© wk1003mike / Shutterstock.com IT & TELEMEDICINE Criminals could target personal medical data The advancing march of electronic technology Managing the risk of cyber crime Intelligent machines have a place in healthcare Report: Marcel Rasch ‘Companies and consumers need to know that there is a thriving global black market in personal informa- tion’, Cobb points out and speci- fies: ‘This includes everything from basic data like name and email address to data such as a Social Security number, date of birth, account passwords, and of course, medical records.’ Criminals steal this data wherever they can. That includes trying to take these data from healthcare organisations often having large databases of personal information. Criminals who steal personal information can sell it on the black market to other criminals who have figured out ways to mon- etise it. ‘They do this through a wide range of fraudulent schemes, many of which involve some sort of iden- tity theft. The result can be anything from your income tax refund being delayed to someone getting medical services in your name’, Cobb states. The risks are many and varied, but Stephen Cobb sees four main categories: Report: Sascha Keutel The Advisory Board Company is a global technology, research and con- sulting firm serving healthcare and higher education. They serve more than 230,000 leaders at 5,200 member organisations, enabling them to ele- vate performance and solve their most pressing problems. The Company pro- vides strategic guidance, actionable insights, cloud-based software solu- tions, and comprehensive implemen- tation and management services. Knowledge modules, speech interfaces, robotics, analytics, and the Internet of Things demonstrate advances in intelligent computing in industries such as transport, retail and financial services. What role do they play in the healthcare indus- try? In his keynote address at the innovation pre-conference workshop at HIMSS 2016, Kenneth Kleinberg, Managing Director for The Advisory Board Company, identified that intel- ligent machines in healthcare ‘include intelligent service assistants, remote patient monitoring systems, intelligent symptom checkers, (semi) autono- mous medical devices, robot hospital or home assistants, and predictive modelling systems’. There are different types of techno- logical approaches used in intelligent computing. For example, constraint- based reasoning is often used for scheduling problems; inference-based systems are used where experts can describe their knowledge in terms of rules but not the specific order that they rules need to ‘fire’ and machine learning and neural networks are often used where past data is available to train a model to produce useful results in new yet similar situations. Kleinberg has categorised six key areas in which intelligent computing are affect the healthcare system and kinds of issues they can address: •Intelligent Information Gathering and Sensing (Internet of Things) - What do we know about the patient and his/her changing environment to aid in his/her health? Example: Humber River Hospital in Toronto, working with CGI and ThoughtWire to help the hospital respond more efficiently to “code blues”. •Intelligent Interaction and Service - How can we communicate with our systems in a more natural man- ner? Example: MD Anderson’s Patient Concierge using technology from Cognitive Scale to assist patients in choosing restaurants and housing. • Intelligent Diagnosis and Care Plans - What’s wrong with the patient and what kind of evolving treat- ment plan would be most effective? Example: Modernising Medicine using technology from IBM Watson to assist in diagnosis. •Intelligent Medical Devices - How can we automate and adjust medical devices to be more real-time, accurate, and responsive? Example: Johnson & Johnson’s Sedasys for automated anaesthesiology. •Robotics - What roles can robots take to assist with the mundane, dan- gerous, or complex jobs of humans? Example: University of California San Francisco Mission Bay, the use of TUG Robots by Aethon to deliver supplies throughout the hospital. • Advanced Business Intelligence/ Analytics - What can we learn from our data, and how can we predict future states and act on that knowledge? Example: Ayasdi use of Topological Data Maps at Mt Sinai to identify dif- ferent types of Diabetes. ‘These types of intelligent systems will examine large and varied sources of information, search literature, direct questions and information retrieval, provide ranked options and alterna- tives for providers to consider, pre- dict outcomes, adjust with new data, and reduce and eliminate unnecessary workflow steps,’ Kleinberg explains. Thus there is no doubt that those intelligent machines will transform diagnosis, treatment and workflow for patient care. However, do they have the potential to affect the health- care industry? Kleinberg is positive: ‘Absolutely – there are many tasks from the simplest to the most complex that can potentially be done more accurately, efficiently and rapidly than by poorly trained, overworked, or overwhelmed healthcare workers and providers. So, whilst intelligent systems could have an impact on healthcare, could they present a risk for patients? Kleinberg is cautious: ‘They can be dangerous if not properly configured, “trained”, monitored, and kept up to date. Training involves adapting the model to produce correct answers by showing the model combinations of correct situation/response pairings. Closed loop systems are especially risky and require considerable testing and often regulatory approvals.’ • Some risks have monetary impact, such as losing money by fraudulent bank transfers made using stolen credentials. • Health risks can arise if medical data is abused to obtain medi- cations or procedures. • The organisation from which data was stolen risks a damaged reputation. • Trust in technology will be eroded by criminal activity, undermining the great potential of digital technology to improve healthcare delivery. How can we prevent those risks? There are well-documented security practices that can greatly improve an organisation’s resistance to attacks by cybercriminals. These start with data mapping and risk analysis, in which all the personal informa- tion handled by the organisation is identified and the potential threats to that data are evaluated. ‘After documenting the risks an organisa- tion can plan how it will mitigate them through security measures’, the expert explains. ‘Low probabil- ity risks might be accepted, while high impact risks might be trans- ferred through cyber risk insur- ance.’ A weak spot in this process is the underestimation of the level of certain risks, particularly new and emerging risks. Thus a regular update of the risk analysis is indis- pensable. Cobb: ‘It should be noted that, whilst there is a high level of interest in, and concern about, complex new security vulnerabilities, many secu- rity breaches come about because basic security measures were not correctly, or not uniformly, applied. More than one major breach has been announced as “a sophisticated nation state attack”, but later found to be much more mundane in origin and execution.’ Who is responsible in a case of abused data? There are often multiple parties and different levels of responsibility involved in data handling. A hospital may collect and store information about a patient, but send some of that data to a billing company, which then shares it with an insur- ance company. ‘If criminals break into a hospital’s network and steal data then the hospital is responsi- ble, even if it has outsourced its data processing,’ Cobb points out. This is important when consid- ering the risks in cloud comput- ing. ‘However, the data processor may also be held responsible,’ Cobb adds. If personal information, or a medical record, is stolen from an insurance company that is process- ing a claim, then that insurance company is responsible. This shows that data security is an important topic that involves every organisa- tion dealing with personal data. ‘In other words, you cannot outsource responsibility,’ Cobb concludes, and is apprehensive. ‘I worry that the level of criminal activity targeting personal data will erode trust in digital technologies, although these have great potential to improve quality of life and living standards around the world.’ Now more than ever we need to manage the risks in an appropriate way as we move forward with new technologies. an important feature to ensure that the prescribed medication is admin- istered to the right patient. The Myco works well in a shared Wi-Fi environment and has an interface permitting fast roaming, which ena- bles non-interrupted calls for users moving across different wards while on the phone. Outlook − A prophet has no honour in his own country This prestigious win further strength- ens Ascom’s market standing. The vendor aims to ‘be present in every tier-one hospital in the world by 2020’. Although Ascom is a force to be reckoned with in North America and parts of Europe – mainly the Netherlands, Sweden, Finland and Norway – it will take more orders in leading hospitals to achieve its goal. Ascom particularly wishes to expand its presence in its home market Switzerland, as well as in Germany, the Middle East, Africa and Asia. Cybercrime cases grow annually, which demonstrates the possibility, not only for banks or companies, but also for insurers, because criminals also steal data and whole databanks containing private information. At this years’ HIMSS conference in Las Vegas, Stephen Cobb, Senior Security Researcher at ESET North America, spoke of the growing risk and the need to manage health IT security risks Stephen Cobb has spent 25 years on computer security and data privacy researchas well as advising firms, consumers and government agencies on sensitive data and systems protection. He qualified as a Certified Information Systems Security Professional (CISSP) in 1996 and currently leads a San Diego-based research team for security software maker ESET. He is also studying for his MSc degree in criminology at the University of Leicester in England. As Managing Director for the Advisory Board Company, Kenneth Kleinberg, specialises in helping healthcare stakeholders in the US and abroad with IT strategy, including EHRs, HIE, and mobile computing. Kleinberg holds a BSc in biology from The State University of NY at Albany and an MA in neuropsychology from Queens College in New York. He is a HIMSS Fellow and is currently serving on the Connected Patient Committee. The new Humber River Hospital officially opened in October 2015 25 www.healthcare-in-europe.com