Tag Archives: medical computer systems

Ransomware Healthcare

4 Steps for Fighting Ransomware in Healthcare

Malware is bad news for any venture, but healthcare seems particularly vulnerable.

Due to air-tight HIPAA regulations, a data breach or data loss by a healthcare facility costs more than just the ransom or the price of restoration. The fines for HIPAA breaches, just on their own, have been rising in price every year.

Studies from Cybersecurity Ventures show that the damage caused by ransomware was estimated at $8 billion in 2018. So how does a healthcare group or facility fight this rising tide? How can a hospital protect its medical computers systems, patient data, and bottom line?

What is Ransomware?

When a virus infects a computer system and makes either the whole system or just a part of it inaccessible, that’s ransomware.

The malicious software does this by essentially encrypting a portion of the victim’s hard drive so that it becomes inaccessible to the original user. Ransomware, true to the name, usually includes a message that the malware will hold the computer or data hostage until they’ve been paid a certain sum of cash (or, more accurately, bitcoin).

A variation of the practice is sometimes called “leakware,” where instead of locking away your files and selling them back to you, the program steals sensitive information and demands money in exchange for not releasing the data out into the world.

1. Limit Exposure to Ransomware

Step 1 of fighting ransomware is to not get infected by it. Sounds easy, of course, but the internet is a minefield of malware that brooks not the slightest slip in security.

In that case, the real step 1 of limiting exposure is training healthcare employees on how to handle emails. It seems a silly thing, but a doctor, nurse, or receptionist clicking the wrong email could compromise not only their PC, but every EMR computer, medical tablet, mobile device, and internet-connected device in the entire building (or further).

The “State of the Phish,” an annual report published by Proofpoint Security, found that in 2017, over 75% percent of organizations had been targeted by email phishing attacks. Phishing is the act of sending a seemingly-legitimate email from a business partner, bank, or other organization, in an attempt to trick employees into giving up personal information of their own volition. It doesn’t require an ounce of malicious software, just a clever hacker and an untrained employee.

Clinicians must be warned about proper email etiquette. Never open an attachment, if you can help it. Consider sharing files and PDFs through the proper encrypted cloud service instead. If you must open an attachment, only do so from a trusted source, and make sure you have an anti-virus program scan any downloaded files before opening them.

Also, Hackers can break into email accounts, and even spoof email addresses to appear to be someone they aren’t. If an email with an attachment from a trusted source feels suspect, it may be wise to call or text the individual who sent it to confirm that they really did.

2. Regulate Access to Medical Computer Systems

Once employees are trained we move on to step 2: limiting access to medical computers, file systems, and EMR programs by untrained individuals. If a section of hospital staff hasn’t been trained on these procedures, and in fact shouldn’t be accessing the medical computers in the first place, a strong security policy on computer access could further prevent damage from ransomware. It also lowers any potential HIPAA violations the hospital would otherwise be courting.

Passwords alone are seldom enough — they’re often broken, given away, or written down somewhere. Instead, make sure that all medical cart computers, tablets, and medical PCs on the network are locked down with two-factor authentication. Consider all-in-one medical PCs that come with RFID, Smart Card, and barcode readers built right into them to maximize security while minimizing unnecessary and cluttery peripherals.

3. Prevent the Spread of Ransomware

The third step for hospital administrators and HIT to take is to create a system where the spread of malware is much more difficult. That way, if one computer is infected with ransomware, it can’t necessarily grab everything on the entire network.  

Instead of a single network with a hard outer shell (ie, the firewall or other exterior security measures) and an entirely unprotected internal structure, a segmented network splits everything into many individual networks that have their own security measures.

Imagine the fire doors in a hospital, hotel, or large apartment building — in the event of a fire in the building, the fire doors seal automatically to contain the blaze to the smallest area it can. A segmented medical computer network performs the same function.

Most healthcare facilities (and other industries) put all of their connected gear on the same network — it’s much easier to manage for IT. However, do the computers in the billing department really need to be on the same network as the cart computers in the ICU or the medical tablets in the maternity ward?

Instead, considering separating all of the departments into their own separate networks to prevent any one room fire from burning down the whole building, so to speak. It’s a bit more work for IT, but it could pay huge dividends in the long run.

4. Restore Data After a Ransomware Attack

This is the step no one wants to think about, but the fact remains, sometimes the hackers get through. Sometimes ransomware can infect even the most secure network — all it takes is one clinician downloading something from the wrong site or opening the wrong email.

In the case of a successful attack, much of the damage caused by ransomware can be mitigated by a strong backup strategy. In the case of “leakware,” where sensitive information is stolen and threatened with public release, an encrypted cloud backup isn’t going to do much good. But in most ransomware cases, where the data is made inaccessible, a strong, redundant back-up policy may allow your HIT department a quick escape hatch.

Instead of trying to break the malware, figure out the encryption key, or paying the ransom, the IT department can simply nuke the affected medical computers right to the ground and then reimage them in minutes. Then, once the computer is verified clean and the operating system reinstalled, they can simply access the backup storage and return the computer to its old fighting weight.

Beating Ransomware Before the Fight Even Starts

To paraphrase an old saying, the best time to create a comprehensive ransomware strategy is yesterday. The second best time is right now.

Interested in increasing the security of your medical computer systems, and learning about medical computers and tablet that come with integrated security features like biometric scanners and RFID? Contact Cybernet today to learn more.

Healthcare Interoperability

A Beginner’s Guide to Healthcare Interoperability

There’s no denying that the newest trend in healthcare is the idea of “interoperability.” It’s the headline of every news story, and it’s on everyone’s lips coming out of HIMSS. But, it’s easy to gloss over it, to think of it as a new way to say “synergy” or “Big Data.”

What is Healthcare Interoperability?

However, the truth is interoperability is more than just the newest jargon — it’s another way to say “communication.” And as all healthcare clinicians know, communication is the most important element of treatment. The communication between the patient and the doctor, the communication between nurses and doctors changing shifts, and the communication between the various healthcare providers.

So, when the smartest folks in the healthcare industry push the importance of interoperability, what they’re really talking about is a way for patients’ records to be more accurate, more compatible, and more easily accessible.

But how can healthcare providers, hospitals, and doctor’s offices implement interoperability?

Find out how artificial intelligence, legislation, medical computers, and policy changes can all cooperate to create a more transparent (and cheaper) data sharing system.

Unifying the Health Record

You may have been told in high school that something is in danger of going “on your permanent record.” Well, as it turns out, there is no permanent record. Not for copying your friend’s homework, and not for medical records, either.

Each time the third nurse you’ve seen during a single visit has asked you for the fifth time if you’re allergic to anything, you know that EMRs need a serious overhaul. Luckily, there are systems in place to do just that.

Option 1: Embracing the blockchain. Combining one buzz word with another may sound worrisome, but blockchain can actually be a great potential road towards interoperability. What’s the main hurdle of interoperability? HIPAA regulations, and the very real fear that a patient’s digital file could be swiped or cracked by malicious parties during a transfer.

One of the main issues is that many health record files are stored in “read-only” formats to prevent tampering. However, read-only formats don’t play well with databases that needed to access the original file and pull categories out. This is done for protection, but it also creates format wars AND sucks a ton of time from admin, who has to transfer many of the data fields manually.

Blockchain, on the other hand, uses a distributed ledger, spread across multiple locations, to ensure that patient records cannot be accessed or altered by anyone but those authorized to do so. The data doesn’t have to be stored in “read-only,” because every attempt at tampering is foiled by blockchain’s tracking system. The data is encrypted, and even if somehow a malicious actor was able to break in, the entire system would register that the copies on every other computer connected to the blockchain don’t have the changes, registering the transaction as both fraudulent and easily traceable.

Change Healthcare has already implemented a blockchain network designed to streamline hospital processes with the ultimate goal being a “single point of truth.”

The “single point of truth” is really just another way of saying interoperability: if everyone is pulling patient data from ONE location, there’s no need for an array of conflicting file formats and record systems.

Option 2: Using open APIs. This is more on the programmer side of things, but if you’re trying to understand how to implement interoperability better, it’s good to know what you’re looking for.

An API is an “application programming interface,” and an open API is one that is designed from the ground up to facilitate sharing. It means that the processes underpinning a program (or app) are modular, and can share an abstracted version of the data. What this means in layman’s terms is that the open-API program can still share data with other programs without “giving up its secrets,” or releasing proprietary code to an outside source.

The idea is to combine accessibility with security, another key feature of any interoperability campaign. When shopping around for EMR programs, an open API should be high up on the list of priorities.

What is Healthcare Electronic Data Interchange?

Electronic Data Interchange, often abbreviated as “EDI,” defines a set of standards, technologies, file formats, and transmissions methods for moving sensitive data from one point to another.

Healthcare EDI is referring to those methods used specifically for transfers like medical records, payments, medication information, and the like from one EMR computer, medical tablet, or even mobile phone to another. Healthcare EDI must conform to HIPAA standards, of course,

Adhering to EDI standards has proven benefits. For one, security is increased, because the EDI standards are tried-and-true, and conform to HIPAA codes. Secondly, processing documents is ultimately cheaper: studies have shown that healthcare facilities saved anywhere from $1 to $2 dollars per claim just by switching to EDI. That may not seem like a lot at first blush, but considering the thousands of claims and documents pouring through the healthcare industry at any given time, the savings are quite significant.

The last benefit is to (surprise) interoperability. EDI sets a standard, and the more healthcare providers and facilities follow those standards, the more, well, standard they become. When everyone is on the same page, the book isn’t terribly hard to read.

According to Markets and Markets, the EDI market value will increase by over 1 billion dollars by 2022. This massive market penetration should have enormous benefit to any attempts at standardization as well.

Breaking Down Interoperability

When it comes to understanding and implementing interoperability, remember the key ingredients:

  • Hardware standardization: Avoid the format wars. Install long-lasting, compatible medical PCs and medical cart computers that can talk to each other.
  • EDI: Make sure your file formats and transmissions standards all fit the EDI recommendations.
  • Blockchain: Look into distributed ledgers to maximize security and accountability.
  • Open API: Invest in programs that are designed to be compatible and future-proof.

These are just a few of the starting places, so contact Cybernet today to learn more about medical hardware, compatibility, and EMR solutions.

4 Ways That AI will Affect Medical Computer Systems

The term “artificial intelligence” conjures images straight out of science fiction blockbusters: super-smart machines controlling all aspects of life, and often running wild to destroy their human creators. In reality, however, AI is very different… and in many ways, it’s already here.

Artificial intelligence is defined most prominently by an ability to perform human-like tasks. For instance, many AI programs are designed to learn over time, allowing them to analyze data more accurately and provide more sophisticated computing functions.

This impact can be felt most profoundly in the medical industry, which is already undergoing a technological revolution thanks to modern medical computer systems. The advent of AI will affect such systems considerably, and in a few years may become an integral part of any medical organization. Those hoping to take advantage of the enormous potential of AI applications would do well to start preparing for it now.

So what does that mean? It means taking a close look at the ways that AI will affect medical-grade PCs and ensuring that the units in your network are prepared for it. Here are 4 specific things to look for.

Upgradable Components Add Processing Power

AI relies on typical hardware concerns, which come down to processing power and storage space. The faster a computer can perform and the more space it has to hold information, the better it can do its job. Consider, for example, the vital task of data analysis. An AI program can analyze a huge amount of medical records very quickly in order to spot trends in treatment plans and places where errors seem to recur. (This is already happening in places like the Cleveland Clinic, where IBM’s Watson program is used to conduct deep data mining of existing medical records.)

In order to do that, it needs a system with a great deal of memory and processing power, and implementing such a program may require you to replace older computers that lack the capacity. Alternately, looking at an upgradable system now – with the ability to upgrade ram, add a second hard drive or even upgrade the CPU with more powerful versions in the future – will allow your network to adjust to increased needs and better take on the requirements of an artificial intelligence system.

Superior Imaging Helps AI Do Its Job

Diagnostic imaging PCs and similar devices help enhance the images doctors need to perform diagnoses: anything from x-rays of broken bones to endoscopes pinpointing problems in the patient’s gastrointestinal tract. But imaging analysis can take a long time, as medical personnel pore over numerous images in search of accurate information. That means a significant loss of efficiency at best, and if the needed information is time-specific – if, for example, the information is required before emergency surgery – it can be dangerous.

3D medical scans benefit immeasurably from AI features, which can analyze visual data much faster and with greater accuracy than humans. (MIT has developed an algorithm called VoxelMorph for just such analyses.) But that, in turn, relies on high-quality imaging from the computer itself, which provides better data samples and can improve accuracy. A system with a high-end video card and superior image processing will be well-suited to AI image diagnostics, and allow such applications to perform their functions effectively.

Everything Is Connected

Accurate analysis depends on accurate data, and that can rely on devices that aren’t necessarily set up for an AI application. An older x-ray machine, for instance, may use outdated image files that are not readily integrated into a newer medical computer network. Patient data, medication supplies and similar details may also suffer from interconnection issues (such as when they are recorded by hand and logged into an electronic system later).

The more interconnectivity a network has, the more readily such data can be analyzed and interpreted by an AI system. That starts with peripheral equipment, such as 2D barcode scanners and RFID devices. When directly integrated into a medical tablet or computer on wheels, they allow nurses and doctors to instantly scan patient data by swiping the scanner over medical bracelets, as well as scanning barcodes on medication bottles and even medical equipment.

Similarly, legacy ports such as RS-232 ports on a medical computer provide access for older machines. That, in turn, allows an AI application to analyze the data from a legacy device with considerable speed and efficiency. The more you can address interconnectivity with a system designed for AI functions, the more smoothly it will run with other equipment, and the more quality data will be procured for its use.

 

Cybernet Manufacturing produces a variety of medical grade PCs to facilitate artificial intelligence applications. If your organization is looking at the potential of AI for your network, contact our team to discuss your options.

medical computer systems and medical tablets

2 Difficult Roadblocks for Medical Device Manufacturers (and How to Overcome Them)

Medical device manufacturers (MDMs) have their work cut out for them. Producing a medical device is one of the most arduous processes in the medical field; it takes meticulous design, several tests, verification, validation, retesting, proper documentation, and other steps to see a device turn from concept to fruition after years of work—not an easy one-and-done task! A lot of new medical device manufacturers may be struggling with the reins of understanding the process from A to Z, and mistakes can (and will) be made. That’s why it’s important to educate MDMs about one of the most important aspects of medical device manufacturing—ensuring that the computers used on their devices are true medical computer systems and not computers you’ll find down the street in a retail store. Here are a few reasons why MDMs should steer towards these kinds of computers.

Software Certification—Test, Test, and Re-Test

Software in the medical world is ever-improving, but it’s a heavy burden to release a new build for a medical device. The problem is it’s difficult to re-certify the software as new builds need to go through rigorous quality testing in order to be approved on hardware. This first assumes that the original software build for the original product has passed all regulations. The FDA advises that software development for all medical devices requires proper planning, verification, testing, traceability, configuration management, and other aspects in order to have a proper approach for software builds. There’s still a matter of verification and validation too; validation is a process of ensuring the proper software is being built, while verification ensures the proper software is being built correctly. This constant testing and quality assurance can take several months to years to complete just to upgrade the software to a newer fieldable build. Consumer-grade hardware typically turns obsolete by the time these processes are finished—what then?

It’s much easier for a medical device manufacturer to stick with a software build that has already been approved and match the hardware to the software. That’s why a lot of medical device manufacturers adhere to purchasing medical computers with long product life cycles. Software might be developed to run on a specific operating system or with an older aspect ratio. They might require specific ports to integrate a device into. With the ever changing landscape of the consumer computer market, a MDM’s software could become incompatible with the latest and greatest consumer tech in a short time. That’s the reasoning behind longer product life cycles—so device manufacturers aren’t trying to keep up with the ever-changing consumer market. Medical computers typically have a much longer life cycle than their consumer counterparts, making them ideal for MDMs.

Patient Safety Comes First

Imagine being in the middle of a procedure like an endoscopy, or laying in an MRI machine and a surge of electricity shorts out the machine. These types of events are exactly what the FDA is trying to prevent when they are certifying new devices for near patient use. The International Electrotechnical Commission (IEC) is an organization that certifies the safety and performance of medical electrical equipment. Commonly known as EN60601-1 (in Europe) or UL60601-1 (in The United States), MDMs are required to meet these certifications in order to be approved for near patient use. Seeing how no commercial grade computers meet these standards, MDMs are faced with two choices. One option would be to purchase isolation transformers, figure how to integrate those with their computers, and then integrate that with their device, get the device tested, at which point, there is still no guarantee that all the pieces would pass certification. The other option is to purchase a medical grade computer that is already IEC60601-1 certified.

It is important, however, for an MDM to make sure that the hardware partner they are working with is actually 60601-1 certified. This is the only true measure of a medical grade computer. With a medical grade computer, there is less design work that needs to be done and testing is often less expensive and time consuming.

Just these two hardware aspects of medical computer systems hopefully give a glimpse into the lengthy, thought-provoking process that medical device manufacturers endure to market products to hospitals and clinics. Without the right hardware, the process of developing a medical device can turn costlier, longer, and present more roadblocks for MDMs in the future. The best idea when in the development stage is to find the right medical computer system customized with all the necessary features needed to run the device without problems. In a nutshell, struggle less with the right computer. Contact us to learn more.