‘Orangeworm’ the new superworm hacking group that’s targeting healthcare

Hacking activity targeting the healthcare sector continues to rise.  New security research just released by Symantec has identified a global hacking group called ‘Orangeworm’.  Though its targeted victims accounted for a small number of organisations in 2016 and 2017 (mostly in the USA and Asia), some were identified as being based in Europe.  Analysis by industry has revealed that the healthcare sector is Orangeworm’s primary target, with 39% of hacking outcomes manifesting themselves in this data rich sector which includes hospitals and pharmacies.

Symantec said, “Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking. Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack”.

Orangeworm’s wormable trojan, named ‘Kwampirs’ is able to vet the data to determine if the computer is used for research, or contains high value data targets eg. patient information.  The Kwampirs then create a backdoor on compromised computers, enabling the hackers to remotely access equipment and steal sensitive data – and Orangeworm survives reboots.

The trojan worm has a penchant for machine software on critical hospital equipment which includes kit like x-ray machines and MRI scanners, as well as machines used to assist patients in completing consent forms.  If the ‘victim’ computer is of interest, the malware then “aggressively” spreads itself across open network shares to infect other computers within the same organisation and uses built-in commands to grab data. This includes “any information pertaining to recently accessed computers, network adapter information, available network shares, mapped drives, and files present on the compromised computer.”

The supply chain is a key part of this vulnerability funnel, with targets including manufacturers providing medical devices and technology companies offering services to clinics, plus logistics firms delivering healthcare products.

Director of Technology, Security & Governance, JP Norman advises:  “Ensure your anti-malware provider can detect Kwampirs activity and to prevent and detect an infection, ensure that:

•        A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
•        All operating systems, anti-virus and other security products are kept up-to-date.
•        All day-to-day computer activities such as email and internet are performed using non-administrative accounts.
•        Strong password policies are in place and password reuse is discouraged.
•        Network, proxy and firewall logs should be monitored for suspicious activity.
•        User accounts accessed from affected devices should be reset on a clean computer.”

Sales Director, Les Keen added, “Where there is the option for healthcare / supply chain organisations to prioritise IT funding, updating the Operating Systems is a primary, as is ensuring a strong and regular policy on Patch Management.  Our Sales and Security teams  are always on hand to review and audit organisational IT infrastructure and offer holistic remediation advice as part of our security readiness programmes.  Just call us on +44 2380 429429”.

 

Take Up For GP Online Services Hits 42% rise YOY in 2018

With 1 million patients now using the NHS every 36 hours, the pressure is firmly on the nation’s healthcare system to cope with an increased, ageing population, more complex medical conditions being treated, increased waiting time for treatment and more ingenious medicine which is keeping people alive for longer.  Tie that to Brexit and the drive for a 7 day service against today’s staffing pressures and you can see a perfect storm brewing.

Enter then, Health Minister Jeremy Hunt and reflect on his 5 Year Forward View for the NHS. Published in 2015, he laid out his vision for a gradual but persistent transition to patient power – in which digital technology would play a central role.  This was expanded on with his appointment of digital guru Martha Lane Fox to identify four key changes to map out a digital NHS for everyone.  Her stated targets included the following:

o  To reach the furthest first and leave nobody behind
o  To provide free WiFi for all throughout the NHS
o  To build the skills of NHS staff to support people’s needs in the digital age
o  To boost take up of online GP services

So it’s exciting three years on to hear good news coming from NHS Digital’s Leeds HQ. Their latest figures show patient registration take up for secure GP online services in England has risen sharply.  Nearly 14 million patients are now going to their GP’s online for a variety of NHS services without the need to visit a surgery or phoning the practice. These include:

•  Booking appointments
•  Ordering repeat prescriptions
•  Patients view their own records

The figure of 14 million patients is up 42% on February 2017 and amounts to a total of 24% of patients in England now being registered.

For the GP surgeries in local communities who have taken the plunge to embrace technology and overcome initial reservations in parts, these digital pioneers are now reaping the benefits from a variety of online GP cloud service providers.  The results are significant time savings for both the staff and practice GPs, fewer ‘no shows’ and improved patient awareness as patients become more knowledgeable about long term conditions.  The net benefit is derived because GPS have integrated the online public service with single source information clinical systems like EMIS and SystmOne.

There will always rightly need to be a hawkish attitude around protecting sensitive data, however if these new online systems are well governed and securely managed, the public that take up this offer can enjoy a degree of ownership of their healthcare data in intelligent partnership with their GPs and healthcare providers – and in so doing, feel good too they are contributing to improving NHS service efficiencies in the 21st Century.

Not Much Deep Thinking Evident Behind NHS Trust’s Data Share with Google DeepMind

Not for the first time, the NHS has come under fire from patients, patient groups and the scrutiny of the UK’s National Data Guardian (NDG), Dame Fiona Caldicott – and the ICO’s chief Elizabeth Denham.

The Royal Free Hospital in London commissioned Google’s DeepMind division in 2015 to help develop a Streams app to detect acute kidney injury through a blood test to identify deterioration. They provided DeepMind with 1.6 million patient records in the process to enabling ‘real time’ testing.

• Patients at the Royal Free Hospital in London were mainly unaware that their details were being used by a third party, nor how it was being used.
• No details on the financial terms of the deal have been disclosed publicly.

To Dame Fiona Caldicott, whose letter to the Royal Free was recently leaked, laid out her  concern that the data had been transferred on a ‘legally inappropriate’ (read ‘unlawful’) basis.  The app being developed was not ‘central’ to patient clinical care.  Caldicott shared her concerns with the ICO.

Caldicott does not dispute the app’s ability to help clinicians save lives today, but added in her letter: “Given that Streams was going through testing and therefore could not be relied upon for patient care, any role the application may have played in supporting the provision of direct care would have been limited and secondary to the purpose of the data transfer.  My considered opinion therefore remains that it would not have been within this reasonable expectation of patients that their records would have been shared for this purpose.”

Google DeepMind’s clinical lead Dominic King, was swift to distance any cross-use of the patient data with other Google products or services, or use for commercial purposes.

The ICO’s Elizabeth Denham has yet to give her judgement on misuse under the Data Protection Act, but the issue underlines the importance of individual consent.  This will be evermore intensely examined with the forthcoming GDPR regulations in 2018.  As it stands though, the ICO nonetheless has powers to fine a company up to £500,000 for the misuse of personal data as well as seek individual criminal prosecution.

Irrespective of the worthiness and potential benefit to patients in the longer term from the app, Dominic King agrees: “I think one thing that we do recognise that we could have done better is make sure that the public are really informed about how their data is used.”

It may prove a costly oversight to the Royal Free at a time of increasing NHS budget constraints, as well as prompting an ignominious slap in the face to the Trust from its patient body through damage reputation.

Amicus ITS is continuing its series of thought leadership events, this time on GDPR through 2017 for its customers and invited guests.  Further information on the programme can be found by contact Marketing (email) or calling Lindsay Burden on 02380 429475.

3D printing gets smarter in healthcare

Since we last reported an amazing 3D printing story in January 2015, the technology continues to demonstrate its extraordinary enabling powers in the operating theatre for the NHS, with another life transformed as reported this week.

Surgeons were able to use 3D printers to replicate body parts in a kidney transplant from father to daughter at Guy’s and St Thomas’ NHS Foundation Trust in London recently.  With the contrast in size of the organs, 3D printers were used to make models of the daughter’s abdomen and father’s kidney from CT and MRI scans. This enabled the surgeons to accurately plan and rehearse the complex operation.

Hard printouts created the girl’s pelvis, whilst her liver was made softer in a liquid plastic model to enable the doctors to practice pushing it out of the way to make way for the new kidney. Happily, the little girl can now run around and eat normally and enjoy a very different outcome and normal childhood, whilst her parents have the simple joy of planning for her nursery integration in the Autumn.

Unlike in medical robotics where there have been more than two million operations since 2000 the robotics arena still carries challenges in winning over patient confidence.  Here however, the winning smiles of father and daughter amply reflect the achievement of partnership between the human hand and advanced printing technology that shows there is plenty more in store in the future of 3D printing.

first-kidney-transplant-3dprinting-changes-life-northern-ireland-toddler-lucy-1

How on target is the NHS to going paperless in 2018?

Health Secretary Jeremy Hunt has been seeking a paperless records target of 2018 for the NHS since 2013.   In a recent focused healthcare survey of 67 members of the Health CIO Network and CCIO Leaders Network of clinicians and digital health IT leaders, there remains a mixed response:

•  67% stated they were ‘quite confident’ or ‘extremely confident’ their organisation will be paper-light by 2020.
•  14% stated they are ‘not at all confident’ or ‘not very confident’ of achieving the target.

However, on the question of having “integrated health and care records, enabling effective co-ordination of health and social care, by 2020” there was less certainty:

•  56% said they were ‘extremely confident’ or ‘quite confident’ of achieving this, but a quarter (24%), said they were ‘not at all confident’ or ‘not very confident’.
•  28% said they were confident of giving patients read/write access to their records, while 53% said they were not confident.

The top priorities for most of those involved focused on:

  • moving to paperless working – 73%
  • improving quality of services – 68%
  • supporting new models of care – 67%

When asked about their next major IT project, these were reported as:

1.  Top ranking for personal health records and patient portals, to give patients access to their medical record and test results, plus services such as appointment booking and email consultations.
2.  Next were shared record initiatives
3.  Third were e-prescribing and medicines management.
4.  In fourth place finally, one-third of respondents said Electronic Patient Records (EPR) – suggesting many are perhaps already some way down the line with this already?

Not surprisingly, with all the other cutbacks facing the NHS, this drive to go paperless might have a lot of goodwill in the sector to deliver, but the barriers facing NHS providers can be summarised by two principle points of feedback:

  • lack of adequate resource (73% affirmed that their IT budget was insufficient)
  • lack of staffing resource

With the breakup of the NHS from a truly national health service to a regional health service, primary and secondary healthcare organisations around the country will need to start showing they are making this work and that we are benefitting.  Then, we may wonder why it took so long when other major data institutions such as banks and industries such as insurance groups have managed to do this.  After all a 100-1 shot just won the Melbourne Cup.

NHS

Joined up healthcare technology putting patients at the heart of consultations

With the advent of wearable technology and health trackers, along with social media and the power of Google, many patients are turning to personal investigation to check out their personal health symptons and conditions online using Google, Bing, Yahoo and others.  This marks the evolution of the e-patient.

US cancer sufferer and blogger Dave de Bronkart whose moniker is ‘e-patient Dave’, originally rose to prominence in 2009 and recently spoke at the Intersystems joined-up healthcare event in the US to advocate greater openness in the worldwide healthcare community between patient and the doctor as the patient seeks to know more.

Patients are able to access their digital health records (though relatively few do – 0.4% of GP patients thus far in the UK) and by doing so are best placed to identify any errors in separately held records across service providers and regions.  With access to online services, cost savings for booking appointments online, obtaining referrals, and even doctors using wifi to track patient flow through a hospital, this creates massive savings for primary care providers and hospital trusts.

The mainly holistic but equally powerful change however comes through the doctor being open to suggestion from the patient during consultations, as a result of today’s vast wealth of data available online. This offers patients access to research resources which can supplement practioner’s knowledge as well as reinforce or challenge, which should not be written off.  As e-patient Dave argues, this should bring doctor and patient closer together but could be seen by some GPs as a threat. The patient should be welcomed in bringing their own healthcare research and knowledge to the table.  By being open to this he argues, it increases interaction and creates a more educated dialogue, involving better informed questions and greater degree of insight whether a good or bad prognosis. This ultimately provides the opportunity for perceived delivery of a greater level of personal care through proper and open consultation.

These are concepts advocated by UK health minister Jeremy Hunt, who as the NHS seeks to go paperless by 2018, has tasked Martha Lane Fox with putting together a proposal on increasing the uptake of digital innovation in the NHS.  This will no doubt include proposals to involve greater use of social media or webex consultations, other than the existing social media use of just inviting views or questions by the healthcare organisations which a number have already undertaken.  With the higher motive of saving billions of pounds, there is nonetheless an argument that greater empowerment and enablement will assist trusts as they seek to save money bluntly through technology on the one hand and enable the patient to be more involved in their own care and outcomes.  Just keep a weather eye on the critical issue of the handling of patient data and privacy as this direction evolves.

ePatient-Strategien_1900x800    Dave-deBronkart

Telehealth top priority in Kent

Kent has the largest growing elderly population in the country. With this in mind, Kent County Council have announced that telehealth is a top priority for the region to provide digital health solutions. Kent has the benefit of a cluster of technology start-ups in the region. These are being actively supported with business loans. The focus of these new digital companies include providing secure solutions for sharing patient data with practitioners. If they succeed as hoped, they could be creating a new wave of innovative, preventative solutions, which could avoid an over reliance on residential care homes and use of geriatric wards in future. It would also save the Council purse and NHS serious money in the long run if they get the combination right.