Through the partnership, Securlinx and REMTCS will join forces to solve critical security challenges for companies. Securlinx will provide a “whitelist” and enterprise-wide authentication of trusted users outside the customer’s firewall, while REMTCS will provide superior protection against threats inside the firewall by killing viruses and “blacklisting” sites circulating malware. Both companies will also help protect clients against ransomware attacks. The software offerings of both companies are fully integrated to work in conjunction with each other.
“We discovered exposed medical systems — including those that store medical-related images, healthcare software interfaces, and even misconfigured hospital networks — which should not be viewable publicly. While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices and systems can potentially be used by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, and so on. Furthermore, it shows that a massive amount of sensitive information is publicly available when they shouldn’t be.”
The article linked above and the companion Trend Micro blog post, along with the entire 61 page pdf report (available here) do a really good job of covering the range of threats confronting healthcare networks today.
The internet of things (IoT) offers so much of benefit — remote monitoring, diagnosis, collaboration, home healthcare, devices, etc. — to healthcare providers and patients that it is inconceivable that it will be abandoned. There are, however, significant privacy and health outcome risks associated with putting practically every software application, sensor, device and record within reach of the internet.
How large healthcare providers harness the IoT for better care delivery while minimizing the associated risks will go a long way toward sorting out the winners and losers in the business of healthcare.
Cyber security, identity assurance, and training are of critical importance if the promise of the healthcare IoT is to be kept for healthcare providers and patients alike.
“Using National Cancer Institute survey data, the study found that 52 percent of US citizens were offered access to an online medical record by a healthcare provider or insurer in 2017, up from 42 percent in 2014. Of those who were offered access, 53 percent viewed their records at least once in the past year.
However, of the individuals offered access to online medical record, one-quarter did not access that information because of privacy/security concerns.”
So, is it fair to imply that up to 25% more patients would access their online health record if they were more confident in the security of their access to it?
“Physical, sensing, actuating, computing and other security access control systems — including the spectrum of biometric usage such as biometric access and security systems; door, parking facilities, elevators, communication facilities, and rooms; occupant interface dashboards; and universal control and monitoring systems — are among the issues discussed in the recently released National Institute of Standards and Technology’s (NIST) Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT), prepared by the Interagency International Cybersecurity Standardization Working Group.”
Securlinx CEO Barry Hodge noted this morning:
IdentiTrac is the Securlinx flagship identity assurance platform that supports all of our ID management applications and integrates with users’ existing data infrastructure.
“The global healthcare biometrics market size was valued at USD 2.1 billion in 2016 and is expected to witness a CAGR of 24.2% over the forecast period. The major driving parameters attributing to the growth of this market are rising healthcare IT application combined with increasing awareness and demand for cyber security and biometric development catering to the healthcare facilities.”
Facial recognition tech moves from smartphones to the boardroom (Computerworld)
“With the release of Apple’s iPhone X and its Face ID feature, facial recognition technology has become more mainstream – and it’s already being piloted by some government agencies and commercial airlines as a friction-free security measure.”
Craig Workinger, Executive Vice President and General Manager of Securlinx, said: “Healthcare institutions at every level are facing significant security challenges and a dizzying array of technologies and partners that often solve one problem only to create new ones. We take a different approach – a system that works with both the customer’s current infrastructure and new applications. We are pleased to be attending IAHSS conference this year and are looking forward to demonstrating our capabilities and the benefits we offer healthcare organizations.”
“Imagine it is 2030 and you are a U.S. government employee working from home. With the assistance of the latest technology, you participate in video calls with clients and colleagues, augment your job activities through artificial intelligence and a personal digital assistant, work through collaboration software, and regularly get rated on a one-to-five scale by clients regarding your helpfulness, follow-through, and task completion.”
But it’s not just the government sector. The convergence of cloud, AI, and biometric identity assurance among other emerging technologies like the blockchain will change the way individuals interact with large organizations throughout the economy.
“Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo,” said Peter Tsai, senior technology analyst at Spiceworks. “Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”
It looks like this 2013 post and the paper that informed it are holding up quite well.
In the paper, A Research Agenda Acknowledging the Persistence of Passwords, Cormac Herley and Paul C. van Oorschot write:
“Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats. “
All this is still true. Biometrics, however, can also be used as a way to return the password to the simplicity of the PIN. For example: a fingerprint scan associated with a weak password such as a 4 digit PIN provides far stronger authentication than any password a human could be expected to type. In other words, biometrics can be combined with rudimentary passwords to bring an end to the “password arms race” where the main coping strategy has been longer, more complex and more frequently changing passwords — i.e. the real reasons people tire of the humble workhorse of the ID game. So instead of replacing the password, biometrics might one day be used as a way to salvage what makes it great while minimizing the frustrations associated with over-reliance upon it.
Eric Schmidt, the former executive chairman of Alphabet, delivered a bold vision of the future of health care and technology at HiMMS, urging participants to go immediately to the cloud.
The cloud, he notes, can take in—and provide security for—the large amounts of data being generated from the growing number of new mobile apps and sensors, then integrate and structure this data into an information flow to support the clinician sitting in front of a patient. Through an earbud or mobile phone, the clinician can access potentially life-saving guidance.
But Eric’s comments underscore the big challenge facing the next generation of EHR (Electronic Health Records). EHR has a growing, vast flow of potentially valuable data from broad array of devices and apps. What’s lacking is the means to store it and validate its sources.
Identity authentication across platforms and devices is thus crucial to the next generation of EHR. To be usable, all that data must be tied unequivocally to the individual in front of the clinician. In turn, that means having an integrated, holistic approach to managing identity across all the platforms, apps and sensors.
We are attending the HiMSS annual meeting this week and wanted to share a few observations. It’s a terrific event, and a reminder of how important personal contacts are in an age when we’re on our screens constantly.
Nearly every conversation here includes the issue of how to get data out of isolated, proprietary systems so it can be used more effectively. If data can be collected from many sources, then AI and machine learning tools can be applied to it, looking at both text and images to create a predictive system for clinicians. That offers a real opportunity to improve patient care.
This also seems to be driving talk of partnerships, another hot topic at the conference. People recognize there are lots of technologies trying to solve healthcare’s problems but they approach it in an isolated way. So they are trying to figure out how to make data actionable and link it to what others have. The idea of partnerships is a departure for big industry players who’ve mostly taken a go-it-alone approach in the past.
Interoperability is also getting a lot of buzz at HiMSS. Most people focus on its technological aspect but that’s only half the challenge. The other is culture.
From a technology perspective, there are lots of vendors battling for market share and holding on to data as part of their competitive strategy. But that’s running up against consumer behavior. People today get their health care from a variety of places – hospitals, outpatient centers, specialized clinics, even their home – and they are increasingly shopping around. Inevitably, they wind up in separate health systems, and none of them speak to each other. So the challenge is to get the data up a level so that it’s accessible to their doctor no matter where they go.
There are technologies that can do that, and more. But change is slow, and that’s where culture comes in. Many healthcare organizations are reluctant to change. Some still use fax machines and paper records. They want to be more efficient but are slow to embrace the technology that can help them get there. Of course, adoption has been the challenge for every technology innovation, from PCs to cell phones. Healthcare tech is no different.
I’ve been attending HiMSS for more than 15 years (do I get an award for that?), and every year I see a few things that surprise me. That’s what keeps it interesting.
One surprise is the number of vendors who claim to have a patient identity solution when what they actually do is patient identity for one specific application, like labs or payments. They don’t provide that identity outside of their system. There’s almost no one addressing the need for a universal identity repository – a database that would handle identity authentication for multiple applications. (That’s what Securlinx offers, and that’s why we are excited about the opportunities we are seeing to help healthcare organizations.)
The other surprise is the absence of the insurance industry. The major insurers are a huge part of healthcare, involved in everything from procedures and protocols to reimbursements and record-keeping. And they see how much money is lost every year from errors and fraud. Yet hey don’t have a presence here and don’t seem to collaborate with other organizations much right now. That will change, though. Collaborating to reduce costs and improve care would be a natural focus for them, not to mention a great marketing message. Insurers are a key component in all this.
Securlinx has a presence at the Healthcare Information and Management Systems Society (HiMSS) Conference currently underway in Las Vegas.
Our own Craig Workinger (LinkedIn, Twitter) and Securlinx Healthcare Advisory Board member Tom Karson, MD (LinkedIn) have found time to report some of their observations and insights from the conference. I will share what they have to say here as their reports come in.
“The company hasn’t said why residents of the two states can’t use it. One thing both have in common is laws allowing lawsuits for not protecting biometric information. A key difference, however, is any Illinoisan can file a lawsuit, whereas Texas’ attorney general would have to initiate one there. Washington state has a law similar to Texas but users there reportedly are able to access the function.”
“Conducted by AYTM Market Research, the study polled a thousand Canadian adults toward the end of last autumn. Fifty-seven percent of respondents said they were most familiar with fingerprint recognition, and a quarter said they use it regularly. Sixty-nine percent expressed interest in fingerprint-based authentication, and 61 percent reported being interested in using the technology for payments.”
“The crux of the matter, as reported by Tribune newspaper and corroborated by BuzzFeed News, is that there exists a portal on the Aadhaar website which gives anyone who has the login credentials access to the Aadhaar database. UIDAI says the portal is intended for government officials for addressing grievances such as rectifying spelling mistakes in a person’s name.
But somewhere in the chain, according to media reports, rogue agents have started to sell access to this portal to just anyone.”
It looks like a government employee was selling username/password(s) to access the government database at a fairly low level. It should be pretty easy to figure out who abused their position.
Amazon has filed a patent application for technology that will allow users to authenticate a payment using a photo or video in a seamless way that doesn’t necessarily require passwords.
“The user is identified using image information which is processed utilising facial recognition. The device verifies that the image information corresponds to a living human using one or more human-verification processes,” the patent reads.