security vulnerabilities.
  • “A culture of security” means maintaining endpoint security and BYOD policies across the organization’s network, identity management and zero trust tactics, and yes, security consciousness on patients’ parts.
  • Patients should not be responsible for security, providers partly, which leaves the responsibility with the vendor. But healthcare organizations are responsible for evaluating their vendors, and how they are interacting with and storing their data.  

Weekend reading: 1/3 of global healthcare orgs ransomwared, 50%+ mobile privacy problems–BMJ study, med device insecurity

June 25, 2021 | by

Weekend reading to make you feel insecure, indeed. Healthcare continues to be one of the most vulnerable sectors to hacking, breaches, ransomware. (It likely was one of the top 5 on the list handed to Mr. Putin in Geneva a week ago.) It doesn’t help that many organizations from providers to payers, legacy devices to apps, figuratively have a ‘Welcome Hackers’ neon sign on their doors, virtual and otherwise.

Three articles from the always interesting Healthcare Dive, two by Rebecca Pifer and the third by veteran Greg Slobodkin, will give our Readers a quick and unsettling overview:

  • According to cybersecurity company Sophos in their 16-page report, 2020 was an annus horribilis for healthcare organizations and ransomware, with 34 percent suffering a ransomware attack, 65 percent confirming the attacks encrypted their data, but only 69 percent reported that the encrypted data was restored after the ransom was paid. Costs were upward of $1 million. Their conclusion: assume you will be hit, and at least three backups. Dive 24 June
  • The BMJ found that lax or no privacy policies were a key problem with over half of mobile health apps. 23 percent of user data transmissions occurred on insecure communication protocols and 28.1 percent of apps provided no privacy policies. There’s a lot to unpack in the BMJ study by the Macquarie University (Sydney) team. Our long-time Readers will recall our articles about insecure smartphone apps dating back to 2013 with Charles Lowe’s article here as an example. Dive 16 June
  • Old medical devices, continuing vulnerability that can’t be fixed. Yes, fully functioning and legacy medical devices, often costing beaucoup bucks, are shockingly running on Windows 98 (!), Windows XP, outdated software, and manufacturers’ passwords. It’s hard to believe that Dive is writing about this as it’s been an issue this Editor’s written about since (drumroll) 2013 when TTA picked up on BBC and other reports of ‘murderous defibrillators and pacemakers’. If too far back, try 2015 with Kevin Fu’s and Ponemon’s warnings then to ‘wash their hands’ of these systems even if they’re still working. Chris Gates quoted in the article: “You can’t always bolt-on security after the fact, especially with a legacy piece of equipment — I’ve literally handed checks back to clients and told them there’s no fixing this.” Dive 23 June

What to do?

  • If you are a healthcare organization, think security first. Other organizations in finance and BPO do, locking down to excruciating points. And yes, you’ll have to pay a premium for the best IT security people, up your budgets, and lower your bureaucracy to attract them. Payers are extremely vulnerable with their wealth of PHI and PII, yet tend to skimp here.
  • Consider bringing in all your IT teams to your home country and not offshoring. Much of the hacking occurs overseas where it’s tougher to secure servers and the cloud reliably and fully.
  • Pay for regular and full probes and audits done by outside experts.
  • If you supply a mobile app–design with security and privacy first, from the phone or device to the cloud or server, including data sharing. There are companies that can assist you with this. One example is Blue Cedar, but there are others.
  • If you supply hardware and software for medical devices, think updates, patches, and tracking every bit you sell to make sure your customers do what they need to do. Even if your customer is a past one.

(Side message to NHS Digital–don’t rush your GPDPR upload to the summer holidays. Make it fourth quarter. Your GPs will thank you.)

Suggestions from our Readers wanted! While your Editor has been covering security issues since early days here, she is not an expert, programmer, or developer, nor has stayed at a Holiday Inn Express lately.

Do Huawei and ZTE present security threats to the US and global communications networks? The FCC says yes.

July 1, 2020 | by

In two little-noted decisions formally announced yesterday (30 June), the Federal Communications Commission (FCC) banned the funding by the FCC Universal Service Fund (USF) of the purchase or use of equipment or services provided by China’s Huawei and ZTE. The USF funds rural internet, Lifeline for low-income consumers, Indian Tribal initiatives, schools and libraries, and the Rural Health Care program–a substantial part of the national network which will also discourage private companies from use of their equipment as Verizon, Sprint, et al participate in these programs.

Both Huawei and ZTE have been found by the US government–and many others–to be extensively tied to the Chinese government and military, obligating these two companies to permit their systems to be used for espionage, plus numerous known cybersecurity risks and vulnerabilities in their equipment. Other national governments have felt likewise including the UK, which is reevaluating its former permission for their participation in the 5G rollout. FCC release, Huawei order, ZTE order, ZDNet (UK)

DARPA’s $5.1M contract with Kryptowire to develop passive smartphone health monitoring, predictive analytics

April 18, 2018 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2018/04/washfigure2.jpg” thumb_width=”250″ /]Truly unobtrusive health monitoring on the horizon? The Defense Advanced Research Projects Agency (DARPA) has contracted with cybersecurity firm Kryptowire to develop a health monitoring and analytics app to assess the health and readiness of warfighters (to us civilians–soldiers, sailors, airmen, and Marines) especially in the field. The WASH program–Warfighter Analytics using Smartphones for Health–will use the data from smartphone sensors like microphones, cameras, pedometers, thermometers, and accelerometers (see DARPA illustration, left above). Through sensor-based information, physiological and cognitive symptoms can be captured and analyzed.

Based on their information, most of the assessment will be passive rather than actively diagnostic, and with an emphasis on predictive health and a real-time approach to disease detection and biomarker identification. Part of the challenge will be to filter out the ‘noise’–extraneous information also captured by these sensors on a daily and extraordinary basis. Security, of course, is a major concern. (Where better than to award the app development to a cybersecurity company?)

DARPA is fond of commercializing its technologies (remember something called DARPANET?) so this is planned for commercial release in due time. Usage in clinical trials is an area mentioned. One day we may all be wearing smartphones which unobtrusively monitor our health and positive behaviors. (I’ll leave it to our Readers to say Yay or Nay to this notion.)

The award is for $5.1 million. A development timeframe is not mentioned. Business Wire, DARPA WASH page, HealthcareITNews, Daily Mail (which amusingly tries to paint this as a spy program through an ACLU representative quote).

MediBioSense and Blue Cedar take a new approach to secure medical wearable data (UK/US)

January 23, 2018 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2018/01/VitalPatch_Header_Photo_Tablet.jpg” thumb_width=”150″ /]Doncaster UK-based MediBioSense Ltd. has partnered with San Francisco-based Blue Cedar to protect their VitalPatch app on smartphones and tablets. MediBioSense uses VitalPatch in their MBS HealthStream system marketed in the UK in acute care and long-term care setting. Blue Cedar is securing the app through their patented code-injected technology which protects the VitalPatch-collected data from the app to the provider database. The system with Blue Cedar’s security is available directly from MediBioSense.

VitalPatch is a single-use adhesive biosensor patch applied to the patient’s chest (see left above). It monitors eight vital signs and activity signs: heart rate, respiration, ECG, heart rate variability, temperature, body posture including fall detection/severity, and steps as an indicator of activity. MediBioSense contracted with the US-based developer, VitalConnect, to sell the system in the UK. VitalPatch is US FDA-cleared (Class II) and CE Marked for the EU.

One impetus, according to the release (PDF), is the GDPR (General Data Protection Regulation), the pan-European/UK data-protection law slated to take effect in May. This not only applies to European Union citizens’ personal data but also requires reports on how organizations safeguard that data. 

Blue Cedar, which this Editor has previously profiled [TTA 3 May 17], has developed code-injection technology that secures data from the app to the provider location on their servers or in the cloud. It secures the app without the device being managed. Devices have their own vulnerabilities when it comes to apps even when secured, as 84 percent of cyberattacks happen at the application layer (SAP). Blue Cedar’s security also enables tap-and-go from an icon versus multiple security entries, thus quick downloading from app stores or websites. For companies, the secured app provides granular analytic reports about users, app usage, devices, and operating systems which are useful for GDPR requirements.

Blue Cedar’s latest release of app security is Enforce, to secure existing mobile apps using in-app embedded controls to enforce a broad range of security policies. It is sold on the Microsoft Azure cloud platform and is primarily targeted to the value-added reseller (VAR) market. 

All the more reason to use all means to secure devices and apps. When as of last week Allscripts‘ EHR for e-prescribing was hit with a ransomware attack (FierceHealthcare), yet another hospital (Hancock Regional in Indianapolis) paid $5,000 to hackers to get back online (Digital Health), and Protenus/DataBreaches.net tracks a breach a day [TTA 29 Dec 17], cybersecurity has become Job #1 for anyone in the healthcare field. (And Big Healthcare now votes for security. Protenus today announced their $11 million Series B led by Kaiser Permanente Ventures and F-Prime Capital Partners. Release.)

Ericsson report: will 5G close the healthcare gap from hospitals into the home?

June 13, 2017 | by

Ericsson, one of Europe’s leading telecom companies, earlier this month published its latest ConsumerLab report, “From Healthcare to Homecare” on the next generation of healthcare enabled by the greater speed and security of 5G–the fifth generation of wireless mobile. Their key findings among consumers and industry decision makers contained surprises:

  • Growing frustration with hospital wait times. 39 percent prefer an online consult with a doctor versus waiting for the face-to-face.
  • Wearables are perceived as better ways to monitor and even administer medication for chronic conditions–nearly two in three consumers want them. But medical grade wearables will be required.
    • Yet the current state doesn’t lend itself to these wishes. “55 percent of healthcare decision makers from regulatory bodies say these devices are not sufficiently accurate or reliable for diagnosis. In addition, for liability reasons it will be very difficult to rely on patients’ smartphones for connectivity….medical-grade wearables will be required. Such devices could also automatically dispense medicine and offer convenience to those recovering from surgery.”
  • +/- 60 percent of surveyed consumers believe that wearables will improve lifestyles, provide personalized care, and put people in control of their own health.
  • There’s real security concerns that 5G is expected to access: “61 percent of consumers say remote robotic surgery is risky as it relies on the internet….47 percent of telecom decision makers say that secure access to an online central repository [of medical records] is a key challenge and expect 5G to address this.” Surprisingly, only 46 percent of cross-industry decision makers consider data security to be an issue. Battery power is also a significant concern for over half in wearables, a problem that over 40 percent will be helped by 5G.
  • Even more surprising is the lack of desire for consumer access to their medical records–only 35 percent of consumers believe that it will help them easily manage the quality and efficiency of their care. In contrast, 45 percent of cross-industry experts consider the central repository as a breakthrough in healthcare provisioning.

Decentralizing care into the home is seen as worthwhile by a majority of industry decision makers 

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/06/healthcare-to-homecare-fig3_rgb.jpg” thumb_width=”250″ /] (more…)

HealthIMPACT East Monday 5 June (NYC)

May 31, 2017 | by

HealthIMPACT East
Monday, 5 June, Union League Club, New York, NY

The HealthIMPACT series of mainly single-day events on health tech/HIT’s effect on healthcare now covers several major cities in the US. What this Editor likes about them is that they compress a great deal of information in a single day, with well-presented, relaxed panel discussions with top executives and figures in the industry. They are also held in interesting venues like the Union League Club in NYC. HealthIMPACT East is co-produced with NODE Health. This fifth annual meeting will focus on evidence-based digital health, healthcare innovations, cybersecurity, and how to achieve value-based care. Speakers are from academic and provider organizations like Yale University, Jefferson Health, Mount Sinai, Northwell Health, PCHAlliance, New York-Presbyterian, NJIT, and Partnership Fund for NYC, Panels are being hosted this year by former colleagues from Health 2.0 NYC Megan Antonelli of Purpose Events and “The Healthcare IT Guy” Shahid Shah. It’s not too late to register for this full day, including breakfast, lunch, and cocktail reception, here. TTA is a media partner for HealthIMPACT East.

Updated 15 May: 20% of NHS organizations hit by WannaCry, spread halted, hackers hunted

May 15, 2017 | by

Updated 15 May: According to the Independent, 1 of 5 or 20 percent of NHS trusts, or ‘dozens’, have been hit by the WannaCry malware, with six still down 24 hours later. NHS is not referring to numbers, but here is their updated bulletin and if you are an NHS organization, yesterday’s guidance is a mandatory read. If you have been following this, over the weekend a British specialist known by his/her handle MalwareTech, tweeting as @malwaretechblog, registered a nonsensical domain name which he found was the stop button for the malware as designed into the program, with the help of Proofpoint’s Darien Huss.

It looks as if the Pac-Man march is over. Over the weekend, a British specialist known as MalwareTech, tweeting as @malwaretechblog, registered a nonsensical domain name which he found was the stop button for the malware, with the help of Proofpoint’s Darien Huss. It was a kill switch designed into the program. The Guardian tagged as MalwareTech a “22-year-old from southwest England who works for Kryptos logic, an LA-based threat intelligence company.”

Political fallout: The Home Secretary Amber Rudd is being scored for an apparent cluelessness and ‘wild complacency’ over cybersecurity. There are no reported statements from Health Secretary Jeremy Hunt. From the Independent: “Patrick French, a consultant physician and chairman of the Holborn and St Pancras Constituency Labour Party in London, tweeted: “Amber Rudd is wildly complacent and there’s silence from Jeremy Hunt. Perhaps an NHS with no money can’t prioritise cyber security!” Pass the Panadol!

Previously: NHS Digital on its website reported (12 May) that 16 NHS organizations have been hacked and attacked by ransomware. Preliminary investigation indicates that it is Wanna Decryptor a/k/a WannaCry. In its statement, ‘NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.’ Healthcare IT News

According to cybersecurity site Krebs on Security, (more…)

Thinking about a location for your health tech startup? Consider…’virtual’ Estonia!

May 9, 2017 | by

‘Extreme digital living’ is the norm in the Baltic country of Estonia, which rebuilt itself from the ground up after the formal dissolution of the Soviet Union (and each citizen receiving a distribution of €10) to one of the most advanced online-only countries in the world, far ahead of the US, the UK, and the rest of the EU. Internet access is by law a basic human right in Estonia. Digital signatures are equal in every way to paper signatures, except for marriage and divorce (a nostalgic touch). Everyday living is paperless and programming is taught in early grades. Live in picturesque Tallinn and need a delivery? It may come to your door via Starship robot, founded by one of the former Skype team. (Did you know that former Skypers have funded much of the Estonian tech and investment boom?) They take data security seriously with the Russian Bear growling (and hacking) on the border, so they created a NATO-accredited cyberdefense center in Tallinn and a whole country backup in a Luxembourg ‘data embassy’. Blockchain is a large part of this–and the government is working on using it for mapping the genome data of its 1.3 million citizens and sell it (deidentified) to precision medicine researchers.

So if you are a US, UK, EU, or even Australian-based developer, or already have a small tech company, why is this of interest? Estonia has opened a door for foreigners that is a most attractive one–virtual residency, no matter where you live. Once you’re an e-resident, simply register your company (online of course) and pay a fee of €145. You now can do business in euros–and fully access the EU. Most companies pay monthly administrative and accounting fees in Estonia, providing the country with income. About 1,400 companies have taken advantage of e-residency. It isn’t a tax haven, but if you do have income in Estonia, their corporate taxes are low–20 percent, compared to 19 percent for the UK, 30 percent for Australia, and a shattering 39 percent for the US (at present). Trading Economics And there is that tech and digital-savvy workforce as an additional incentive. Is This Tiny European Nation a Preview of Our Tech Future? (FortuneHat tip to TTA Founder Steve Hards

Blue Cedar releases new security for health apps, built into the app

May 3, 2017 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/05/Blue-Cedar-Logo-Asset-1@3x-100.jpg” thumb_width=”150″ /]For healthcare organizations, device and app developers, one stumbling block for apps has been securing data. The endpoint for security has been to secure and manage the device, which constrains widespread BYOD use and convenient downloading. What if, instead, the apps and the data on them were secured without needing to further secure the device? This is what Blue Cedar, a mobile security developer, has done with what they call a mobile device management (MDM) alternative, with security ‘baked into the app”.

One of their first for the new platform is MedStar Health, the largest healthcare provider in the Maryland and Washington, DC region. Blue Cedar’s MDM enabled them to secure their mobile app for clinicians that contained protected patient information (PHI) yet run securely on personal mobile devices.

Blue Cedar’s Chief Product Officer, Chris Ford, spoke with this Editor and explained that their new platform (V3.14) works through injecting a security code in the mobile app, which enforces policy on encryption and use. Their Enterprise Mobility Management (EMM) can now incorporate support for secure apps on unmanaged devices, security and connectivity for VoIP-based apps, and enforcement of granular controls for HTTP-based apps. This and other features of the new platform will permit healthcare app developers to distribute apps through sites like the Apple Store or Google Play and “trust functionality” that allows control of data sharing between apps on the same device.

Blue Cedar spun off last year from IoT security company Mocana, founded in 2002, and now has over 150 customers in multiple verticals. They believe their MDM alternative is ideal for healthcare organizations and health app/wearable developers, recently adding representation in the UK and Europe. Release (PDF)

Why hackers feel the $$ love for healthcare: Brookings study

July 13, 2016 | by

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]It’s the information, silly! A recent study by the Center for Technology Innovation at the Brookings Institution tells us what we already know: healthcare organizations hold high-value information electronically, and because they haven’t invested equally in cybersecurity, it’s all vulnerable. When those nifty EHRs hold names, dates of birth, addresses, Social Security numbers and health histories, they are eminently salable. What’s new here is that the vulnerability increases due to factors not based on security, but on legal and data exchange requirements:

  • Data sharing and accessing
  • Length of storage to comply with regulations
  • The size of the records–the more information they hold, the more vulnerable

Lay on top of this ransomware.

The worst threat is not the hacker in a Bulgarian basement, but what is termed ‘state actors’ who want health information for a variety of reasons. They may be compiling a big database:”…a dossier of individuals that they could use for social engineering for future attacks”–such as sending phishing emails to government employees with specific, accurate information that when opened, infect their computers with malware for another purpose. Some solutions presented are using an outside cloud storage provider; using blockchain, which requires both public and private encryption keys; intrusion-detection systems (IDS) and security information and event management (SIEM) software. CSO, Brookings report (28 pages)

Hospitals should ‘wash their hands’ of older medical devices, OS: expert

December 5, 2015 | by

Our Readers are likely well aware that older medical devices may present a Hacker’s Holiday, but putting a very fine point on it was Kevin Fu, associate professor of electrical engineering and computer science at University of Michigan, speaking at a Healthcare IT News healthcare cybersecurity forum this week in Boston. Mr Fu pointed out that many hospitals are actively using old devices and old PC systems; one local hospital had 600 supposedly unpatched Windows XP (!) boxes deployed. Older medical devices were not designed with security in mind, which he likens to basic sanitation:

“If you’re using this old software, these old operating systems, you’re vulnerable to all that malware – that garden-variety malware – that has been out in the wild for more than 10 years.” and “This is not rocket science; this is basic hygiene. This is forgetting to wash your hands before going into the operating room. Here we have medical devices where, if malware gets through the perimeter, there is very little defense.”

The press has been concentrating on the big breaches and external hacking (they do make good copy–Ed.), and we’ve expended a lot of air on things like the EHR Wars, but the real threats are more mundane, as Ponemon and others in the field have warned for years. Software updates and infected USB flash drives can spread malware. A vendor can be a regular Typhoid Mary unintentionally corrupting systems and devices down the line.  (more…)