The Maturity Paradigm

In healthcare we have an insatiable appetite to adopt new technology

Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

The Evolution of Healthcare

richard staynings HIMSS Eurasia
The author presents to the HIMSS19 Eurasia Health IT Conference and Exhibition in Istanbul, Turkey

Healthcare has been transformed over the past century from a largely palliative care delivery model for the sick and dying to an advanced technology-infused and increasingly digitized integrated healthcare delivery model. Technology has fueled massive improvements in patient outcomes. It has enabled us to improve the human condition, to beat diseases that used to ravage families and communities, and to live longer and better than ever before. This was the subject of my presentation today at the HIMSS19 Eurasia Conference held in Istanbul, Turkey.

Increasing use of artificial intelligence and personalized genomic medicines will continue to push the boundaries of care forward in a highly positive way. But digitization comes at a cost, and that cost is in the form of new cybersecurity risks to the confidentiality, integrity, and availability of personal health data and the IT systems that are relied upon to provide care to patients. In fact, in today’s healthcare delivery model, clinicians would find it extremely difficult to maintain the current levels of patient care if health IT systems—and increasingly healthcare IoT—are not available to diagnose, treat, manage, and monitor patients.

Ömer Fatih Sayan, Richard Staynings, Ömer Abdullah Karagözoğlu, Mette Harbo, Dr. Mehmet Bedii Kaya
The author between the Turkish Minister for Communications and the Deputy Minister for Healthcare
L->R: Ömer Fatih Sayan, Richard Staynings, Ömer Abdullah Karagözoğlu, Mette Harbo, Dr. Mehmet Bedii Kaya.

The number of connected IoT systems surpassed the global human population sometime around 2007-2008. Today, there are in excess of 20 billion IoT devices connected to the Internet, and most have little to no security designed into them at all! Estimates suggest that by 2050 there will be in excess of 1 trillion connected devices—many of them employed in healthcare.

With so many endpoints in our hospitals and clinics, how do we even go about tackling this expanded threat landscape? A good start is adopting a risk-based approach to healthcare security.

You can’t assess what you don’t know about, and with such a large number of medical devices and other HIoT systems used across healthcare, identifying even a basic inventory of IoT assets is an almost impossible manual task given the ever-changing number of connected devices.


That’s where tools like Cylera's MedCommand™ platform come in.

Cylera's MedCommand™ platform will identify HIoT assets, perform a full risk analysis of each device and device type, profile the legitimate traffic patterns of each device type for zero-trust security controls, alert on any anomalous traffic detected outside of legitimate traffic patterns, and even automatically remediate discovered risks with compensating security controls via a hospital’s existing network access control and/or firewall technology.

richard staynings & Timur Timur Ozekcin, HIMSS Eurasia
Cylera's Richard Staynings and Timur Ozekcin
Cylera is proud to be a sponsor of the HIMSS Eurasia 19 Conference

Presenting Cybersecurity to the Board

don't speak geek to the board
Don’t speak "geek" to the Board or you will receive a cool reception





At some point in our careers, many of us will be called upon to present to the board of directors. This could be to report the findings of an audit, compliance, or risk assessment. It could be to provide an annual or quarterly update on ‘the state of the union.’ It could be to report a recent incident. Or it could be to request support for a new initiative.

Whatever the case, presenting to the board is no straight-forward task—and newbies would be well advised to thoroughly prepare for this kind of appearance, which differs greatly from meetings with the C-Suite, peers, auditors, consultants, and technology professionals.

Board members are elected or appointed by a corporation’s shareholders to represent shareholder interests and to ensure that the company's management acts on their behalf. A board's mandate is to establish policies for corporate management and oversight, making decisions on major company issues. Every public company must have a board of directors, and in healthcare—regardless of whether that health system is "for-profit" or "not-for-profit"—boards almost always govern and provide oversight to the C-Suite.

Hospital board members are drawn from shareholders, investors, independent industry, and cross-industry experts, and often include academics and notable physicians. Overall, they are business people and know how to run a business. Most don’t understand or speak technology—they are from business/finance/physician backgrounds after all. And almost none will speak or comprehend "cybersecurity". In fact, some might even have a difficult time spelling it! They do, however, understand business enterprise risk, profit and loss, and cost of risk acceptance, transfer, and remediation.

When addressing the board, CISOs need to speak in the terms and language that board members understand, rather than the language used to report to the CIO or other members of the C-Suite. Failure to do so will result in the message being lost or largely unheard.

Most board members picked up what little they know of cybersecurity from articles they read in the Wall Street Journal and other periodicals. They lack the technology backgrounds and domain expertise to go deep to understand the technicalities of cybersecurity. So how do you establish a common language and communicate understandable metrics to the board? By translating cybersecurity risks and strategies into business risks and strategies in order to make it relevant to board members. You likely won’t get money for tools to tackle APTs, but you might get money to ensure the business stays up and running following an attack.

Richard Staynings presents to the VA HIMSS Annual Conference
Richard Staynings presents to the VA HIMSS Annual Conference this week


This was the subject of a presentation I gave this week to the Virginia HIMSS Annual Conference in Williamsburg, VA, where 300 or so healthcare leaders from across the region gathered to learn and share best practices on healthcare management, technologies, security, risk, and compliance. And of course to raise money in a day of charity golfing at the beautiful Kingsmill Resort.


So what were some of the takeaways?


Make Cybersecurity Part of Broader Enterprise Risk Management:
Use similar language being used to describe other business risks for how you talk about cybersecurity. Senior executives and boards are very familiar with assessing the probability and negative impact of risks, establishing a risk tolerance level, and developing risk management plans. If you use the same approach and terminology, it will help them to understand the big picture and make more informed decisions about the actions you suggest.


Talk about Program Maturity:
Maturity models are embraced by senior management and the board because they are familiar with them from many other programs, like quality management. Use the same tactics and language to discuss cybersecurity.


People, Process, & Technology:
Help senior management understand that cybersecurity requires the orchestration of people, processes, and technology—and that they have a critical role in it. Security practitioners usually fail by myopically focusing on just technologies and tools.


Establish a Culture of Cybersecurity:
Get everyone on-board with the mission to secure the organization; from the Board and CEO all the way to Interns. Buy-in from department leaders is especially important in order to establish cross-functional support for security initiatives.


Standards and Frameworks:
Aligning the security program with a widely used security standard or framework allows you to benchmark the program against other companies and that standard. Inevitably, senior management is going to ask you, “how are we doing against other companies?” If your program can reference the NIST Cybersecurity Framework, ISO27001, or CIS CSC, you will be able to compare the maturity of your program with a broad, diverse group of companies.


Addressing the Board
  • First impressions count, so dress and act appropriately. That means business formal— better to be over-dressed than under-dressed.
  • Research every board member on LinkedIn or in the press.
  • Get coaching from a board member or the CEO to understand what the board is looking for from you.

Define your Purpose
  • What are you there for? Own it!
  • Be succinct, honest, and direct—Corporate Chieftains don’t suffer fools gladly.
  • Coach members on the basics but don’t treat them as fools—they don’t come from your world but they need to be educated on the basics in order to make informed decisions.
  • Avoid the weeds—focus on the big picture and on business benefits, not security details.

Be Prepared
  • If you are lucky you will get 5 to 8 minutes to make your case—plan and use the time wisely.
  • Talk to the CEO or other executives beforehand to ask for tips and advice.
  • Understand the CEOs broader agenda so you don't accidentally scuttle the big boss and do yourself out of a job at the same time.
  • Prepare a well written brief and have the CEO’s admin print and bind copies ready for the meeting.
  • Use maturity models and frameworks. This is what board members want to see. This is how they think!
  • Understand how the company compares to others. Saying that something is simply a "best practice" won’t win you support.
  • Anticipate questions—you’ll get lots. Be prepared with smoothly delivered confident answers.
  • Be prepared for politics! Boards have their feuds and sub-agendas - try and see through the fog of war.

Be Strategic
  • Boards are strategic, not tactical—so stay out of the details. That’s for the C-Suite to understand.
  • Find metrics that tie into your mission for compliance, patient safety, up-time/availability, etc.
  • Talk about reputation—it’s the board’s responsibility to protect it.

Avoid Surprises
  • Boards hate surprises, so provide a pre-brief before the meeting to help them adjust to new information—especially if its bad information.
  • If you do need to report a breach, focus your time on what you are doing and will do to mitigate or clean up from the attack.
  • Keep things high-level and strategic—and above all business-focused.
  • Avoid talking about specific technology, types of attacks, and especially acronyms which board member won't remember or understand.

End Result
At the end of the day, the board needs to feel confident that you as the CISO know what you are doing, and that the organization is in good hands. Presenting to the board is as much about you building your reputation with them, as it is about your program gaining the active support and sponsorship it needs in order to be successful in protecting the company.

 

HIMSS AsiaPac19 Livestream

richard staynings HIMSS TV interview, HIMSS AsiaPac 2019
Livestream from HIMSS AsiaPac19
Offensive Artificial Intelligence (OAI) will radically change how healthcare needs to defend itself from cyber attack and require a new approach to defense using Defensive AI tools (Defensive AI). As an industry we need to start preparing for this. This and other warnings in a live-stream from HIMSS AsiaPac19.




See also The Impact of AI and HIoT Related Threats from the HIMSS Show Daily

See also AI Will Radically Change Healthcare Security my keynote from HIMSS AsiaPac19


AI Will Radically Change Healthcare Security


The massive recent growth in cyber-attacks has become a huge concern for just about everyone all around the world. This includes individuals, business, industry, and governments. Most alarmingly this also seems to include a myriad of critical infrastructure services like healthcare which is firmly in the cross-hairs of perpetrators. Healthcare presents an easy and lucrative target for cyber-attackers for the value of PII, PHI and IP but also, for the extortion value of holding sick patients or their medical data to ransom.

The criminal underworld that is behind many of the current cyberattacks is not just highly organized and specialized, its syndicated, heavily networked across geographic and political boundaries and now forms a giant cartel - a criminal underworld of cyber crime, where the buying and selling of exploits, stolen data, and the laundering of dirty money is as business-like as the 24/7 customer service these groups provide to victims.
 
Just as South American drug lords dominate the manufacture and supply of illegal narcotics sold in the United States, the Russian Mafia and its off-shoots dominate the cyber criminal theft and extortion racket that attacks the United States, Europe and Asia. Thanks to their location in the former USSR  which lacks extradition treaties with the rest of the world, most of these perpetrators are immune from prosecution in the countries where they inflict damage. Their locations also typically lack robust local or national law enforcement, and police officers can be easily paid off to look the other way. In other words cyber criminals can act and ply their trade with impunity unlikely ever to be brought to justice. 
 
Then there are the nation-state actors, who have vast units of military intelligence cyber operatives used to attack and weaken other countries for political and economic advantage. They often push up against the boundaries of acceptability and cyber war, carefully calculating that their actions will not cause a kinetic, or major economic or diplomatic response from those attacked and injured. China leads the ranks with hundreds of thousands of PLA cyber warriors, while the Russian GRU, and FSB, are not far behind. Not without mention are also Iranian state actors or groups operating out of China on behalf of the Kim dynastic regime of North Korea.

Together, these nation states, their proxies and plain and simple opportunistic criminal cartels present a formidable foe for anyone defending a government, a nation's critical infrastructure services or any business. But cyber-attacks are increasingly becoming automated using AI to get past cyber defenses by removing the human constraint factor that causes an attacker to pause for consideration. ‘Offensive AI’ mutates itself as it learns about its environment to stealthily mimic humans to avoid detection. It is the new cyber offensive weapon of choice and will automate responses to defensive measures rather like playing chess with a computer – it learns as it goes! Anyone who has seen the movie 'War Games' a 1983 American Cold War science fiction techno-thriller, will soon realize that this assumed intelligence can be dangerous, as computers lack human reasoning, empathy or broader understanding and could easily take an attack too far.


The author presenting how AI will radically change healthcare security at the HIMSS AsiaPac19 
Annual Conference in Bangkok, Thailand.

 

Deepfakes

We are all used to critically evaluating an image to look for the tale-tale signs of photoshopping or other image manipulation before believing what we see. The same is true for audio recordings – was that really the President saying that or was it an impersonator? What we are not used to is video manipulation – this is new territory for our brains to critically process and evaluate for truth and accuracy. AI is increasingly being used in sophisticated technology to create ‘deepfakes’ where a face is superimposed on someone else’s body or the entire video is computer generated.

Deepfakes

Data Integrity

AI’s intent is not just to steal information but to change it in such a way that integrity checking will be difficult if not impossible. Did a physician really update a patient’s medical record or did ‘Offensive AI’? Can a doctor or nurse trust the validity of the electronic health information presented to them? Ransom of patient lives may not be too far away – especially at times of heightened global tensions.

Defensive AI

But AI is already being used very effectively for cyber defense across healthcare and other industries. Advanced malware protection that inoculates the LAN and responds in nano-seconds to anomalous behavior patterns. Biomedical security tools that use AI to constantly manage and secure the rising number of healthcare IoT devices as they connect and disconnect from hospital networks. AI-powered attacks will outpace human response teams and outwit current legacy-based defenses. ‘Defensive AI’ is not merely a technological advantage in fighting cyber-attacks, but a vital ally on this new battlefield and the only way to protect patients from the cyber criminals of the future. 

More Resources

See also The Impact of AI and HIoT Related Threats from the HIMSS Show Daily

See also my LiveStream TV Interview from HIMSS AsiaPac19





The impact of AI & HIoT related threats and recommended approaches

An interview with Richard Staynings, Chief Security Strategist at Cylera at the HIMSS AsiaPac 19 conference in Bangkok, Thailand.


The following article first appeared in the Show Daily of the HIMSS AsiaPac19 conference

Currently leading healthcare security strategy at Cylera, a biomedical HIoT security startup, Richard Staynings has more than two decades of experience in both cybersecurity leadership and client consulting in healthcare. Last year, he served on the Committee of Inquiry into the SingHealth breach as an expert witness in Singapore. He recently spoke to Healthcare IT News on some of the current developments in healthcare cybersecurity.

Sections:

  1. AI
  2. IoT
  3. Keeping Abreast
  4. Resources
 
 

 Q. Artificial Intelligence (AI) applications in healthcare are all the rage now, and so are cybersecurity threats, given the frequency and intensity of healthcare-related incidents. In particular, some of the cyber-attacks have become more sophisticated through the use of AI to get past cyber defenses. On the medical devices front, AI is also being used to constantly manage and secure the rising number of healthcare IoT devices as they connect and disconnect from hospital networks. How do you think the application of AI in healthcare cybersecurity will be like in the next few years?


A. Healthcare is widely considered to be an easy and soft target because “who in their right mind would attack the weak and defenseless?” …. or so the thought goes! The fact is that healthcare presents a rich target for cyber criminals because of the value of the data hosted and processed. When you couple that with a chronic historic under-investment in the development of capable cybersecurity teams and tools across healthcare, you can see why perpetrators are so keen to break in. But it’s no longer the theft of medical records, or PII that concerns me, it’s the wholesale theft of intellectual property from research universities and pharmaceuticals by outlaw nation states, (one in particular) and the potential to hold both hospitals and their patients to ransom by just about anyone - that’s what really worries me most.

I believe we are on the cusp of an AI arms race. Attackers are busy designing new attack vectors and methods to get by cyber defenses that heavily leverage AI and ML (machine learning). Advanced persistent threats (APTs) that hide unnoticed on the network for years sometimes, while gathering vital information and gradually expanding their footprint till they own the entire network, just as the attack on SingHealth in 2017 demonstrated. AI that perfectly emulates the normal acceptable behavior of users and systems on the network and as such goes undetected by even the best cyber defenses. AI that knows when someone of significance is on vacation by their spouse’s Facebook or Instagram posts and can perfectly emulate the exact way that a CEO communicates, in order to seemingly instruct Finance to make payments to an overseas supplier from their yacht on the high seas, well out of cell phone range for any chance of voice verification.

‘Offensive AI’ mutates itself as it learns about its environment to stealthily mimic humans to avoid detection. It is the new cyber offensive weapon of choice and will automate responses to defensive measures rather like playing chess with a computer – it learns as it goes. But increasingly the intent of attacks is not just to steal information but to change it in such a way that integrity checking is impossible. Did a physician really update a patient’s medical record or did ‘Offensive AI’ do it? Can a doctor or nurse trust the validity of the electronic medical information presented to them? This is the new threat and it is best executed by AI.

Did a physician really update a patient’s medical record or did ‘Offensive AI’ do it?

Why would anyone do this? Well, I can think of at least three reasons: Cyber-war, monetary extortion, and as a distraction from even more nefarious attacks against military targets or defense secrets.

AI is already being used very effectively for cyber defense. Advanced malware protection that inoculates the LAN and responds in nano-seconds to anomalous behavior patterns. Biomedical security tools that use AI to constantly manage and secure the rising number of healthcare IoT devices as they connect and disconnect from hospital networks, (just as my company, Cylera makes). AI-powered attacks will outpace human response teams and outwit current legacy-based defenses. ‘Defensive AI’ is not merely a technological advantage in fighting cyber-attacks, but a vital ally on this new battlefield and the only way to protect us all from the cyber criminals of the future.
 
 

Q. You will be conducting a cybersecurity workshop titled “The rising threat of Internet of Things - Everything from Medical Devices to Hospital Management Systems” at the upcoming HIMSS AsiaPac19 conference from October 7-10 held in Bangkok Thailand. Could you give us a primer on some of the common IoT-related cybersecurity threats in healthcare?


A. So unlike IT devices, by and large IoT devices can’t be centrally managed, patched, updated, or secured. IoT devices are simple and functional. They open and close a set of elevator doors, and move the elevator car to the desired floor. That’s all they do. They do it well and they do it millions and millions of times during their life spans.

The same is true with medical devices that administer drugs to a patient at a certain flow rate based upon the drug library, report on vital patient statistics like BP, heart rate and O2 saturation, and scan patients for broken bones, tumors, and other ailments. Most were designed at a time long before sophisticated and well-funded nation state cyber criminals, and a time when devices were by and large not connected to the Internet. Now these devices are managed remotely from hundreds of miles away by third party vendors who can do the job better, faster and cheaper than having a number of FTEs on staff locally. Thanks to digitization and inter-connectivity, devices now communicate directly with HIT applications and the EMR – something most older systems were never designed to do. And they certainly were never designed to connect securely. By network-connecting these highly insure devices we have opened Pandora’s box, and the number of network-connected HIoT devices is growing at an exponential rate.

The big question is how do we understand what we have on our networks, assess and quantify their threats and vulnerabilities, and remediate those risks in such a way that patients are not placed at potential harm from attack by medical device. How do we identify when one of these devices is behaving abnormally so we can swap it out before attempting to treat a patient based upon inaccurate data or behaviour? How can we identify when a device has been compromised and is being used to attack the hospital? These are things that physicians, nurses, and biomedical technicians are not currently trained to look for!

The global WannaCry attack, attributed to North Korea, caused a large number of hospitals especially in the UK to have to turn away ambulances and cancel procedures. It was just the tip of the extortionist’s iceberg. Forget the de-encryption of medical records for a Bitcoin fee, just wait till patients in ICU or NICU are held to ransom - maybe by the medical devices attached to them and keeping them alive. Sound far fetched? So did putting a man on the moon in the 1950s!




Q. Cybersecurity is a constantly evolving field these days with the rapid advancement of technologies as well as the increased sophistication of cyber-criminals. How do cybersecurity professionals learn to stay ahead of the curve and keep abreast of the latest developments & training?


A. Many people who remember the 'dot com' era of the late 90s will remember the term 'Internet Year' to describe the rapid pace of change affecting IT at the time. A time where a year’s worth of development would be crammed into a few months. Well in cybersecurity, things change by the week. That includes threats, vulnerabilities, threat-actors, attack-vectors, new offensive and defensive technologies, and even a few advances on the procedural front as we discover better more efficient ways of doing things.

I can’t talk for everyone in my line of work, but I spend a lot of time reading blogs, tweets and other social media posts from experts in the field, as well as a lot of articles from the cybersecurity and industry trade press like Healthcare IT News. I also read more than my share of white papers and academic journals along with the odd book or two. My reading includes developments not just in cybersecurity but also healthcare and other industries which allows me to consider the implications of new non-security technologies and how they might impact cybersecurity and risk one day.

One thing that really concerns me right now is the exponential growth in IoT – everything from network-connected home thermostats, to internet connected refrigerators, connected vehicles, to connected cities where traffic lights are optimized to allow the free passage of emergency vehicles through rush hour traffic and everything else. This is an area I spend a lot of time researching. IoT devices already outnumber the human population of the planet, and by next year there will be in excess of 20 billion network connected devices. Now consider that even a small percentage of these devices might be out to attack you and you can see the magnitude of the problem. The growth of botnets, now far overshadows unpatched Windows machines that have been turned into zombie attack systems by their real owners – the hackers and nation state cyber forces that easily took advantage of weak security and now OWN their user’s online banking information and shady personal photographs. I sometimes think you should be required to pass some sort of drivers test before being allowed to purchase a home computer!

I also consider security and industry conferences to be a great source of vital information. I probably speak at 20+ conferences every year and attend quite a few more on top of that. I always learn something from the discoveries, war stories and experiences shared by other speakers and practitioners in the space. There’s also a lot to be learned by the way healthcare is delivered and secured in different countries even though I work in quite a few. HIMSS, CHIME, AEHIS, H-ISAC, RSA, BlackHat, and KiwiCon currently top my list, as do conferences and summits put on by various publications in the space. They are all good, and if you can spare the time and afford the admission then I find that I always come away with something new as a result.
 

Q. A constant challenge for healthcare organizations is the management of limited resources and budgets for cybersecurity measures, and cybersecurity can often become an after thought. What advice would you give to them in their approach to cybersecurity, particularly in light of their resource constraints?


A. In one sentence? Treat Cybersecurity risk in the same way you treat Patient Safety because the two are inextricably linked in today’s connected digital healthcare environment. Many hospital CEOs, Boards of Directors and Ministers of Health haven’t realized this yet. The sooner they do the better for all of us.

Another piece of free advice for healthcare boards is that healthcare compliance does not equal to security. The industry suffers from a myopic focus upon protecting the confidentiality of patient data, when in fact operational and reputational risks to data integrity and system availability are far more important and potentially damaging. No one is going to die because of a confidentiality breach, they could however easily die as the result of an integrity or availability cyber-attack. The healthcare industry needs to adopt a risk-based approach to security, based upon assets rather than controls or a compliance checklist. Only then, will healthcare boards begin to understand their level of exposure, and feel inclined to do something about it.

In essence we have several giant gaps currently. A gap between the ease of a perpetrator attacking a victim, making lots of money from that attack, then walking away scott-free, versus making cyber-attacks difficult and very costly for the perpetrator – whether that perpetrator is an individual, a criminal group, or a nation state. Its rather akin to the school playground where a bully is beating up and intimidating other kids stealing their lunch money, but the school rules have yet to catch up to outlaw bullying or place CCTV or a teacher in the playground to grab any bullies by the ear and drag them to the Headmaster’s office for punishment and a corrective action plan!

The other gap we have is in resourcing. According to the Cisco Annual Cybersecurity Report, there is a 12x demand over supply for security professionals. We need to train tens of thousands of security analysts, architects, threat analysts and security operations staff for the world of tomorrow. We also need to allocate much greater budgets towards securing the future of our businesses, whether that business is a profit-making enterprise or a public service. This is a simple legal question of negligence in my opinion. If those ultimately responsible choose to ignore or accept a critical risk against the advice of their security and risk executives, then they should be held liable. Especially in healthcare where patient lives are at stake.

Everyone likes to talk about the next great level of interoperability in health IT but they haven’t figured out yet that to get there, you need to invest in cybersecurity to prevent your patients from being attacked by cyber criminals and their PII and PHI stolen or altered.

Cybersecurity and protecting patients should be viewed as a “business enabler” of new more efficient, more profitable, digital health services and should be an initial design consideration not a last-minute ‘strap-on’ where you are going to spend a lot more time and money for a less secure system. “Security by design” is where we need to be.

“Security by design” is where we need to be.

A true senior security executive, is one that sits at the right hand of the CEO and frequently addresses the board on security matters. He or she directs a comprehensive holistic cybersecurity program staffed with a solid team of security professionals. Together, they facilitate a hospital expanding its range of services to patients for the delivery of more profitable services. Services like telehealth and telemedicine that improve patient satisfaction scores, and the adoption of new riskier technologies like artificial intelligence and machine learning that will ultimately improve patient outcomes by catching tumors earlier and reducing the high costs of intervention for patients with latter stage cancer or similar diseases.

No one expected the Spanish Inquisition but it came all the same

Cybersecurity will also facilitate the advance of personalized medicine by protecting highly confidential information like someone’s genome sequence. A patient can change their name, their address, even their health number following a breach of information. They can’t even attempt to change their genetic sequence. Human cloning may sound rather SciFi but it’s not that far off. China has reportedly already accomplished this. In the fifteenth century, no one expected the Spanish Inquisition but it came about all the same. We need to think outside of the box to prepare for the challenges to our business model in healthcare and the threats and risks that we face.

http://pubs.cyberthoughts.org/AP19.HIMSS.Show.Daily.pdf
Click for the original Show Daily PDF

This blog was first published by HIMSS Media and Cylera


See also AI Will Radically Change Healthcare Security

See also my LiveStream TV Interview from AsiaPac HIMSS