Blog Layout
Secure Mobile Health in a Pandemic
During these challenging times of COVID-19 our focus is on the health and wellness of our communities. Many services in the healthcare field are moving rapidly to tele-health models. However, we still have large barriers to mobile health for ensuring privacy and safety of mobile health technology for patients. Presently our ability to create useful healthcare technology far outpaces our ability to safely secure this technology and the data that is placed and stored on these technologies. We will discuss two areas for providers to consider in this area of social distancing and internet based health services.
1. Patient and physician technical education and training.
Healthcare entities can invest in the creation of better training for medical staff and technicians around the use and understanding of the data presented on mobile health devices. For example with Remote monitoring devices; better understanding of how it works, what conditions in the patient environment can affect the diagnostic readings and what HIPAA/HITECH requires of medical staff in protection of the information collected/received from these new technologies. The need for training is the same from the patient perspective; are they utilizing the devices properly?
In addition, are patients storing/caring for the technology properly so the healthcare provider has accurate results being sent. A strange example, but true a computer repair man has a video on YouTube where he was concerned because he kept getting a machine back with baby powder in it for repair. Turns out the person likes to baby powder everything post dusting their home for a fresh smell and did not realize the impact on electronic equipment. This is extreme example but a reality in education of technology and use when you don’t have control of the device and expect it to be maintained properly for the integrity of the information being collected. This is especially a concern with senior populations that are new adopters in many cases to mobile technology. Many of these mobile health technologies are aimed to assist seniors due to a higher population with limited mobility; however a quick class in how to use a technology when generationally this individual may have limited exposure to mobile technology increases poor adoption and lower results of better quality care. Both the patient and physician need to have clear understanding of the technology, how it works, it limitations and how security is being handled.
2. Ensure security is built into the mobile health solution. The utilization of mobile devices and applications have many security challenges inherent that are still being worked through from the healthcare entity perspective. The complication here is the addition of Protected Health Information (PHI) to these already mostly insecure devices/applications. In short the best role healthcare entitles can play is to work with entitles, e.g. a Covenant Security Solutions Intl, Inc, that can work with them to design into these devices security features that go beyond just encryption and password management. As noted in the above study the current cyber infrastructure in many medical facilities are basic and lack the rigor necessary to increase security of PHI, this concern is in mobile health technology as well. Cyber security providers can assist in technology developers and their adopters getting clarity on questions such as:
Healthcare entities can invest in the creation of better training for medical staff and technicians around the use and understanding of the data presented on mobile health devices. For example with Remote monitoring devices; better understanding of how it works, what conditions in the patient environment can affect the diagnostic readings and what HIPAA/HITECH requires of medical staff in protection of the information collected/received from these new technologies. The need for training is the same from the patient perspective; are they utilizing the devices properly?
In addition, are patients storing/caring for the technology properly so the healthcare provider has accurate results being sent. A strange example, but true a computer repair man has a video on YouTube where he was concerned because he kept getting a machine back with baby powder in it for repair. Turns out the person likes to baby powder everything post dusting their home for a fresh smell and did not realize the impact on electronic equipment. This is extreme example but a reality in education of technology and use when you don’t have control of the device and expect it to be maintained properly for the integrity of the information being collected. This is especially a concern with senior populations that are new adopters in many cases to mobile technology. Many of these mobile health technologies are aimed to assist seniors due to a higher population with limited mobility; however a quick class in how to use a technology when generationally this individual may have limited exposure to mobile technology increases poor adoption and lower results of better quality care. Both the patient and physician need to have clear understanding of the technology, how it works, it limitations and how security is being handled.
2. Ensure security is built into the mobile health solution. The utilization of mobile devices and applications have many security challenges inherent that are still being worked through from the healthcare entity perspective. The complication here is the addition of Protected Health Information (PHI) to these already mostly insecure devices/applications. In short the best role healthcare entitles can play is to work with entitles, e.g. a Covenant Security Solutions Intl, Inc, that can work with them to design into these devices security features that go beyond just encryption and password management. As noted in the above study the current cyber infrastructure in many medical facilities are basic and lack the rigor necessary to increase security of PHI, this concern is in mobile health technology as well. Cyber security providers can assist in technology developers and their adopters getting clarity on questions such as:
a. In the event a device is lost, stolen what happens? Whom does the patient and physician call to ensure PHI is protected and not accessed?
b. Clarity on where data is stored? Many of the companies bringing the technologies to bear are utilizing public cloud services for storage and retrieval of the data. This needs to be understood by both the medical facility and patient and what protections can and cannot be provided as a result of utilizing a service, e.g. Amazon cloud.
c. How does the patient and medical facility authenticate and verify access to PHI ?
d. Defining and designing security protections in medical health devices. Right now, in the limited instances we have viewed, the determination of what is enough security to protect patient data if not explicitly outlined in HIPAA or HITECH and is left to the developer. So there is a lack of standardization in how this is handled. In addition as many providers in this space are small business, it appears they are left to navigate cyber on their own with little background on what that means in a grander context of how a health insurer, hospital or physician office can or will support the security scheme if designed.
These are two key considerations for healthcare entities to manage mobile health solutions. Your technology and it's security is a critical part of the delivery of accurate and quality care to the patients you serve.
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
This is a question anyone can ask and should be asking on behalf of themselves and within your organizations. However, we often view cybersecurity through the lens of feeling vulnerable. In this post we explore a few ways to start to empower yourself and organization to tackle cybersecurity.
The Insider threat in cybersecurity is a tricky subject. We often don't want to approach it because, as the name says, this is someone we have given our trust to that frankly can't be trusted. However, this week we talk about cybersecurity from this angle. The internet village we all share requires us to share and trust in ways we never expected.
Leadership: A female perspective Danyetta Fleming Magana and Javeria Ayaz Malik reflect upon the role of women in crisis leadership
I had planned to share a wonderfully done newsletter article but opted to share from the heart. I've been truly blessed and honored to be in the security community for over 20 years and have many colleagues and friends who help secure our physical and virtual world.
While I admit I love the work from home and the ability to order groceries online, I wouldn't say I like watching children bullied, the elderly targeted and pensions stolen, charities losing donations, and companies going out of business due to the insecurity of our global internet village.
It was out of this place that I realized that we needed to reignite a fundamental truth that "We Are One" always connected.
Humanitarian Cyber Career chat and social media do’s and dont’s for high school and college students - please circulate this flier with your teachers and students so they register! As a part of registration they can enter up to 3 questions they’d like answered at the event. Speakers include Patricia Zebertavage (FBI), Keith Moulsdale (cyber attorney), Veda Woods (leveraging cyber to combat child trafficking), Sean Anthony Guillory, Ph.D. (Cyber automation SME), and more!
How long will I be down from a ransomware attack?
