480 likes | 493 Views
With the impending risk in the mind, to assist healthcare organizations to prevent data security breaches, we bring you the “The 10 Most Trusted Healthcare IT Security Solution Providers” issue.
E N D
www.insightscare.com September2018 The10 MostTrusted Healthcare ITSecurity SolutionProviders 2018 BrianArellanes CEO &Founder ITSourceTEK LeadingtheMovementinaRisk-Based&Data-Centric SecurityApproachtoThwartCybercriminals
Fromthe Editor Cno permanentsolutionreached,ifiteven exists.Withthe yber security is healthcare’s hot potato today.Cybercrimes have affected the industry on a very large scale andthere’s rise of these threats at an alarming rate, majority of thehealthcare companies have adopted various strategies to protect theirpatient’s data and all the critical information. “Busy fighting the outsiders, less attention is paid to the menace that lies inside.” It is a known fact that six out of ten cyber-attacks in the healthcare industry have an insider from the organizationinvolved. The unpredictability of the insider threat is more than an external one, pointing to a greater risk. Moreover, the trusted insider has legitimate access to all the systems of the organization and hence, the difficulty of going through the already installed security walls is eliminated. They also know what information is stored where, making it easier for them to breach the target data. All known and understood, it is not wrong to say that insider cyber-attacks are one of the greatest challenges for the healthcare industry in today’s date. Insider threats being hard to identify and even harder to prove, necessary measures to eliminate them should be taken beforehand. From background check before hiring an employee, or collaborating with a partner, to timely monitoring the workforce to controlled and protected access to sensitive data, healthcare organizations today must take several steps to safeguard all its digitally stored files. Also, more education on cyber security in healthcare, provided to the current employees as well as the future leaders of the industry, will help in reducing inside threats. Along with this, the most important question you should be asking yourself is- “What steps will you take differently if you are already aware that you are going to be robbed, and by someone youtrust?” In the era where digitization has taken over the healthcare space, what can be a greater threat than cyber-crime? Realizing the same, many healthcare organizations, today, have strategized various fences against cyber-attacks. But, most of them fail toacknowledge the insider threats, focusing only on the external risks. As it is said widely, ‘Cleanliness begins at home’, it is not wrong to analogize it with the current scenario of cybersecurity. The Threat that Comes FromWithin AishwaryaNawandhar AishwaryaNawandhar
Editor-in-Chief Pooja M. Bansal Managing Editor Ashwini Deshmukh Executive Editors AishwaryaNawandhar Shane Gomez Contributing Editors Sayali Rane, Anmol Preet Singh, Rahul Niraj Visualiser DavidKing Art & Design Director AmolKamble Associate Designer ShwetaShinde Co-designer Sapana,Rahul Art & Picture Editor PaulBelin JayantKhanna Senior Sales Manager AmyJones Business Development Manager MarkWilliams SalesExecutives Kelli Thomas, Bill Thompson, JohnSmith Technical Head SwapnilPatil Technical Specialist Amar, Vivek,Pratiksha Digital Marketing Manager MarryD’Souza SME-SMOExecutives Prashant Chevale, UmaDhenge Circulation Manager Robert, Tanaji Database Management Stella Andrew Technology Consultant DavidStokes sales@insightscare.com September, 2018 CorporateOfces: Insights Success MediaTechLLC 555 Metro Place North,Suite100, Dublin, OH 43017,UnitedStates Phone -(614)-602-1754 Email:info@insightscare.com For Subscription:www.insightscare.com Insights Success Media and Technology Pvt.Ltd. Ofce No. 510, 513, 5th Floor, Rainbow Plaza, ShivarChowk, Pimple Saudagar, Pune, Maharashtra411017 Phone - India: 7410033802,74100058552 Email:info@insightscare.com For Subscription:www.insightscare.com Copyright © 2018 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any formorby anymeans,electronic,mechanical,photocopying,recordingorotherwise,withoutpriorpermissionfromInsightsSuccess. Reprint rights remain solely with InsightsSuccess.
CoverStory ITSourceTEK Leading the Movement in a Risk-Based &Data-Centric Security Approach to ThwartCybercriminals 8 Articles DataCryptology 34 Tokenizationor Encryption - ChooseWisely PocketWellness 22 mHealth:TheNew HorizonintheHealth Technology Cybernetics 40 Strategies forHealthcare Organizations toCombat Cybercrime Biomarkers Proteins are BetterBiomarkers thanGenes 28
16 26 CONTENTS 20 Haystack Informatics LeveragingBehavioral Analysis to Secure Health Systems againstInfringements 24By7Security A Comprehensive Cybersecurity & ComplianceSolutions Provider HashedHealth Leveraging Blockchain Technology toEnhance the Care inHealthcare 32 42 38 Prey Devouring Cyber Theft withModernism &Amendment SecureNetMD An Innovative Technology Partner for HealthcareLeaders Seceon DeliveringCutting-Edge IT Security for Healthcare’s Digitally TransformingWorld
RenderingSophisticated Data Security Solutions to Leading Healthcare Enterprises Hhas beenone of theprimetargets for cybercriminals;and with thehealthcaredatabeing very sensitivein ealthcare has witnessed extensive digitization in the recent years. Although this has remarkablytransformed the services in healthcare, it comes with a challenging side-effect: risk of information security.Healthcare nature, this is a major concern. It is of immense significance that the healthcare companies be aware andimplement the best practices to secure the information of their patients as well as theorganization. With the impending risk in the mind, to assist healthcare organizations to prevent data security breaches, webring you the “The 10 Most Trusted Healthcare IT Security Solution Providers” issue. In this issue, we are presenting to you some of the prominent companies and healthcare solution providers, who have successfully helped theindustry to protect the patients' information and other critical healthcare data against the ever-risingcyber-attacks. The cover of this magazine showcases the award-winning leader in the IT security industry, ITSourceTEK. It offers risk-based and data-centric security solutions againstcybercrime. Other than this perceptive cover story, the magazine also features Haystack Informatics, a behavior analytics company that assists healthcare providers, Prey Software which offers several cutting-edge anti-theft services, Hashed Health solving most important problems in healthcare with blockchain and DLT, Seceon that has been safeguarding healthcare data from potential breaches, 24By7Security, a cyber-security and compliance specialist and advisory firm, and SecureNetMD providing HIPAA compliance managed technology solutions.Apart from these, we have selected a few more pioneers of the industry viz. Barrier1, BeyondTrust, andSensato. As you journey through the magazine, make sure to not miss out on an insightful article titled ‘Proteins are Better Biomarkers than Genes’ by Dr. Steven Pelech, the Founder, President, and CSO of Kinexus Bioinformatics Corporation. Flipping through some more pages, you will find our masterly crafted in-house articles fromPocket Wellness, Data Cryptology, and Cybernetics. Walking through all the pages in this magazine of ours, you will be introduced to an interesting world ofnovelty. So, turn the pages and enjoy a good read!
CoverStory ITSourceTEK LeadingtheMovementinaRisk-Based& Data-Centric SecurityApproach to ThwartCybercriminals ‘ ‘ Our clients are at the center of ourservices. We thrive to provide the best possible solutions to theirproblems ‘ ‘
BrianArellanes CEO & Founder
O ne of the most valuable assets of a company is information.And today, ‘digital data is the new black’. The wave of digitizationhas revolutionized every profession in every sector. Like everygood, it also comes with a challenge; challenge of security. As digitizationcomes bearing countless advantages and now has become inevitable,information security is one of the greatest threats to any organization today. ITSourceTEK is an IT security solutions company that guides its customers to protect their data from cybercrimes. It is an award-winning leader in the Information Security industry. The company provides strategic business and technology based cyber security solutions that leverage enterprise investments and improve efficiency to meet stringent compliance standards. The team of ITSourceTEK has extensive realworld experience in leading and supporting organizations spanning across many industries. ITSourceTEK is driven by the mission to exceed its clients’ expectations with exceptional service while using success to give back to charitiesand the community. Honesty and transparency, with no sales pressureor ‘ ‘ ‘ ‘ We provide customized solutions to all ourclients pushing a specific solution, are the key traits behind its success. The firmis strategic with access to the best solutions, and deep relationships across industries andtechnologies. The Journey of Growth and Development In its journey of more than a decade, ITSourceTEK has overcome many challenges and evolved to thwart newly emerging threats for theindustry’s leading clients’ environments. At the beginning of this journey, it supported executives on critical projects at Northrop Grumman, Wells Fargo, and BD Biosciences. ITSourceTEK grew from those initial clients into many other high-profile large and complex environments in both the public and the private sectors. The technology, then, started moving away rapidly from a controlled perimeter, due to the proliferation of smart mobile devices, IOT, and Cloud/SaaS providers. In this, the team of ITSourceTEK saw an opportunity to impact their clients’ security by helping them move from only a perimeter-based security approach to a data centric security approach. Since then, they have helped many of their Fortune 500 clients in protecting their data by embracing the company’s data centric approach tosecurity. Safeguarding Healthcare from the VeryStart Towards the beginning of its journey to protect data, ITSourceTEKhelped
‘ ‘ ‘ We help our clients protect their valuable data and assets from multi-directionalthreats ‘ Nina Do,COO provide McKesson with consulting services to securely architect and develop its databases in support of some of its more critical applications. Another one of the company’s contributions was to protect Patient Healthcare Information (PHI). Inthis, it secured more than 100 Million Electronic Medical Records (EMR)on a project supporting EDS/HPE for the California Department of Corrections & Rehabilitation. The organization provided architecture, development, and security of BD’s medical device firmware and desktopbased applications used to analyze blood work down to the genomic level for AIDS, Cancer, and other diseases. In addition, it has provided complete assessments, IT support, and security of ambulatory and surgery centersfor industry leaders like Amsurg. Now, it is helping some of these and other healthcare giants look at new and exciting innovations around the automation of Governance, Risk, and Compliance (GRC) and securingdata in more modernized environments, including Cloud andSaaS. Prominent Solutions At its nucleus, ITSourceTEK is a data security company. Then, as it expands outward in its offerings to protect data, the cellular membrane of the firm includes the followingcapabilities: Data Governance, Risk, and Compliance (GRC) Support & Solutions- It provides assessments, requirements, and gap analysis for security standards (such as HIPAA, SOX, PCI-DSS, and GDPR), and other regulatory requirements. It creates policies and provides solutions tofill
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 any gaps and achieve compliance, ensuring thatthe companies meet stringent security standards for how their data is used, managed, andstored. Data Encryption, Masking, and Tokenization- It helps to protect sensitive structured and unstructured data while at rest and in motion. This can start at the user interface, on the web orinternal application, and extend through the back-end systems or data lakes, including Cloud/SaaS providers. Regardless of the storage location or file type, it helps to transparently encrypt the unstructured data to exceed compliance requirements. Threat Detection and Policy Enforcement- Withthe advanced data science and machine learning, it helps to develop analytics and create inline protection to enforce security policies for the protection of sensitive data in real-time. Its solutions help to detect anomalies before data and IT, IoT, and OT systems are compromised. They also analyze, protect, and report threats from malicious insiders, ransomware, and other policy violations using Application and Database Security Platforms, autonomous threat intelligence, NAC, and/or combination of thesesolutions. DNS and WAF Protection- DNS ports arebecoming a common path for stealing data, as DLPs and other solutions can’t detect the theft. It addresses these vulnerabilities and provides protection against threats such as data exfiltration through the ports in the DNS. Its recommended DNS and WAF solutions prevent or mitigate impact from DDoS and other mission criticalattacks. Cloud Security Strategies and Solutions- It helpsto develop automated security functions to extend protection as the data and applications move to Cloud and SaaS platforms. This also includes automation of policies and configurations for provisioning and data managementfunctions. Guided by the Diverse and ResilientLeadership Team Brian Arellanes, CEO and Founder, isan accomplished professional with 20+ years of award-winning leadership in the technology and security space. He collaborates with and advises some of the top C-level executives and Security professionals in the world, while also findingtime to feed his passion of giving back to the community. ‘ ‘ We arenot asales-based organization, rather a trusted advisorysolution provider ‘ ‘
‘ ‘ We believe in giving back to those inneed The COO, Nina Do, has been with ITSourceTEK for 11+ years leading the operational aspects of the company, which includes Marketing, Advertising, Process Design and Governance, HR, Payroll, and A/P functions. Nina’s past experience as an Advertising Executive with a creative focus for some of the largest global firms has helped her to streamline messaging and operational efficiencies that better meet the needs of ITSourceTEK’s employees and clients, while reducing costs withautomation. Walter Jones, CIO, is a technology mogul with 40+ years of experience, many of which were at a C-level, leading thousands of employees at Fortune 50 organizations like Wells Fargo. Walter’s passion to accomplish business objectives while bringing up the next generation ofthought leaders is second tonone. Matt Whitmarsh is the EVP and a trusted andexperienced leader having more than 25 years of technology and security experience. He has led large public and private sector projects responsible for P&L, internal and 3rd party resources, and delivery of complexsystems. The Director of Operations, Jean Dubois, is a seasoned leader with 25+ years of experience that is well versed in financials and streamlining processes. Herentrepreneurial spirit brings a creative and people oriented approach to runningoperations. Idiosyncratictactics A key differentiator for ITSourceTEK is its unique approach. It is not a sales-based organization, rather a trusted advisory practice for its clients to draw upon. As thought leaders in the data security and compliance space, the company invests heavily in understanding the best practices and solutions available. Its client relationships are all managed by trusted executives that have beenexecutives in similar roles as its clients; this is advantageous to immediately provide insights based on their real world experience. Furthermore, it is product agnostic and isconstantly evaluating proven and emergingtechnologies. ITSourceTEK helps its clients to look at the solutionsthat have been thoroughly vetted, to help them avoid costly investigative efforts and/or delays associated with the vetting process. As it relates to product-based solutions,the firm's value is further added by bringing strong partner relationships to its clients at the executive level and high partner status with deep discounts above the regularbuying power. Along with this, it constantly looks for ways to automate its internal processes; advising similarly to its clients. This ensures that its employees have the besttools ‘ ‘ and methods to accomplish their tasks. ITSourceTEKalso invests in conferences, seminars, and training courses to help its employees stay ahead in this competitiveindustry. Accolades and Reverence ITSourceTEK has earned many awards since 2006. Some of their top honors by some prominent sources from a past few years include Minority Cyber Security Company of the Year 2017, Most Valuable Healthcare Solution Provider Companies 2017, Top 10 Healthcare Compliance Solution Providers 2016, HP Supplier of the Year for NMSDC 2013 & 2015, and 100 Fastest Growing Hispanic Business inthe USA 2012-2014, amongst manyothers. The greatest achievement for any company is the acknowledgement from its clients. ITSourceTEK has been praised for always being highly responsive to its client’s requests to help them fully achieve their goals with a strong return on investment. Its clients have also appreciated the company’s technical and strategic depth to help steer them in the right direction and for finding creative ways toensure that they don’t exceed budgetarythresholds. Arm-in-Arm with the Developments inSecurity Industry With the continual pressure to increase securityand regulations to match, ITSourceTEK’s viewpoint is simple; protect the data by building a proper governance program with policies and the technology to enforce them. Asevery organization is at a different level of maturity and has a different level of commitment (or budget) to do everything required; it creates customized solutions for eachclient. Addressing the public outcry to increase the levelof protection used for their data, the firm isconstantly evaluating new ways to do soefficiently. Future Plans ITSourceTEK looks to continue building its reputation asa thought leader in the data security and GRC space to help drive wider adoption of its data centric security and risk- basedapproaches.
TODAY SUBSCRIBE Never Miss anIssue Yes I would like to subscribe to Insights CareMagazine. GlobalSubscription 1 Year.......... (12 Issues).... $250.00 6 Months ..... (06 Issues) .....$130.00 3 Months ... (03 Issues).... $70.00 1 Month ...... (01Issue)..... $25.00 Name:Date: Address:Telephone: Email: City :State:Zip:Country: INSIGHTS SUCCESS MEDIA TECHLLC Check should be drawn in favor of: CORPORATEOFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017,United States Phone -(614)-602-1754,(302)-319-9947 Email:info@insightscare.com For Subscription :www.insightscare.com
24By7Security AComprehensive Cybersecurity & Compliance SolutionsProvider Csincethere has beenasteady yber security in healthcare isa saw an opportunity in healthcare security and compliance. That’s when he founded HIPAA-HITECH- SOLUTIONS, Inc. with the missionof providing HIPAA compliance services in South Florida. As the businessgrew, more opportunities appeared and its client segment started expanding. The company’s team consists of experts in cybersecurity, healthcare technology, and consulting. With their help Sanjay decided to expand the business to cover all industries. That is when 24By7Security was born and the old company folded into the umbrella of 24By7Security. Sanjay has over twenty years of cybersecurity and compliance experience. He holds a Master’sdegree in Computer Science from TexasA&M University, and is a Certified Information Systems Security Professional (CISSP) and Healthcare Information Security andPrivacy Practitioner (HCISPP). He serves on the Board of the South Florida CIO Council, and also Co-Chairs the South Florida CISO Forum. Sanjay is a frequent speaker on IT Governance, Compliance and Cybersecurity at national conferences. He is a member of the South Florida InfraGardAlliance and Sector Chief for the Information Technologytrack. Distinct and Holistic Services ofthe Company 24By7Security offerscybersecurity related services in the areas ofstrategy, assessments, remediation, and training for all major industries including healthcare, education, hospitality, financial, insurance, government, law firms, retail, manufacturing and entertainment. As cybersecurity concerns continue to rise, businesses seek professional services to enable better security and ensure their confidential data is properly protected. The company helps its clients manage their data privacy while getting compliant with regulations that major industries like finance, healthcare, and education are required touphold. 24By7Security provides a holistic list of services which includes: Cybersecurity Services: Security Risk Assessment, VulnerabilityAssessment, Virtual or Part-time CISO, Web Application Testing, Social Engineering Testing, Physical Security Testing, Policies andProcedures. growing concern thesedays, rise in hacking and ITsecurity breaching incidents in the past few years. Many healthcare organizations are struggling to defend theirnetwork perimeter and keep cybercriminals at bay. A company that addressesthis issue head-on is 24By7Security, Inc.It is a cybersecurity and compliance company with demonstrated expertise in helping businesses build adefensive IT Infrastructure against all cybersecuritythreats. An award-winning and respected member of the security community, 24By7Security provides a rich menuof security and compliance services, including the flagship Security Risk Assessment and HIPAA Compliance Package. It has been in business since June 2013 and has provided cybersecurity consulting services to several organizations. The company's team members have numerous certifications and have been actively involved in IT security projects for years. The Leader behind Its Success The company is the brain child of Sanjay Deo, who is the Presidentof 24By7Security. In 2013 Sanjay wasthe CEO of a Security OperationsCenter and Consulting firm. With several years of information security experience in multiple industries,he “We strive to leave no gaps, by using a 360-degreeapproach for security and privacy for ourclients. Don't RiskIT, SecureIT®” 16 |September 2018 |
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 • Compliance Services: HIPAA/ HITECH,HITRUST, GLBA, FFIEC, FIPA, SOC – SSAE 18,GDPR, • FERPA, New York Cybersecurity Regulations,SOX, • Dodd Frank Act, PCI DSS, FedRAMP, NIST – Cybersecurity Framework, and ISO-IEC27001. • Cyber Incident Management: Incident Response,Cyber Incident Investigation, Forensics, andRemediation. • Training: HIPAA Training andCybersecurity AwarenessTraining. • The firm’s proprietary Security 2.0 – {Reactive, Proactive, Counteractive} model allows it to adjust its methodology to deliver the right type of resolution for each situation. 24By7Security’s comprehensive Defense in Depth 2.0 approach allows its clients to understand the full extent of their vulnerabilities andto create an end-to-end security strategy. • Achievements of24By7Security • The company has achieved many milestonesthroughout its 5-year journey. Some of themare: • 500+ Security and Privacy riskassessments • conducted as of September2018. • New company website launched in July2018 • Certified as a State of Florida CertifiedBusiness Enterprise–Woman owned and Minority Owned Business Enterprise (WBE/ MBE) in May2017 • Sanjay Deo, President and Founder of24By7Security, • appointed as Technology Sector Chief forFBI Infragard, South Floridachapter • The company launched HIPAA Happenings, an educational networking session on HIPAACompliance for healthcare providers and staff in South Florida. The second session of HIPAA Happenings will be a brand new, complimentary virtual offering of the mandatory 2018 HIPAA Compliance training for healthcare providers. • Offering Hassle-free WorkEnvironment • The firm has team members from varying backgrounds such as healthcare, information technology,compliance, IT Security, finance, government, and more. Its team members are at varying levels of seniority ranging from CIO, CISO, and Technology Director to Security managers and Security Analysts. 24By7Security’s team members are highly credentialed in informationsecurity and healthcare. It provides competitive compensation and benefits recognizing the value of itsemployees. Sanjay Deo Founder &President The company’s mission statement includes providing a positive and productive workplace to its employees. It encourages a friendly, communicative, and flexible work environment and plans team events frequently to build camaraderie. 24By7Security offers several educational opportunities to team members to attend conferencesand trainingprograms. The company believes and values its old traits in keeping up with daily challenges. “Sometimes it’s the good old traits that come a long way,” asserts Sanjay. It has a five- pronged approach towards its projects and assessments, which when working together seamlessly in a project,helps its clients achieve success. This approach includes people, process, tools/ technology, in-depth PHI/ PII review, and communication/ documentation. This is evident in the high number of repeat contracts and word-of-mouth referrals 24By7Securityreceives. Booming Future of24By7Security Currently, 24By7Security is growing rapidly in markets within and outside South Florida, expanding within the state and also in other states. In the years to come, it projects itself as a major regional player and advisory company in cybersecurity and compliance functions.From a company size point of view, it expects to be at least double its current size in terms of revenue and team strength. |September 2018|17
HashedHealth LeveragingBlockchainTechnologytoEnhance the Care inHealthcare Irevolved around bitcoin,John n a time when almosteverything two decades of experience in the healthcare industry. He has spent his career building businesses that help organizations realize value through collaboration in previously siloed areas. His earlier success stemmed from solving institutionalissuesaround transparency, trust, and the alignment of incentives in a world before blockchain. Early on, John recognized that blockchain is purpose-built to solve these exactissues. To start Hashed Health, a company based on a technology in which few people could see utility, he walked away from a CEO role at a subsidiary of the city’s most prominenthealthcare company. “For me, blockchain was the first thing I’ve seen since the internet that has the opportunity to change the conversation around healthcare. All of these things that the blockchain has become known for can be appliedto healthcare to solve some of thesereally traditional problems that we’ve always wrestled with,” says John. AnInnovativeOrganizational Structure When Hashed Health was launchedas a product company in 2016, therewas no market for blockchain solutions. It had to createone. “Our goal is to be a product company, but we had to build a market first.That was the interestingconundrum. Blockchain is not just about a product; it’s about a network. In order for a product to be meaningful, you have to have a network of participants readyto use that product and that means addressing both technical and non- technical concerns,” Johnsaid. The Hashed Health model hasthree distinct, synergistic areas to launch meaningful products in its unique space. Hashed Enterprise helps healthcare organizations and other companies understand how blockchain could affect their businesses, the drivers of cost and value for blockchain in healthcare, and use-cases appropriate for blockchain. Enterprise is the services arm of Hashed Health. Its customers include some of thelargest insurance companies, non-profits,IT people knew aboutblockchain Bass, the CEO and Founderof Hashed Health, envisioned how the underlying technology couldtransform healthcare. In early 2016, this was a radical connection. When its potential clients likely only knew of the technology because they paid aransom using bitcoin, the idea that blockchain might ultimately save healthcare was easily dismissed. Nevertheless, Nashville, Tennessee, a town built on traditional healthcare, has now embraced Hashed Health as astar. Hashed Health is a fast-growing Technology Company that leverages blockchain and distributed ledger technologies (DLT) to solve healthcare’s most important problems. The company endeavors to build an ecosystem of businesses that organize networks of stakeholders around blockchain technology solutionswhich will, in turn, impact the cost and quality of healthcare in the U.S. and globally. Hashed Health believes that blockchain is the framework that will underpin the changes to value and delivery structures, enabling a more sustainable, patient-centricsystem. From the CEO’sCorner John is a healthcare innovator andan international speaker seasonedwith “We build blockchainsolutions that address long standing problems inhealthcare” 20 |September 2018 |
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 vendors, and government agencies in the USand abroad. Hashed Labs is a team of blockchain healthcareproduct managers and engineering talent. They build product and work on innovative business models and governance structures. This team specializes in finding the sweet spot between a technical solution, an innovative business model, and a governance mechanism that makes a product come tolife. Hashed Collective is an open community-building forum for healthcare organizations, consumers, entrepreneurs, and developers to talk about blockchain applications for healthcare. Collective includes meetups, podcasts, webinars, newsletters, online educational resources, and other innovativecommunity- building tools to help broaden the community of blockchain healthcareadvocates. These three areas of the company work in syncto support market-development activities alongside Hashed Health's products andpartnerships. More than just a Technology Company The core team of Hashed Health has their background in healthcare, enabling the company to stay on thefront lines of Health IT, payment models, and care delivery. They understand the problems and the obstacles in healthcare and sees blockchain as a way to fixthem. Blockchain, for Hashed Health, is not a technology in search of a problem. If a problem can be solved without blockchain, the Hashed team will be the first to say so. As a company, it is also platform-agnostic – for each application and each use-case the team looks at all available blockchain platforms and tool sets and then works with the stakeholders to pick the best instancefor the problem at hand. The firm’s values are intertwined with blockchain’s core characteristics – trust, collaboration, transparency, and incentivealignment. The Milestones in Its Journey toSuccess The company just celebrated it two-year anniversary. From local meet-ups to co-hosting the world’spremiere blockchain-focused healthcare conference, Hashed Health has successfully led blockchain to its place as one of the hottest topics in healthcare. Travelling around the world, the team has presented andkeynoted JohnBass CEO &Founder at major healthcare and blockchain events byinvitation from major healthcare players andgovernments. To add to its glory, the developers at Hashed Health have completed and won premiere hackathon events like ETHWaterloo and Discover Blockchain, to name a few. Individually, John has been awarded NashvilleTechnology Council 2017's Innovator of theYear. Strong-Willed to Better the Future ofHealthcare Currently, the company is building an ecosystem of solutions that address previously unsolvable problems. Hashed Health endeavors to create a portfolio of complementary and symbiotic applications that will fundamentally change healthcare delivery. With frameworks and marketplaces, it wants to allow the industry, constrained by legacy practices andtechnologies, to evolve without blowing up a system so many patients dependon. “Starting from scratch is not an option, but the current system is unsustainable – blockchain is how thisgeneration can evolve away from today’s healthcare infrastructurethat is collapsing under its own weight,” Johnsaid. |September 2018|21
mHealth: The New Horizon in the HealthTechnology 22 |September 2018 |
PocketWellness M obile health or mhealth is a general term coined for the use of mobile or wireless technology inthe healthcare systems. It is a part of ehealth healthcare practice. The most common application ofthe ehealth is to educate the consumers about the preventive health care services. It is also used indisease surveillance, treatment support, epidemic outbreak tracking, and chronic disease management. mhealth ispopular due to the areas that are accompanied by a large population and the widespread mobile phone usage. Withinthe digital health, mhealth encompasses all the application of multimedia and telecommunication ensuringaccurate delivery of the healthcare and healthinformation. Some of the practical examples of mhealth are the voice communication and mobile messaging for the provider to improve the health behavior. Mobile technologies are helping the healthcare sector in improving training and service quality of healthcare workers, reducing the cost of service along with reducing the redundancy and duplication ofthe collectedinformation. Motivation One of the main aspects of the mhealth is to push the limits of the healthcare sector and quickly acquire, transport, store, secure, and process the raw processed data into useful and meaningful results. mhealth offer various abilities to the remote individuals so that they can participate in the healthcare value matrix, which was not possible in thepast. In many such cases, these participants can provide their valuable contribution in gathering data or create awareness of the disease in public health like outdoor pollution, violence, ordrugs. Motivation arises in mhealth due to the following twofactors: The first factor is the rise of the constraints faced by the healthcare system of developing nations. These constraints include the population growth, limited financial resources, the burden of disease prevalence, and a large numberof the ruralinhabitant. The second factor is the rise in mobile phones in the world and its large population. The greater access to the mobile phones in all segments of the country helps in saving information and transitional costs for the proper healthcaredelivery. HealthOutcomes The integration of the technology with the health sector has promoted the betterment of the health, its lifestyle, and has improved thedecision-making ability of healthcare professionals. Overall improvement is seen in the areas like health information and the instant connection between patients and healthprofessionals, which was not possible before. Following that, there is an increased usage of technology thathas reduced the health costs and has improved the efficiency of the healthcare systems. The growth of health-related applications has further boosted the growth of themhealth. A potential implementation is the direct voice communication for the poor literates and local-language versed people. The phones equipped with the local language aid in information transfer capabilities that were notavailable before. With the help of the mobile technology, the support for the existing workflow within the mhealth sector and the general public hasincreased. |September 2018|23
TheAdvantages mhealth provides various versatile advantages across allthe areas of the healthcare industry. It not only helps the disease-affected citizens but also helps in monitoring potential patients that are at risk. Furthermore, it has incredible potential in the biometric hardware andreal-time analytics. Majority of doctors believe that the applications developed in the name of health are actually beneficial. Aroundninety- three percent of doctors suggest that the mobile healthcare applications help in improving the overallhealth. Some of the most common advantages of mhealthdevices are: Medication reminder- Using a reminder, the public can set timers for their medications, exercise, and many moresuch activities. Fitness trackers- People can monitor their fitnessand burnedcalories. Calories counter- People can monitor how muchcalories they are taking-in and can controlit. Mobile emergency health communication- Citizens can contact their loved ones in any kind of emergencies. Ifthe device has autonomous capabilities, it can automatically contact the concernedauthorities. Heart and Vital monitoring- Application rendered withthe vital monitoring abilities can be very useful. Citizens can use these while exercising or in the case of emergency for example, patients’ vitals’ can be monitored in an ambulance. As mhealth is becoming widely known, healthcare providers are embracing the mobile communications,thus improving the relationships with thepatients. Constraints Major hurdles in the mhealth are the guidelines regarding the privacy and security of the health data collection on mobile technologies and identifying new opportunities to enhance the delivery of mhealth services. According tothe surveys, resistance is seen from staff and physicians dueto the change. They are unwilling to learn new skills ornew technology. They also believe that it impedes their workflow. In terms of workflow, the structure of evaluation presents a major challenge for the healthcare sector. There should be resolute standards for the evaluation. With the constant change of technology, infrastructure, and innovative research methods, there is a specific need to evaluate the process and consequences of the action taken in themhealth process implementation. Consequently, a balance is required to be maintained in the mhealth applications and its execution. Healthcare providers must also take care of the data overloading. As the data is collected in the real- time and recorded, there must be a proper assessment of the collected data where non-important data is filteredout. IndustryTrends Being the fastest growing trend, the mobile platform isused by more than five billion people in the world. With the increase of smartphones and wireless networktechnologies, the digital healthcare systems have new possibilities alongside new challenges to provide high quality, efficiency, accessibility, and lower cost to the healthcare services. Various reports suggest that the consumers are expecting mhealth to change the overall healthcare experience with the way the digital information is obtained. The impact of mHealth is seen in the relationship and overall communication between a patient and thephysician. Studies have shown that the health monitoring devices and cellular connectivity has reached more than seven million people. The combined market of the mobile health applications, health, and wireless apps, is expected to grow at a significant amount. In some countries, there are apps that are monitoring the patient's asthma right from their mobile phones. It is done using the microphone of the phone just like a spirometer. Other countries are using a wireless shoe insole, used to monitor the blood pressure in the heel. This digital shoe alerts the diabetic patients, when there is too much weight on feet, which can help in the elimination of footulcers. mhealth has enormous potential and is growingrapidly along with changing technology. Various international organization and global experts are researching continuously to foster the best use of currentpromising technology to improve the globalhealth. 24 |September 2018 |
HaystackInformatics LeveragingBehavioralAnalysistoSecure Health Systems againstInfringements Ithedatainthis industry is very efficiency, time-driven activity-based-costing (TD-ABC), and performance improvement. About the Company Haystack Informatics is a privately held company, headquartered in Philadelphia, PA. It is driven by the mission to safeguard and optimize healthcare. Rooted in the values of Integrity, Passion, and Ownership, Haystack’s vision is to be thepartner of which healthcare institutionsthink about first whenever they need to protect against insider threat or turn their operational data into actionable insight. From the CEO’s Desk The Co-founder & CEO of Haystack Informatics, Adrian Talapan, is atech entrepreneur. Previous to the establishment of Haystack,he co-founded HouseFix, a marketplace for homeowners and home improvement contractors(TechCrunch Disrupt finalist), and Clarix, a clinical trials logistics and management platform for the pharmaceutical research and developmentindustry. Talking about the industry and the company, he asserts, “Healthcare is a complicated business, which only got more complicated with theintroduction of massive Electronic Health Record systems. Running on thin margins, healthcare professionals are currently in the delicate position to deliver the best care they can, while operating in an increasingly information-rich environment that puts significant strain on their capacity to do so. We believe safeguarding and optimizing healthcare are essential initiatives for the next 3-5 years, which is why we set off to help health leaders on thispath.” Tech-Powered Services Haystack currently offers two services, both delivered as Software-as-a- Service (SaaS): Haystack Monitoring and HaystackIntelligence. Haystack Monitoring: This is anext- generation insider threat monitoring platform, which usesbehavioral nformation Security inhealthcare is a major issue as the natureof sensitive. As a recent Verizon report concluded1, 58% of security incidents are caused by insiders. In fact, the authors of the report found the healthcare industry as the onlyindustry in which internal actors are the biggest threat to the organization. These incidents include unintentional errors and malicious actions, as well as the abuse of access privileges. They involve the loss of unencrypted devices, snooping on patients’ information, hacking, and malware attacks. Inside threats are hard to identify and harder to control. With the assistance of a trusted security partner, this task can be made effective and easy. Haystack Informatics, Inc., a behavior analytics company, is one such firm that helps the healthcare providers to protect their data and operations from variousthreats. The company was born at The Children’s Hospital of Philadelphia (CHOP) as a next-generation platform to advance patient privacymonitoring. Since then, it has grown itsofferingto capitalize on its deep understandingof employee behavior in regards to the use of Electronic Health Records (EHRs), and the ramifications of this behavior in the areas ofoperational “We help safeguard andoptimize healthcare” 26 |September 2018 |
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 science to assist healthcare professionals with the detection, investigation, and reporting of patientprivacy violations, as well as with drug misdirection and other employee behavior deviations. It focuses on understanding employee behavior and patient interactions in the context of delivering care. Combined with intuitive visualizations and end-to-end reporting functionality, this solution allows privacy experts to focus on the most criticalthreats. Haystack Intelligence: It offers healthcare leaders the ability to understand the operational performance of their domain. This solution delivers an objective diagnosis and determination of the root causes of operational efficiencies and inefficiencies as they arise in the areas of EHR Workflow Optimization, Operational Improvements, Service Cost Management, and Patient Experience. “I make performance improvement a breeze. I reveal exactly where you should implement the smallest change to get thebiggest benefit at the lowest cost. Objectively track the ROI of your improvement changes today.”- Haystack Intelligence DistinguishingCharacteristics The company encourages employee diversity and empowerment. It believes that different pointsofviews and personal initiative generally lead to stronger outcomes and this makes the work environment more exciting. Haystack is a customer centric organization and its special relationship with CHOP keeps it abreast of the latest challenges and opportunities in healthcare. In turn, these allow it to remain best aligned with industry needs. Haystack works alongside itscustomers in four steps: Ingest: simple data retrieval from EHR; Identify: exploring the data to find snooping risks and best practices and opportunities; Improve: make changes to improve the provider behavior; and Measure: quantify and monitor the impact of any changes. There are several data sources that track the on-going processes within the health system and each of it creates a unique viewpoint into what is happening. Haystack Monitoring is analyzing the entire universeof risk and Haystack Intelligence combines them all to provide insight about performance bottlenecks and opportunities. “Haystack Monitoring, showing an anomalous access (red link) and the context aroundit" “Haystack Intelligence, showing how anencounter type is performed across varioussites, with associated costdifferences” Certainty about a Bright Future Haystack is aware that the healthcare industry will continue to experience significant challenges in the years to come. It foresees that a data-based approach, inspired from lean manufacturing techniques, can help healthcare leadersadapt to changing circumstances. The company believes it iswell- positioned to assist health systems navigate through these upcoming challenges, given its focus on safeguarding and optimizinghealthcare. 1https://www.verizon.com/about/news/new-report-puts- healthcare-cybersecurity-back-under-microscope |September 2018|27
Dr. Steven Pelech Founder, President, & Chief ScienticOfcer 28 |September 2018 |
Biomarkers Tbase-pairs inasinglehumangenomecan now bedetermined for less than $1000. Complete genomes he costs of sequencing the order of nucleotide bases in the DNA strands found in chromosomeshave plummeted by a million-fold over the last 25 years. The entire sequence of 2.9 billionnucleotide of hundreds of thousands of people are expected to be sequenced over the nextdecade. While the acquisition of such genomic knowledge was originally forecasted to herald better diagnostics and therapeutic treatments, the actual deliverables for improved health care have been disappointing. Excluding cancer, it has become apparent that only about 10% of the cases of the most common diseases that afflict our population have a genetic basis that can be ascribed to hereditary mutations in the DNA sequences ofspecific genes. Over 100 million single nucleotide variants appear to exist in the human population, and perfectly healthy people appear to commonly harbour about 100 or so serious disease-associated mutations without any apparent manifestations of these particular diseases. Studies, with over 50,000 genetically identical twins, have shown no increased risks for the 24 most common diseases amongst the twins than for a twin withthe generalpopulation. About theAuthor Dr. Steven Pelech is the Founder, President, and Chief Scientific Officer of Kinexus Bioinformatics Corporation, and concurrently a full professor in the Department of Medicine at the University of British Columbia. He was formerly the founder and president of Kinetek Pharmaceuticals. He has authored more than 230 scientific papers and created the SigNET on-line Knowledge-bank. Seasoned with over twenty-fiveyears of experience in the areas of science, business, and administration, he has contributed leadership, vision, and strategic planning toKinexus. |September 2018|29
Over 95% of the known 21,300 genes carried in the human genome serve as the blue-prints for the construction of all of the cellular proteins, known as the proteome. These proteins function like molecular robots to regulate and carry out all of the biochemical reactions needed to keep cells alive. Their programming for specific tasks is partly hardwired into the structures of these proteins as dictated by their gene sequences. But, they are also tightly controlled by reversible modifications after they are initially manufactured, which are added on by regulatory proteins that operate withincellular intelligencesystems. While gene sequences can provide some clues as to the potential functions and interactions of proteins with each other and other molecules, this information is extremely limited. Even now, we do not have a real sense of what over a thirdof these diverse proteins do, and less than 20% of these proteins have received any real serious attention in researchlabs. The disconnect between genetic information and the actual occurrence of disease is due to the high impact of environmental factors such as diet, life style and exposure to agents in the environment that can affect the proteome. Proteomes are immensely complex and dynamic. For example, blood plasma may contain as many as 40,000 different protein products, and their individual concentrations can range over a trillion-fold. Consequently, tracking proteins offers much better insights into the occurrence of diseases than genetic profiling, and importantly the opportunity for more rational therapeuticintervention. While about 21,300 genes encode proteins in the human genome, the actual number of distinct protein entities in the proteome may actually exceed several million, largely due to the range and degree of added modifications and other processing. More than 50 types of modifications have been documented in proteins, with phosphorylation as the predominant reversible regulatory mechanism. Over 85% of the proteome is known to be phosphorylatable at over 250,000 sites, but the actual number of phosphosites appears to be closer to a million. The occurrence of these andother modifications in proteins represent a rich source of biomarkers that may correlate better with the development of pathologies. Most sites of known protein modification were originally revealed by mass spectrometry (MS). However, apart from being very expensive, MS requires milligram amount of biological sample material and is finicky for reliable detection of desired target proteins. For example, out of some 3000 phosphosites in proteins that have been well documented tobe functionally important in the scientific literature, about 22% have not been reported in any MS studies, whereas another 16% were documented in only one of thousands of MS analyses that had beenperformed. Antibodies have been well proven to be reliable and effective probes for the detection and quantification of specific proteins for their present and modification states. Over a million different antibodies against diverse proteins are presently commercially available. Furthermore, the printing of antibodies as individual microdots on microscope slide- sized chips with densities exceeding 5000 spots per chip has paved the way for biomarker discovery that is easily translatable into the development of routine diagnostic tests. Biomarker antibodies can readily be re-deployed intoother tried and true platforms such as immunoblotting, ELISA, andimmunohistochemistry. Problems with sample preparation, high background issues, and low sensitivity of detection initially hampered the wide- spread adoption of antibody microarrays. However, recent breakthroughs on all of these fronts have poised antibody microarrays to become the most versatile, reproducible, and cost-effective tools in the foreseeable future for biomarker discovery, using as little as 25 microgram amounts of protein samples from crude, unfractionated lysates from cells, tissues, and bio fluids. High content antibody microarrays can identify the most appropriate and robust panel of biomarkers. When used to probe lysate microarrays printed instead with hundreds of patient specimen samples on each slide, these biomarker antibodies can provide accurate, comprehensive and economical diagnoses for diseases and forthe monitoring of the effectiveness of therapeutictreatments. 30 |September 2018 |
Prey DevouringCyberTheftwithModernism &Amendment T he development oftechnology ‘Prey’ingTactics It integrates all devices independently and irrespective of their operating system, and centralizes them under an online panel that serves as a remote control room. From there, the administrator can operate Prey’s functionality, triggered by Prey’s installed agent to monitor a mobile device fleet’s position, organize into labeled groups, and passively monitor devices utilizing its Control Zones geofencing tool to detect movement,if the devices leave a designated area such as a hospital lab, building, or campus. In case of theft or loss of a device,the administrator will be ready to react to the event and secure the data located on a lost device remotely, locking it down and eventually retrieving it. As for the asset itself, Prey’s tracking,or ‘MISSING mode’ will generatereports with pictures, location, nearby Wi-Fi networks, hardware changes, and a wealth of actionable data that empowers police to take immediate action to retrieve the mobiledevice. Overpowering the CyberSecurity Space Prey provides a thorough solution with a steadfast focus upon anti-theft and data loss prevention. Health and educational organizations interact with extremely sensitive data regularly and require a solution that, aside from general management, ensures thatthere is a barrier against all the worst cases. This is why Prey focuses on protecting the data, locking it, or eliminating it if necessary. The company makes it easy to retrieve a misplaced device, or stolen devices. It initiates proper device recovery and identification of the perpetratorthrough comprehensive evidencereports. The organization’s initial successhas created a strong base of trust. Prey Software, being a part of an industry that deals with extremely sensitive issues, focuses on transparency and open development that has proven to give its users the peace of mind they need. is leading to more andmore devices to be connected tothe internet; data is becoming the newoil for both the developed and developing nations. However, this has given riseto the threat of data breach, loss, and misuse, which have become an alarming issue in today’sscenario. This is especially true for medicaldata, which is increasingly stored on mobile and connected devices, becoming vulnerable to theft ormisplacement. Even with the industry in constant development, IT security inhealthcare suffers from outdated regulations that set security standards far below the threatline. To counter this issue emerged a company, Prey Software. Itspecializes in providing a software platform that secures and manages mobile devices like laptops, phones, and tablets against theft, loss, and data misplacement. Prey wants its users to have all the necessary tools to stop fearing theft, and to prevent the chance of devices getting lost or stolen in the firstplace. The company wants to turn that problem into an opportunity for organizations and users to stand up against theft or loss of criticaldevices and regain control over theirdata. “Our solution promises no theft, no dataleaks, only organized and secured mobilefleets” 32 |September 2018 |
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 A Leader with a Revolutionary Thought Process Prey was born in 2009 when Carlos Yaconi, who isthe current CEO of the organization, joined forces with Tomás Pollak, the initial founder of the Linux application. Together they created the first global tracking and anti-theft application for mobile devices. Prey Anti-theft, the brain child of Carlos, grew from an initial single-platform solution into today’s comprehensive multi-O/S and multi-device tool; which aids businesses and consumers to protect nearly all devices, regardless of the operating system or device manufacturer. It is a one-stop solution, which secures and manages all of a company’s various mobile devices. The key to this continued expansion of Prey is the by- product of the flexible environment Carlos created within the company, welcoming methodology changes, according to the team’s needs or the evolving needs of customer organizations. This open approach camefrom Carlos’ past experience as an entrepreneur leading two software and service provider companies namedNectia and Bizware that are still active today, as well as his background as a Computer Science and Information Technologygraduate. Notable Milestones Achieved byPrey Carlos is a firm believer in the power of open-source community and solutions, and in 2012, this led Prey to become part of the global Endeavor program, an initiative that connects entrepreneurs all around the world to promote and generate change. By offering an exceptional service and protection against theft, Prey has been granted the Presidential Award forInnovation in Chile and it is the first public anti-theft solution available for mobile devices worldwide. The company has led to the development of an entire industry with the basic goal to provide anti-theft solutions, which gave a thrust to various similar platforms like ‘Findmy iPhone’ by Apple. Today, Prey is protecting more than 8 milliondevices! Maintaining a Healthy Office Environment Carlos asserts, “Office culture plays a huge role in the company”. Prey believes in open spaces and comfortable environments, with flexiblepositions, games, and isolated spots for anyone in the companyto CarlosYaconi Founder &CEO work. “We’re a small group of people so we must ensure all relationships develop smoothly, tackling any issues up front with open discussions”, adds Carlos. Prey has applied a unique horizontal methodology tothe company’s business approach. In a nutshell, Prey employees bring their talents to participate as a whole, independently of the area or position they workin. Speaking of the dynamic workspace, Carlos says,“Projects and ideas are approached in collaboration, welcoming new ideas and encouraging feedback from every employee, no matter what their defined roleis.” A Strong Leap into theFuture The company is continuously looking to tackle newsecurity opportunities, from the development of improved anti-theft and multi-device management capabilities, to reaching new frontiers that suffer from the same problems and security challenges. Prey Software works hard to stay up-to-date with its user’s requirements and help them with more thorough solutions that add additional barriers to block threats, such as the development of remoteencryption. The following years will see Prey expanding to helpsecure new formats from theft and to simplify the management & control of devices and data in an increasingly mobile world. |September 2018|33
Tokenization orEncryption - ChooseWisely 34 |September 2018 |
DataCryptology P ersonal Health Records(PHR) In simple words, encryption ismasking of critical information. At one end, the data is encrypted, like a code, and then sent over to the other end. Only the user at this end has the key to decrypt the already encrypted data, and no other party can decode it. This key can be given to more than one end user to facilitate broadcast of information to authorized group of people. This process helps in avoiding interference of any third party and reduces the risk of data theft or unwanted data modification. In tokenization, the data is protected using tokens. Small chunks of dataare assigned particular tokens, whichpoint to the location where this data is stored. Giving the tokens to selective users allow them to access data with ease and security. Once intercepted, these tokens are rendered useless and cannot help in accessing the real information. The benefit of tokensover encryption keys is that the tokens are easy to handle, they are one time generated codes and hence, do not compromise realdata. Forms ofEncryption The mathematically encoded data using encryption is called‘Cipher’and the key used to decode the cipheris security is the new ladderthat many security technologiesare trying to climb. One of the reasonsthat healthcare providers are working towards this is that they are willing to secure their and patients’ data. The other reason is that is a requirement imposed by the legislations such as HIPAA, HITECH, etc. which are to be obliged to, to avoidpenalties. Tokenization and encryption are twoof the technologies used to safeguard information. Both of these arecritical to an organization to avoid breaches. Even then the dilemma ofencryption versus tokenization doesexist. |September 2018|35
called as ‘secret key’ There are two types of encryption keys: symmetrical and asymmetrical. In symmetrical process, same key is used to lock and unlock the data,while in asymmetrical these two keys are different. This helps to reduce the radius of data vulnerability. Additionally, key rotation can be used. Regular key rotation limits theamount of data that can be encrypted using a single key. Therefore, in case of interception, only a small amount of data is vulnerable. Vault-based andVault-less Tokenization In the process oftokenization, all the tokens are stored in a token vault alongside data and in the same size at data, eliminating to need to modify the storage space. Referencing the token vault is the only way to access data. The vault-based tokenization needs expensive synchronizationmethodologies as well as it is too complex to store large amount ofdata. Recently, vault-lesstokenization was developed to tackle the challenges in vault-basedone. In this, the sensitive data is replaced with a fake datathat looks exactly alike. It provides high securitywhile maintaining the usability ofdata. TheDilemma Although both, encryption and tokenization are forms of cryptography, they are very different and not interchangeable. Each of them has its own set of benefitsas well as disadvantages. There remains a conflict between which of them is best, the solution to which depends onthe organization’s requirements. Edward Snowden, an American computer professional, said, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on”. Encryption, today, is commonly used by millions of people to encrypt the data on their phones and computersto remain secure in case of accidental loss of sensitivedata. Also, it is used by government and corporates tothwart sensitive data, surveillance, and so on, as it is possible to encrypt and decrypt large amount of data with just onekey. Although it brings in many effective solutions, it also has few drawbacks. Encryption breaks application functionality; there is always a trade-off between the strength of encryption and applicationfunctionality. Moreover, if the key is compromised, the thief orhacker can unlock all the data the key was used toprotect. In tokenization, these intricacies are eliminated. As the token is a random code and not actually data in the encrypted form, when and if compromised, no data is breached. Also, as tokens only map the actual data, the problem of application functionality is solved. But, with tokenization, the user’s database increases in size as it has to store the tokens separately. This makes it harder to scale and maintain the database. Exchange of data is also difficultas the exact token is needed to unlockit. The Ever-Growing Need With the digital revolution, the landscape of business worldhas turned upside down. It hascreated entirely new industries and enterprises. But, it has made the organizations vulnerable to various destructive and new threats. Some of the industries, including healthcare, rely onlarge amount of data that is sensitive in nature. As the volume of this data grows, so does the risk of cyber- attacks. Cyber criminals trade in personal and sensitive information; it is literally the currency for them. The stolenor hacked data is further sold to various buyers who sellit further for even more money. To safeguard against these threats, businesses and individuals should take immediate steps in this direction and comply to several regulationslike HIPAA, GDPR,etc. Use Cases of theTwo Tokenization is commonly used to protect payment card data. It is also used to safeguard other types of data, sensitive in nature, like telephone numbers, account numbers, email addresses, security numbers, and the data needed in back-end systems. Encryption, on the other hand, is better suited for unstructured data including long text paragraphs or complete documents. It is also ideal for exchange of data with the third party, helping to validate its identity online. Both these technologies are being widely used now-a-days to protect the data stored in applicationsor cloudservices. The question that remains is- which one of them is better? But the ideal solution depends upon the circumstanceunder which it is used. Although tokenization is often seen to more efficient, as there is no link between the original data and the tokens, encryption can be considered the best choice in case of unstructured data. Organizations can leverage the benefits of either encryption or tokenization,or even both, according to the difficulty athand. 36 |September 2018 |
Seceon Delivering Cutting-Edge IT Security for Healthcare’s Digitally TransformingWorld Ihave empowered healthcare nnovations in mobility,IoT, reseller partners globally. Thecompany launched its Open Threat Management (OTM) Platform in April 2016 and has been releasing major updates every quarter with enhancements in machine learning, dynamic threat models,multi- tenancy, and scaling. Seceon’s innovations have continued in 2018 when the company introduced aiSIEM™ and aiMSSP™ to transform the landscape of IT security in healthcare. Seceon’s Solutions ProvideMuch- Needed IT SecurityAssurance Over the years, Seceon has crafted a niche in the market as an adeptsecurity solution provider that deeply understands the nuances of cyber threats encountered by small-to- medium sized businesses (SMBs) and enterprises. To achieve the goal of “Cyber-security Done Right,”the company engineered its groundbreaking OTM Platformfrom scratch. OTM works out-of-the-box toinstantly protect against known and unknown threats. It provides comprehensive visibility, proactive threat detection, and automated containment and elimination of threats in real-time, all while minimizing costs, staff bandwidth constraints, and performance impact. OTM helps enterprises automatically generate prioritized threat alerts that matter in real-time and empowers SOC / IT teams to detect and respond to the threats quickly, before critical datagets exfiltrated. Seceon’s aiSIEM and aiMSSP solutions are built on theOTM Platform: Seceon aiSIEM goes beyondtraditional SIEM and eliminates the need for adding multiple silo solutions. It ingests raw streaming data from applications, identity systems, flows, and raw traffic from networks to provide comprehensive visibility, proactive threat detection, automated threat containment and elimination, and continuous compliance, policy management, &reporting. Seceon aiMSSP enables Managed Security Service Providers (MSSPs)to wearables, and cloudcomputing systems to improvehealthcare management and enhancepatient- provider relationships. While the healthcare industry has embracedthese benefits, increased connectivity is also putting health systems at much greater risk of malware and other cyberthreats that, if successful, could have devastating consequences on patient care, privacy and healthcare organization management. Massachusetts-based Seceon delivers cutting-edge IT security solutions toits clients to protect against these risks by immediately detecting, quarantining, and eliminating any threats beforethey do anydamage. This trailblazing IT security company is distinguished for offering the first fully automated, comprehensivecyber security platform that helps organizations to safeguard their valuable information andpeople. Seceon’s mission is to empowerSOC and IT teams of all-sizeorganizations to easily and affordably detect and mitigate threats, as soon as they are uncovered. Since its inception, Seceon has successfully served over 300 clients, won more than 50 awards, and built a robust network of 50+ distributorsand “We make it easy for healthcareorganizations to protect their data and their business from all known and unknown cyberthreats.” 38 |September 2018 |
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 • offer outsourced security services to SMBs, including 24x7 security monitoring, threat intelligence, andreal- time detection and remediation, at nominal and predictable linearcosts. • The Secret behind Seceon’sSuccess • Seceon’s OTM platform is growing in popularity across all business verticals due to its unique ability to ensure proactive detection, containment, and elimination forall threat categories. Key differentiated benefits of Seceon’s OTM platforminclude: • Comprehensive Visibility • The OTM Platform ingests all raw streaming data (Logs, Packets, Flows, and Identities) and provides real-time extensive view of all assets (users, hosts, servers, applications, data access, and movement traffic) that are on premise, cloud, or hybrid, and their interactions. • Reduce Mean-Time-To-Identify (MTTI) with Proactive Threat Detection • The platform proactively detects threats andsurfaces threats in real-time without an agent or alertfatigue. • Reduce Mean-Time-To-Resolve (MTTR)with Automatic Threat Remediation • The OTM Platform performs automatic threat containment and elimination in real-time. It also provides clear actionable steps to eliminate the threats that can either be handled automatically by the system or manually by the security expertpost- analysis. • Continuous Compliance, Policy Managementand RiskMonitoring • The platform provides continuous compliance and scheduled or on-demand reporting. This includes, HIPAA, PCI-DSS, NIST, GDPR, SOX, FINRA,etc. • Innovation Starts at theTop • An ideal 21st century IT security leader is one who envisions the upcoming threat landscapes and prepares foolproof solutions for it in advance, not only to drive the success of his business, but to benefit the industryat large. Chandra Pandey is a leader who fits this mold. As Founder and CEO of Seceon, he has guided his organization in pioneering solutions for critical cyber threats. He orchestrates the company’s business and technical strategy, and fosters innovationby ChandraPandey CEO &Founder empowering all company members with decision-making abilities, encouraging open and respectfulcommunications, and building a culture of continuousimprovement. Chandra is the driving force behind Seceon’s commitment to creating affordable cybersecurity solutions for organizations of all sizes. An engineer by trade, Chandra applies the deep leadership, technical, and businessstrategy expertise gained during previous positions at Nokia, Ciena, Juniper Networks, and BTI, to Seceon’s groundbreaking IT securitybusiness. The RoadAhead Seceon’s expertise in crafting leading-edge solutions for rising cyber security challenges, out-of-the-box thinking, and passion for ensuring “Cybersecurity Done Right,”has made it a dominant IT securityprovider. During the next few years, Seceon will continue to belaser- focused on adding innovations to its aiSIEM and aiMSSP “Comprehensive Cyber-security for the Digital-Era” solutions. “Seceon is designed from the ground up to automatically detect, contain, and eliminate critical cyberthreats faced by the healthcare industry in real-time, including data breaches related to PHI and IPransomware, malware on medical devices, credentials/insider threats, and compliance with regulations like HIPPA, PCI-DSS and NIST,” concluded Chandra Pandey. |September 2018|39
STRATEGIES Staying Updated to the Latest Threats The developing world is witnessingsevere cyber security threats. This buddingcyber security landscape influences the IT andsecurity squads to stay updated to the latest threats and their respective agents. They need to successfully predict the attack vectors by educating their staff about the recent scams and threats. The healthcare organizations should provide their employees with the trainingbased on the security risks in accessing links and attachments in the email. The healthcare organizations need to abandon the obsolete technology and replace it with modernized technology that is highly resistant to cybercrime. They need to tremendouslyengage with the smart and quick Big Data Analytics to secure gigantic computerized data and converting the unstructured SIEM data to a specific format for making strategic decision to reducecybercrime. Involve BusinessAcquaintances The healthcare organizations need to pitch in with additional resources, to ensure information security. These organizations need to engagethe various business associates and merchants for accountable and secured health information under the Health Insurance Portability and Accountability Act (HIPAA). The business associates can face direct civil liability for a breach of this act. However, it is the responsibility of the healthcare organization to confirm that their business associates are maintaining Protected Health Information (PHI) effectively. Establishing a strong persistent program to monitor business associates gives the health organizations the threat intelligence they need to guard their business against duplicitous transactions. The affiliation of the healthcare organizations with the business associates will help them to monitor the new risks, controls, and the emerging vulnerabilities of thecybercrime. Implementing AppropriateControls The healthcare organizations should implement strict measures to confront and terminate the Bring-your-own-device (BYOD) programs. They should focus on the execution of thesuitable FORHEALTHCARE ORGANIZATIONSTOCOMBAT CYBERCRIME O ver the past few years, the magnitude of threatagainst healthcare organizations is growing exponentially.Currently, the healthcare industry is striving hard to target thecyber breaches. The Chief Information Security Officers (CISOs)are becoming smarter and sophisticated to outmaneuver the cybercriminals. The healthcare organizations are acutely focusing on their IT functions and effectively correlating information to mitigate the risks of cybercrime. They are consolidating this informationfrom the various vulnerability scanners to effectively manage and aid their business context. Various foremost healthcare organizations are adopting cutting-edge cyber security approach, where the senior board arrays the tenor for the organizational operations to successfully respond to the cyberrisks. Categorizing theAssets There is a major necessity for the healthcare organizations to understand the cyber security risks for smooth management of their business context. They need to establish a specific data security team to classify data assets in association with their business significance. Managing the patient records and keeping in mind thesusceptibilities existing in a client's desktop would be far less than those present on an acute database server is very imperative. The healthcare organizations should prioritize the most critical assets which can lead to effective threat mitigation efforts backing the cyber security. The traditional and upcoming healthcare organizations need to conceptualize and take firm measures safeguarding the patient data and classifying the assets to certify complete networksecurity. 40 |September 2018 |
Cybernetics controls around data segregation and infrastructure security. Constant monitoring practices are required to ensure that the controls are active and functioning in a desirable manner.The healthcare organizations should influence certain security incident recognition and response programs to mitigate the cyber securityrisks. Additionally, operations regarding crisis management must be integrated into the flexible business strategies. The healthcare organizations need to implement adaptive technologies to manage identities and to regulate the information being accessed. They should undertake operations to detect the loopholes and vulnerabilities inthe mobile apps that would surely reduce and support the high grounds of the cybersecurity. Monitoring Internal Systems &Logs The healthcare organizations need to invest in the evolving technologiesthat enable them to spontaneously scan and secure data, log data modification activities as they arise, and instantly alert their IT teams about the fraudulent behavior. These teams must focus on detecting the loopholes with the help of an automated bot or a specific process that intermittently run through the system, combating the threats. This will help the organization to spot the vulnerabilities and save time, resolving it before enough damage. Monitoring the logs is a key component of an organization’s compliance initiatives. This wouldhelp the healthcare organizations to properly audit and prepare a report on the file access which can detectillegal activity by the users and othermajor cyberthreats. The Future Innovations The increasing complexities of IT landscape in the healthcare organizations, the future is critical for the security teams to choose the exact processes and tools to defend the organization from budding breaches. The healthcare organizations in the upcoming future are planning todesign robust systems and strongerencryption algorithms to successfully safeguard the cybercrime in the healthcare sector. Soon there will be an introduction to the new General Data Protection Regulation (GDPR) to replace the age- old Data Protection Act, which would increase the security of the personal data and also itsexploration. |September 2018|41
SecureNetMD AnInnovative Technology Partner for HealthcareLeaders Cbecomeanabsolutenecessity. yber security is no longerjust The Prodigy LeadingSecureNetMD Jack Berberian is the Founder and CEO of SecureNetMD. He holds diverse educational proficiencies- JD, CPHIMS, CHSP, CHSA, ATC, toname a few. He is a seasoned entrepreneur who has worked across multiple industries and verticals. Jack has also founded Troy Ventures, LLC, MedTix, LLC, as well as co-founded ThinkSecureNet alongside SecureNetMD. Under this dynamic leader, SecureNetMD has reached the height of success that it is at today. “At SecureNetMD, we’ve invested in becoming a true technology partnerfor our clients. Our award-winning solutions are backed with first-class service, providing healthcare providers the leverage and confidence to getback to what’s mostimportant—improving and expanding patient care,” asserts Jack. Promising Solutions andServices Not only does it deliver fully-HIPAA compliant solutions, SecureNetMDhas invested in developing a trusted relationship with its clients. It believes that the needs of healthcare organizations can vary greatly and hence, is not interested in a one-size- fits-all technology. With the largest needs of maximum healthcare organizations at its nexus, SecureNetMD offers solutions in four core focused areas: Managed Security Solutions, Managed IT solutions, Unified Communications, and IT Infrastructure. These aid in protecting healthcare organizations and their patient ePHI through innovative threat management, endpoint encryption, and compliance managementsolutions. The Managed IT solutions allow SecureNetMD to empower and streamline healthcare organizations with fully managed or co-sourced 24/7/365 service desk. They alsoallow healthcare providers of all sizes gain invaluable access to a full fleetof a trending practice; ithas With paper records movingto electronic ones, the side-effect of this revolutionary transition cannot be ignored. To address the same in healthcare industry, a remarkablepiece of legislation- The Health Insurance Portability and Accountability Act (HIPAA), was coined. Made with the primary goal to tackle the issue of insurance coverage for individuals between jobs, HIPAA helps healthcare providers to safeguard against healthcare frauds, ensure the security of PHI, restrict healthcare information authorization as well as help in securely sharing healthcare information across variousplatforms. SecureNetMD is one of the fastest growing HIPAA Compliant Managed Technology Solutions Providers that help healthcare leaders make better decisions around technology.Founded in 2009, the company empowers healthcare providers to expand patient reach and improve patientcare. SecureNetMD aims to be aninnovative technology company, strategically focused on partnering in its clients’ success. “We render strategic technology solutions built around your organization” 42 |September 2018 |
The10MOSTTrusted Healthcare ITSecurity Solution Providers2018 certified technology experts whenever they need it. With its Unified Communications solutions, the company improves the flexibility and dependability of crystal clear VoIP and intuitive custom call flow designs. This helps healthcare leaders ensure that their patients are delivered to their destination quickly and efficiently. Its cloud-based Unified Communication (UC) platform empowers practice managers and healthcare leaders by delivering enhanced callanalytics that can track peak call times, patient hold times, missed calls, and staffing efficiency through an intuitive reporting dashboard, 24x7. With its IT Infrastructure, SecureNetMD improves the infrastructure and scalability of healthcare providers with the fleet of certified cabling technicians, project managers, and on- staff certifiedRCDD. Outshining the Confrères Three areas that really set SecureNetMD apart from other Managed Service Providers are that it is a fully- HIPAA compliant solution provider. The company is rooted in technology and process efficiency and it has been passing this value to its clients to streamline their operations. It has spent the last decade developing a nimble and responsive service model, allowing its teams to respond quickly to the customer and industry needs. Moreover, SecureNetMD emphasizes on beinga partner and not just another vendor, for its clients. Its award-winning solutions with first-class service are backed with partnerships. The company proudly says, “We don’t have business relationships, we develop long term partnerships that are earned over the course of time.” An AmbitiousWorkplace The company takes great pride in calling themselves a team, demonstrating true teamwork that rallies delivering world-class. One of the core values SecureNetMD is Growth. It focuses on investing in the growth of its team and each individual team member. Being in an industry that is ever-changing, it is required that the team members be agile and eager to improveon their specialties and expand theirskillsets. SecureNetMD encourages its team to continuegrowth by providing incentives, recognition, and career advancement tracks to help them achieve the best version ofthemselves. JackBerberian Founder &CEO Recognitions andAccolades SecureNetMD was recently recognized and featured as one of the Top 10 MSP for 2018 by a prominent magazine ofthe industry. It was also recognized as one the Top 10 Healthcare Companies in Delaware and Fastest Growing Companies in America by a well-renowned source. A prestigious source named SecureNetMD as one of the Top 10 VoIP providers. Additionally it has received several other recognitions throughout the local community as a leader in Healthcare IT, including Delaware Small Business Chamber Blue Ribbon Award, 2016 Best of Lewes Award in the HIPAA Compliant Healthcare IT Provider category, to name afew. Future Endeavors SecureNetMD’s plan for the future is to continue being recognized as a leader in the industry and a trusted partner for healthcare providers. As a partner to healthcare providers, it aims to be foster a strong commitment; so that healthcare providers can be confident in trusting SecureNetMD with not only the technology that their staff and patients interface with, but also in providinginnovative solutions that future-proof their growingorganization. |September 2018|43