The 10 Most Trusted Healthcare IT Security Solution Providers 2018

Page 1

www.insightscare.com September 2018

10 Most Trusted The

Healthcare IT Security Solution Providers

2018

Brian Arellanes CEO & Founder

ITSourceTEK Leading the Movement in a Risk-Based & Data-Centric Security Approach to Thwart Cybercriminals




From the

Editor C

yber security is healthcare’s hot potato today. Cybercrimes have affected the industry on a very large scale and there’s no permanent solution reached, if it even exists. With the rise of these threats at an alarming rate, majority of the healthcare companies have adopted various strategies to protect their patient’s data and all the critical information. “Busy fighting the outsiders, less attention is paid to the menace that lies inside.” It is a known fact that six out of ten cyber-attacks in the healthcare industry have an insider from the organization involved. The unpredictability of the insider threat is more than an external one, pointing to a greater risk. Moreover, the trusted insider has legitimate access to all the systems of the organization and hence, the difficulty of going through the already installed security walls is eliminated. They also know what information is stored where, making it easier for them to breach the target data. All known and understood, it is not wrong to say that insider cyber-attacks are one of the greatest challenges for the healthcare industry in today’s date.

The Threat that Comes From Within

Insider threats being hard to identify and even harder to prove, necessary measures to eliminate them should be taken beforehand. From background check before hiring an employee, or collaborating with a partner, to timely monitoring the workforce to controlled and protected access to sensitive data, healthcare organizations today must take several steps to safeguard all its digitally stored files. Also, more education on cyber security in healthcare, provided to the current employees as well as the future leaders of the industry, will help in reducing inside threats. Along with this, the most important question you should be asking yourself is- “What steps will you take differently if you are already aware that you are going to be robbed, and by someone you trust?” In the era where digitization has taken over the healthcare space, what can be a greater threat than cyber-crime? Realizing the same, many healthcare organizations, today, have strategized various fences against cyber-attacks. But, most of them fail to acknowledge the insider threats, focusing only on the external risks. As it is said widely, ‘Cleanliness begins at home’, it is not wrong to analogize it with the current scenario of cyber security.

andhar

Aishwarya Naw

Aishwarya Nawandhar


Editor-in-Chief Pooja M. Bansal Managing Editor Ashwini Deshmukh Executive Editors Aishwarya Nawandhar Shane Gomez Contributing Editors Sayali Rane, Anmol Preet Singh, Rahul Niraj Visualiser David King Art & Design Director Amol Kamble Associate Designer Shweta Shinde Co-designer Sapana, Rahul Art & Picture Editor Paul Belin Jayant Khanna Senior Sales Manager Amy Jones Business Development Manager Mark Williams Sales Executives Kelli Thomas, Bill Thompson, John Smith Technical Head Swapnil Patil Technical Specialist Amar, Vivek, Pratiksha Digital Marketing Manager Marry D’Souza SME-SMO Executives Prashant Chevale, Uma Dhenge Circulation Manager Robert, Tanaji Database Management Stella Andrew Technology Consultant David Stokes sales@insightscare.com

September, 2018 Corporate Ofces: Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightscare.com For Subscription: www.insightscare.com

Insights Success Media and Technology Pvt. Ltd. Ofce No. 510, 513, 5th Floor, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: 7410033802, 74100058552 Email: info@insightscare.com For Subscription: www.insightscare.com

Copyright © 2018 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.


8

Cover Story ITSourceTEK Leading the Movement in a Risk-Based & Data-Centric Security Approach to Thwart Cybercriminals

Articles

22

Pocket Wellness

Data Cryptology

mHealth:The New Horizon in the Health Technology

Tokenization or Encryption - Choose Wisely

34 Cybernetics

40

Strategies for Healthcare Organizations to Combat Cybercrime

Biomarkers Proteins are Better Biomarkers than Genes

28


CONTENTS 16

26 20

Haystack Informatics

24By7Security A Comprehensive Cybersecurity & Compliance Solutions Provider

Hashed Health Leveraging Blockchain Technology to Enhance the Care in Healthcare

32

Leveraging Behavioral Analysis to Secure Health Systems against Infringements

42 38 Prey

SecureNetMD

Devouring Cyber Theft with Modernism & Amendment

An Innovative Technology Partner for Healthcare Leaders

Seceon Delivering Cutting-Edge IT Security for Healthcare’s Digitally Transforming World


Rendering Sophisticated Data Security Solutions to Leading Healthcare Enterprises

H

ealthcare has witnessed extensive digitization in the recent years. Although this has remarkably transformed the services in healthcare, it comes with a challenging side-effect: risk of information security. Healthcare has been one of the prime targets for cybercriminals; and with the healthcare data being very sensitive in nature, this is a major concern. It is of immense significance that the healthcare companies be aware and implement the best practices to secure the information of their patients as well as the organization. With the impending risk in the mind, to assist healthcare organizations to prevent data security breaches, we bring you the “The 10 Most Trusted Healthcare IT Security Solution Providers” issue. In this issue, we are presenting to you some of the prominent companies and healthcare solution providers, who have successfully helped the industry to protect the patients' information and other critical healthcare data against the ever-rising cyber-attacks. The cover of this magazine showcases the award-winning leader in the IT security industry, ITSourceTEK. It offers risk-based and data-centric security solutions against cybercrime. Other than this perceptive cover story, the magazine also features Haystack Informatics, a behavior analytics company that assists healthcare providers, Prey Software which offers several cutting-edge anti-theft services, Hashed Health solving most important problems in healthcare with blockchain and DLT, Seceon that has been safeguarding healthcare data from potential breaches, 24By7Security, a cyber-security and compliance specialist and advisory firm, and SecureNetMD providing HIPAA compliance managed technology solutions. Apart from these, we have selected a few more pioneers of the industry viz. Barrier1, BeyondTrust, and Sensato. As you journey through the magazine, make sure to not miss out on an insightful article titled ‘Proteins are Better Biomarkers than Genes’ by Dr. Steven Pelech, the Founder, President, and CSO of Kinexus Bioinformatics Corporation. Flipping through some more pages, you will find our masterly crafted in-house articles from Pocket Wellness, Data Cryptology, and Cybernetics. Walking through all the pages in this magazine of ours, you will be introduced to an interesting world of novelty. So, turn the pages and enjoy a good read!



Cover Story

ITSourceTEK Leading the Movement in a Risk-Based & Data-Centric Security Approach to Thwart Cybercriminals

‘‘

‘‘

Our clients are at the center of our services. We thrive to provide the best possible solutions to their problems


Brian Arellanes CEO & Founder


O

ne of the most valuable assets of a company is information. And today, ‘digital data is the new black’. The wave of digitization has revolutionized every profession in every sector. Like every good, it also comes with a challenge; challenge of security. As digitization comes bearing countless advantages and now has become inevitable, information security is one of the greatest threats to any organization today.

ITSourceTEK is an IT security solutions company that guides its customers to protect their data from cybercrimes. It is an award-winning leader in the Information Security industry. The company provides strategic business and technology based cyber security solutions that leverage enterprise investments and improve efficiency to meet stringent compliance standards. The team of ITSourceTEK has extensive real world experience in leading and supporting organizations spanning across many industries. ITSourceTEK is driven by the mission to exceed its clients’ expectations with exceptional service while using success to give back to charities and the community. Honesty and transparency, with no sales pressure or

We provide customized solutions to all our clients

‘‘

‘‘

pushing a specific solution, are the key traits behind its success. The firm is strategic with access to the best solutions, and deep relationships across industries and technologies. The Journey of Growth and Development In its journey of more than a decade, ITSourceTEK has overcome many challenges and evolved to thwart newly emerging threats for the industry’s leading clients’ environments. At the beginning of this journey, it supported executives on critical projects at Northrop Grumman, Wells Fargo, and BD Biosciences. ITSourceTEK grew from those initial clients into many other high-profile large and complex environments in both the public and the private sectors. The technology, then, started moving away rapidly from a controlled perimeter, due to the proliferation of smart mobile devices, IOT, and Cloud/SaaS providers. In this, the team of ITSourceTEK saw an opportunity to impact their clients’ security by helping them move from only a perimeter-based security approach to a data centric security approach. Since then, they have helped many of their Fortune 500 clients in protecting their data by embracing the company’s data centric approach to security. Safeguarding Healthcare from the Very Start Towards the beginning of its journey to protect data, ITSourceTEK helped


We help our clients protect their valuable data and assets from multi-directional threats

‘‘

‘‘ Nina Do, COO

provide McKesson with consulting services to securely architect and develop its databases in support of some of its more critical applications. Another one of the company’s contributions was to protect Patient Healthcare Information (PHI). In this, it secured more than 100 Million Electronic Medical Records (EMR) on a project supporting EDS/HPE for the California Department of Corrections & Rehabilitation. The organization provided architecture, development, and security of BD’s medical device firmware and desktop based

applications used to analyze blood work down to the genomic level for AIDS, Cancer, and other diseases. In addition, it has provided complete assessments, IT support, and security of ambulatory and surgery centers for industry leaders like Amsurg. Now, it is helping some of these and other healthcare giants look at new and exciting innovations around the automation of Governance, Risk, and Compliance (GRC) and securing data in more modernized environments, including Cloud and SaaS.

Prominent Solutions At its nucleus, ITSourceTEK is a data security company. Then, as it expands outward in its offerings to protect data, the cellular membrane of the firm includes the following capabilities: Data Governance, Risk, and Compliance (GRC) Support & Solutions- It provides assessments, requirements, and gap analysis for security standards (such as HIPAA, SOX, PCI-DSS, and GDPR), and other regulatory requirements. It creates policies and provides solutions to fill


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

any gaps and achieve compliance, ensuring that the companies meet stringent security standards for how their data is used, managed, and stored. Data Encryption, Masking, and Tokenization- It helps to protect sensitive structured and unstructured data while at rest and in motion. This can start at the user interface, on the web or internal application, and extend through the back-end systems or data lakes, including Cloud/SaaS providers. Regardless of the storage location or file type, it helps to transparently encrypt the unstructured data to exceed compliance requirements.

‘‘

We are not a sales-based organization,

‘‘

rather a trusted advisory solution provider

Threat Detection and Policy Enforcement- With the advanced data science and machine learning, it helps to develop analytics and create inline protection to enforce security policies for the protection of sensitive data in real-time. Its solutions help to detect anomalies before data and IT, IoT, and OT systems are compromised. They also analyze, protect, and report threats from malicious insiders, ransomware, and other policy violations using Application and Database Security Platforms, autonomous threat intelligence, NAC, and/or combination of these solutions. DNS and WAF Protection- DNS ports are becoming a common path for stealing data, as DLPs and other solutions can’t detect the theft. It addresses these vulnerabilities and provides protection against threats such as data exfiltration through the ports in the DNS. Its recommended DNS and WAF solutions prevent or mitigate impact from DDoS and other mission critical attacks. Cloud Security Strategies and Solutions- It helps to develop automated security functions to extend protection as the data and applications move to Cloud and SaaS platforms. This also includes automation of policies and configurations for provisioning and data management functions. Guided by the Diverse and Resilient Leadership Team Brian Arellanes, CEO and Founder, is an accomplished professional with 20+ years of award-winning leadership in the technology and security space. He collaborates with and advises some of the top C-level executives and Security professionals in the world, while also finding time to feed his passion of giving back to the community.


Walter Jones, CIO, is a technology mogul with 40+ years of experience, many of which were at a C-level, leading thousands of employees at Fortune 50 organizations like Wells Fargo. Walter’s passion to accomplish business objectives while bringing up the next generation of thought leaders is second to none. Matt Whitmarsh is the EVP and a trusted and experienced leader having more than 25 years of technology and security experience. He has led large public and private sector projects responsible for P&L, internal and 3rd party resources, and delivery of complex systems. The Director of Operations, Jean Dubois, is a seasoned leader with 25+ years of experience that is well versed in financials and streamlining processes. Her entrepreneurial spirit brings a creative and people oriented approach to running operations. Idiosyncratic tactics A key differentiator for ITSourceTEK is its unique approach. It is not a sales-based organization, rather a trusted advisory practice for its clients to draw upon. As thought leaders in the data security and compliance space, the company invests heavily in understanding the best practices and solutions available. Its client relationships are all managed by trusted executives that have been executives in similar roles as its clients; this is advantageous to immediately provide insights based on their real world experience. Furthermore, it is product agnostic and is constantly evaluating proven and emerging technologies. ITSourceTEK helps its clients to look at the solutions that have been thoroughly vetted, to help them avoid costly investigative efforts and/or delays associated with the vetting process. As it relates to product-based solutions, the firm's value is further added by bringing strong partner relationships to its clients at the executive level and high partner status with deep discounts above the regular buying power. Along with this, it constantly looks for ways to automate its internal processes; advising similarly to its clients. This ensures that its employees have the best tools

‘‘

We believe in giving back to those in need

‘‘

The COO, Nina Do, has been with ITSourceTEK for 11+ years leading the operational aspects of the company, which includes Marketing, Advertising, Process Design and Governance, HR, Payroll, and A/P functions. Nina’s past experience as an Advertising Executive with a creative focus for some of the largest global firms has helped her to streamline messaging and operational efficiencies that better meet the needs of ITSourceTEK’s employees and clients, while reducing costs with automation.

and methods to accomplish their tasks. ITSourceTEK also invests in conferences, seminars, and training courses to help its employees stay ahead in this competitive industry. Accolades and Reverence ITSourceTEK has earned many awards since 2006. Some of their top honors by some prominent sources from a past few years include Minority Cyber Security Company of the Year 2017, Most Valuable Healthcare Solution Provider Companies 2017, Top 10 Healthcare Compliance Solution Providers 2016, HP Supplier of the Year for NMSDC 2013 & 2015, and 100 Fastest Growing Hispanic Business in the USA 2012-2014, amongst many others. The greatest achievement for any company is the acknowledgement from its clients. ITSourceTEK has been praised for always being highly responsive to its client’s requests to help them fully achieve their goals with a strong return on investment. Its clients have also appreciated the company’s technical and strategic depth to help steer them in the right direction and for finding creative ways to ensure that they don’t exceed budgetary thresholds. Arm-in-Arm with the Developments in Security Industry With the continual pressure to increase security and regulations to match, ITSourceTEK’s viewpoint is simple; protect the data by building a proper governance program with policies and the technology to enforce them. As every organization is at a different level of maturity and has a different level of commitment (or budget) to do everything required; it creates customized solutions for each client. Addressing the public outcry to increase the level of protection used for their data, the firm is constantly evaluating new ways to do so efficiently. Future Plans ITSourceTEK looks to continue building its reputation as a thought leader in the data security and GRC space to help drive wider adoption of its data centric security and riskbased approaches.


SUBSCRIBE

TODAY Never Miss an

Issue

Yes I would like to subscribe to Insights Care Magazine. Global Subscription 1 Year.......... (12 Issues) .... $250.00

6 Months ..... (06 Issues) ..... $130.00

3 Months ... (03 Issues) ....

1 Month ...... (01 Issue) .....

$70.00

$25.00

Date :

Name : Address :

Telephone : Email :

City :

State :

Zip :

Check should be drawn in favor of :

Country :

INSIGHTS SUCCESS MEDIA TECH LLC

CORPORATE OFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754,(302)-319-9947 Email: info@insightscare.com For Subscription : www.insightscare.com


Company Name

Management

Brief

24By7Security 24by7security.com

Sanjay Deo Founder & President

24By7Security, Inc. is a Cybersecurity & Compliance specialist and advisory firm with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Barrier1 thebarriergroup.com

James Libersky CEO

Barrier1 integrates Intelligent Threat Management with Automated Threat Management.

BeyondTrust beyondtrust.com

Kevin Hickey President & CEO

BeyondTrust delivers the visibility and control needed to confidently reduce risk and maintain productivity.

Hashed Health hashedhealth.com

John Bass CEO & Founder

Hashed Health is a fast growing Technology Company that leverages blockchain and DLT to solve the most important problems in healthcare.

Haystack Informatics haystackinformatics.com

Adrian Talapan Co-founder & CEO

Haystack Informatics is a behavior analytics company assisting healthcare providers with the deep understanding of their employees’ behavior and its ramifications in the areas of privacy/ insider risk monitoring and operational improvement.

ITSourceTek itsourcetek.com

Brian Arellanes CEO & Founder

ITSourceTEK provides strategic business and technology based cyber security solutions that leverage enterprise investments and improve efficiency to meet stringent compliance standards.

Prey software preyproject.com

Carlos Yaconi Founder & CEO

Prey is an anti-theft software company that protects and helps to locate computers, tablets, and phones remotely, simply, and quickly.

Seceon seceon.com

Chandra Pandey CEO & Founder

Seceon delivers pioneering cybersecurity solutions that protect all-sized organizations by immediately flagging, quarantining, and eliminating any threats before they do any damage.

SecureNetMD securenetmd.com

Jack Berberian Founder & CEO

SecureNetMD is a fast growing HIPAA Compliant Managed Technology Solutions Provider that helps healthcare leaders make better decisions around technology.

Sensato sensato.co

John Gomez CEO

Sensato is focused on providing leading-edge, realistic cybersecurity solutions to the healthcare and critical infrastructure sectors.


24By7Security A Comprehensive Cybersecurity & Compliance Solutions Provider

C

yber security in healthcare is a growing concern these days, since there has been a steady rise in hacking and IT security breaching incidents in the past few years. Many healthcare organizations are struggling to defend their network perimeter and keep cybercriminals at bay. A company that addresses this issue head-on is 24By7Security, Inc. It is a cybersecurity and compliance company with demonstrated expertise in helping businesses build a defensive IT Infrastructure against all cybersecurity threats. An award-winning and respected member of the security community, 24By7Security provides a rich menu of security and compliance services, including the flagship Security Risk Assessment and HIPAA Compliance Package. It has been in business since June 2013 and has provided cybersecurity consulting services to several organizations. The company's team members have numerous certifications and have been actively involved in IT security projects for years. The Leader behind Its Success The company is the brain child of Sanjay Deo, who is the President of 24By7Security. In 2013 Sanjay was the CEO of a Security Operations Center and Consulting firm. With several years of information security experience in multiple industries, he

16 | September 2018 |

saw an opportunity in healthcare security and compliance. That’s when he founded HIPAA-HITECHSOLUTIONS, Inc. with the mission of providing HIPAA compliance services in South Florida. As the business grew, more opportunities appeared and its client segment started expanding. The company’s team consists of experts in cybersecurity, healthcare technology, and consulting. With their help Sanjay decided to expand the business to cover all industries. That is when 24By7Security was born and the old company folded into the umbrella of 24By7Security. Sanjay has over twenty years of cybersecurity and compliance experience. He holds a Master’s degree in Computer Science from Texas A&M University, and is a Certified Information Systems Security Professional (CISSP) and Healthcare Information Security and Privacy

“We strive to leave no gaps, by using a 360-degree approach for security and privacy for our clients. Don't Risk IT, Secure IT®”

Practitioner (HCISPP). He serves on the Board of the South Florida CIO Council, and also Co-Chairs the South Florida CISO Forum. Sanjay is a frequent speaker on IT Governance, Compliance and Cybersecurity at national conferences. He is a member of the South Florida InfraGard Alliance and Sector Chief for the Information Technology track. Distinct and Holistic Services of the Company 24By7Security offers cybersecurity related services in the areas of strategy, assessments, remediation, and training for all major industries including healthcare, education, hospitality, financial, insurance, government, law firms, retail, manufacturing and entertainment. As cybersecurity concerns continue to rise, businesses seek professional services to enable better security and ensure their confidential data is properly protected. The company helps its clients manage their data privacy while getting compliant with regulations that major industries like finance, healthcare, and education are required to uphold. 24By7Security provides a holistic list of services which includes: Cybersecurity Services: Security Risk Assessment, Vulnerability Assessment, Virtual or Part-time CISO, Web Application Testing, Social Engineering Testing, Physical Security Testing, Policies and Procedures.


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

Compliance Services: HIPAA/ HITECH, HITRUST, GLBA, FFIEC, FIPA, SOC – SSAE 18, GDPR, FERPA, New York Cybersecurity Regulations, SOX, Dodd Frank Act, PCI DSS, FedRAMP, NIST – Cybersecurity Framework, and ISO-IEC 27001. Cyber Incident Management: Incident Response, Cyber Incident Investigation, Forensics, and Remediation. Training: HIPAA Training and Cybersecurity Awareness Training. The firm’s proprietary Security 2.0 – {Reactive, Proactive, Counteractive} model allows it to adjust its methodology to deliver the right type of resolution for each situation. 24By7Security’s comprehensive Defense in Depth 2.0 approach allows its clients to understand the full extent of their vulnerabilities and to create an end-to-end security strategy. Achievements of 24By7Security The company has achieved many milestones throughout its 5-year journey. Some of them are: · 500+ Security and Privacy risk assessments conducted as of September 2018. · New company website launched in July 2018 · Certified as a State of Florida Certified Business Enterprise–Woman owned and Minority Owned Business Enterprise (WBE/ MBE) in May 2017 · Sanjay Deo, President and Founder of 24By7Security, appointed as Technology Sector Chief for FBI Infragard, South Florida chapter The company launched HIPAA Happenings, an educational networking session on HIPAA Compliance for healthcare providers and staff in South Florida. The second session of HIPAA Happenings will be a brand new, complimentary virtual offering of the mandatory 2018 HIPAA Compliance training for healthcare providers. Offering Hassle-free Work Environment The firm has team members from varying backgrounds such as healthcare, information technology, compliance, IT Security, finance, government, and more. Its team members are at varying levels of seniority ranging from CIO, CISO, and Technology Director to Security managers and Security Analysts. 24By7Security’s team members are highly credentialed in information security and healthcare. It provides competitive compensation and benefits recognizing the value of its employees.

Sanjay Deo

Founder & President The company’s mission statement includes providing a positive and productive workplace to its employees. It encourages a friendly, communicative, and flexible work environment and plans team events frequently to build camaraderie. 24By7Security offers several educational opportunities to team members to attend conferences and training programs. The company believes and values its old traits in keeping up with daily challenges. “Sometimes it’s the good old traits that come a long way,” asserts Sanjay. It has a fivepronged approach towards its projects and assessments, which when working together seamlessly in a project, helps its clients achieve success. This approach includes people, process, tools/ technology, in-depth PHI/ PII review, and communication/ documentation. This is evident in the high number of repeat contracts and word-of-mouth referrals 24By7Security receives. Booming Future of 24By7Security Currently, 24By7Security is growing rapidly in markets within and outside South Florida, expanding within the state and also in other states. In the years to come, it projects itself as a major regional player and advisory company in cybersecurity and compliance functions. From a company size point of view, it expects to be at least double its current size in terms of revenue and team strength.

| September 2018 |

17



Healthcare


Hashed Health Leveraging Blockchain Technology to Enhance the Care in Healthcare

I

n a time when almost everything people knew about blockchain revolved around bitcoin, John Bass, the CEO and Founder of Hashed Health, envisioned how the underlying technology could transform healthcare. In early 2016, this was a radical connection. When its potential clients likely only knew of the technology because they paid a ransom using bitcoin, the idea that blockchain might ultimately save healthcare was easily dismissed. Nevertheless, Nashville, Tennessee, a town built on traditional healthcare, has now embraced Hashed Health as a star. Hashed Health is a fast-growing Technology Company that leverages blockchain and distributed ledger technologies (DLT) to solve healthcare’s most important problems. The company endeavors to build an ecosystem of businesses that organize networks of stakeholders around blockchain technology solutions which will, in turn, impact the cost and quality of healthcare in the U.S. and globally. Hashed Health believes that blockchain is the framework that will underpin the changes to value and delivery structures, enabling a more sustainable, patient-centric system. From the CEO’s Corner John is a healthcare innovator and an international speaker seasoned with

20 | September 2018 |

two decades of experience in the healthcare industry. He has spent his career building businesses that help organizations realize value through collaboration in previously siloed areas. His earlier success stemmed from solving institutional issues around transparency, trust, and the alignment of incentives in a world before blockchain. Early on, John recognized that blockchain is purpose-built to solve these exact issues. To start Hashed Health, a company based on a technology in which few people could see utility, he walked away from a CEO role at a subsidiary of the city’s most prominent healthcare company. “For me, blockchain was the first thing I’ve seen since the internet that has the opportunity to change the conversation around healthcare. All of these things that the blockchain has become known for can be applied to

“We build blockchain solutions that address long standing problems in healthcare”

healthcare to solve some of these really traditional problems that we’ve always wrestled with,” says John. An Innovative Organizational Structure When Hashed Health was launched as a product company in 2016, there was no market for blockchain solutions. It had to create one. “Our goal is to be a product company, but we had to build a market first. That was the interesting conundrum. Blockchain is not just about a product; it’s about a network. In order for a product to be meaningful, you have to have a network of participants ready to use that product and that means addressing both technical and nontechnical concerns,” John said. The Hashed Health model has three distinct, synergistic areas to launch meaningful products in its unique space. Hashed Enterprise helps healthcare organizations and other companies understand how blockchain could affect their businesses, the drivers of cost and value for blockchain in healthcare, and use-cases appropriate for blockchain. Enterprise is the services arm of Hashed Health. Its customers include some of the largest insurance companies, non-profits, IT


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

vendors, and government agencies in the US and abroad. Hashed Labs is a team of blockchain healthcare product managers and engineering talent. They build product and work on innovative business models and governance structures. This team specializes in finding the sweet spot between a technical solution, an innovative business model, and a governance mechanism that makes a product come to life. Hashed Collective is an open community-building forum for healthcare organizations, consumers, entrepreneurs, and developers to talk about blockchain applications for healthcare. Collective includes meetups, podcasts, webinars, newsletters, online educational resources, and other innovative communitybuilding tools to help broaden the community of blockchain healthcare advocates. These three areas of the company work in sync to support market-development activities alongside Hashed Health's products and partnerships.

John Bass

CEO & Founder at major healthcare and blockchain events by invitation from major healthcare players and governments.

More than just a Technology Company The core team of Hashed Health has their background in healthcare, enabling the company to stay on the front lines of Health IT, payment models, and care delivery. They understand the problems and the obstacles in healthcare and sees blockchain as a way to fix them. Blockchain, for Hashed Health, is not a technology in search of a problem. If a problem can be solved without blockchain, the Hashed team will be the first to say so. As a company, it is also platform-agnostic – for each application and each use-case the team looks at all available blockchain platforms and tool sets and then works with the stakeholders to pick the best instance for the problem at hand. The firm’s values are intertwined with blockchain’s core characteristics – trust, collaboration, transparency, and incentive alignment. The Milestones in Its Journey to Success The company just celebrated it two-year anniversary. From local meet-ups to co-hosting the world’s premiere blockchain-focused healthcare conference, Hashed Health has successfully led blockchain to its place as one of the hottest topics in healthcare. Travelling around the world, the team has presented and keynoted

To add to its glory, the developers at Hashed Health have completed and won premiere hackathon events like ETHWaterloo and Discover Blockchain, to name a few. Individually, John has been awarded Nashville Technology Council 2017's Innovator of the Year. Strong-Willed to Better the Future of Healthcare Currently, the company is building an ecosystem of solutions that address previously unsolvable problems. Hashed Health endeavors to create a portfolio of complementary and symbiotic applications that will fundamentally change healthcare delivery. With frameworks and marketplaces, it wants to allow the industry, constrained by legacy practices and technologies, to evolve without blowing up a system so many patients depend on. “Starting from scratch is not an option, but the current system is unsustainable – blockchain is how this generation can evolve away from today’s healthcare infrastructure that is collapsing under its own weight,” John said.

| September 2018 |

21


mHealth: The New Horizon in the Health Technology

22 | September 2018 |


Pocket Wellness

M

obile health or mhealth is a general term coined for the use of mobile or wireless technology in the healthcare systems. It is a part of ehealth healthcare practice. The most common application of the ehealth is to educate the consumers about the preventive health care services. It is also used in disease surveillance, treatment support, epidemic outbreak tracking, and chronic disease management. mhealth is popular due to the areas that are accompanied by a large population and the widespread mobile phone usage. Within the digital health, mhealth encompasses all the application of multimedia and telecommunication ensuring accurate delivery of the healthcare and health information. Some of the practical examples of mhealth are the voice communication and mobile messaging for the provider to improve the health behavior. Mobile technologies are helping the healthcare sector in improving training and service quality of healthcare workers, reducing the cost of service along with reducing the redundancy and duplication of the collected information. Motivation One of the main aspects of the mhealth is to push the limits of the healthcare sector and quickly acquire, transport, store, secure, and process the raw processed data into useful and meaningful results. mhealth offer various abilities to the remote individuals so that they can participate in the healthcare value matrix, which was not possible in the past. In many such cases, these participants can provide their valuable contribution in gathering data or create awareness of the disease in public health like outdoor pollution, violence, or drugs. Motivation arises in mhealth due to the following two factors: The first factor is the rise of the constraints faced by the healthcare system of developing nations. These constraints include the population growth, limited financial resources, the burden of disease prevalence, and a large number of the rural inhabitant. The second factor is the rise in mobile phones in the world and its large population. The greater access to the mobile phones in all segments of the country helps in saving information and transitional costs for the proper healthcare delivery. Health Outcomes The integration of the technology with the health sector has promoted the betterment of the health, its lifestyle, and has improved the decision-making ability of healthcare professionals. Overall improvement is seen in the areas like health information and the instant connection between patients and health professionals, which was not possible before. Following that, there is an increased usage of technology that has reduced the health costs and has improved the efficiency of the healthcare systems. The growth of health-related applications has further boosted the growth of the mhealth.

A potential implementation is the direct voice communication for the poor literates and local-language versed people. The phones equipped with the local language aid in information transfer capabilities that were not available before. With the help of the mobile technology, the support for the existing workflow within the mhealth sector and the general public has increased.

| September 2018 |

23


The Advantages mhealth provides various versatile advantages across all the areas of the healthcare industry. It not only helps the disease-affected citizens but also helps in monitoring potential patients that are at risk. Furthermore, it has incredible potential in the biometric hardware and real-time analytics. Majority of doctors believe that the applications developed in the name of health are actually beneficial. Around ninetythree percent of doctors suggest that the mobile healthcare applications help in improving the overall health. Some of the most common advantages of mhealth devices are: Medication reminder- Using a reminder, the public can set timers for their medications, exercise, and many more such activities. Fitness trackers- People can monitor their fitness and burned calories. Calories counter- People can monitor how much calories they are taking-in and can control it. Mobile emergency health communication- Citizens can contact their loved ones in any kind of emergencies. If the device has autonomous capabilities, it can automatically contact the concerned authorities. Heart and Vital monitoring- Application rendered with the vital monitoring abilities can be very useful. Citizens can use these while exercising or in the case of emergency for example, patients’ vitals’ can be monitored in an ambulance. As mhealth is becoming widely known, healthcare providers are embracing the mobile communications, thus improving the relationships with the patients.

the change. They are unwilling to learn new skills or new technology. They also believe that it impedes their workflow. In terms of workflow, the structure of evaluation presents a major challenge for the healthcare sector. There should be resolute standards for the evaluation. With the constant change of technology, infrastructure, and innovative research methods, there is a specific need to evaluate the process and consequences of the action taken in the mhealth process implementation. Consequently, a balance is required to be maintained in the mhealth applications and its execution. Healthcare providers must also take care of the data overloading. As the data is collected in the realtime and recorded, there must be a proper assessment of the collected data where non-important data is filtered out. Industry Trends Being the fastest growing trend, the mobile platform is used by more than five billion people in the world. With the increase of smartphones and wireless network technologies, the digital healthcare systems have new possibilities alongside new challenges to provide high quality, efficiency, accessibility, and lower cost to the healthcare services. Various reports suggest that the consumers are expecting mhealth to change the overall healthcare experience with the way the digital information is obtained. The impact of mHealth is seen in the relationship and overall communication between a patient and the physician. Studies have shown that the health monitoring devices and cellular connectivity has reached more than seven million people. The combined market of the mobile health applications, health, and wireless apps, is expected to grow at a significant amount. In some countries, there are apps that are monitoring the patient's asthma right from their mobile phones. It is done using the microphone of the phone just like a spirometer. Other countries are using a wireless shoe insole, used to monitor the blood pressure in the heel. This digital shoe alerts the diabetic patients, when there is too much weight on feet, which can help in the elimination of foot ulcers.

Constraints Major hurdles in the mhealth are the guidelines regarding the privacy and security of the health data collection on mobile technologies and identifying new opportunities to enhance the delivery of mhealth services. According to the surveys, resistance is seen from staff and physicians due to

24 | September 2018 |

mhealth has enormous potential and is growing rapidly along with changing technology. Various international organization and global experts are researching continuously to foster the best use of current promising technology to improve the global health.



Haystack Informatics Leveraging Behavioral Analysis to Secure Health Systems against Infringements

I

nformation Security in healthcare is a major issue as the nature of the data in this industry is very sensitive. As a recent Verizon report concluded1, 58% of security incidents are caused by insiders. In fact, the authors of the report found the healthcare industry as the only industry in which internal actors are the biggest threat to the organization. These incidents include unintentional errors and malicious actions, as well as the abuse of access privileges. They involve the loss of unencrypted devices, snooping on patients’ information, hacking, and malware attacks. Inside threats are hard to identify and harder to control. With the assistance of a trusted security partner, this task can be made effective and easy. Haystack Informatics, Inc., a behavior analytics company, is one such firm that helps the healthcare providers to protect their data and operations from various threats. The company was born at The Children’s Hospital of Philadelphia (CHOP) as a next-generation platform to advance patient privacy monitoring. Since then, it has grown its offering to capitalize on its deep understanding of employee behavior in regards to the use of Electronic Health Records (EHRs), and the ramifications of this behavior in the areas of operational

26 | September 2018 |

efficiency, time-driven activity-basedcosting (TD-ABC), and performance improvement. About the Company Haystack Informatics is a privately held company, headquartered in Philadelphia, PA. It is driven by the mission to safeguard and optimize healthcare. Rooted in the values of Integrity, Passion, and Ownership, Haystack’s vision is to be the partner of which healthcare institutions think about first whenever they need to protect against insider threat or turn their operational data into actionable insight. From the CEO’s Desk The Co-founder & CEO of Haystack Informatics, Adrian Talapan, is a tech

“We help safeguard and optimize healthcare”

entrepreneur. Previous to the establishment of Haystack, he co-founded HouseFix, a marketplace for homeowners and home improvement contractors (TechCrunch Disrupt finalist), and Clarix, a clinical trials logistics and management platform for the pharmaceutical research and development industry. Talking about the industry and the company, he asserts, “Healthcare is a complicated business, which only got more complicated with the introduction of massive Electronic Health Record systems. Running on thin margins, healthcare professionals are currently in the delicate position to deliver the best care they can, while operating in an increasingly information-rich environment that puts significant strain on their capacity to do so. We believe safeguarding and optimizing healthcare are essential initiatives for the next 3-5 years, which is why we set off to help health leaders on this path.” Tech-Powered Services Haystack currently offers two services, both delivered as Software-as-aService (SaaS): Haystack Monitoring and Haystack Intelligence. Haystack Monitoring: This is a nextgeneration insider threat monitoring platform, which uses behavioral


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

science to assist healthcare professionals with the detection, investigation, and reporting of patient privacy violations, as well as with drug misdirection and other employee behavior deviations. It focuses on understanding employee behavior and patient interactions in the context of delivering care. Combined with intuitive visualizations and end-to-end reporting functionality, this solution allows privacy experts to focus on the most critical threats. Haystack Intelligence: It offers healthcare leaders the ability to understand the operational performance of their domain. This solution delivers an objective diagnosis and determination of the root causes of operational efficiencies and inefficiencies as they arise in the areas of EHR Workflow Optimization, Operational Improvements, Service Cost Management, and Patient Experience. “I make performance improvement a breeze. I reveal exactly where you should implement the smallest change to get the biggest benefit at the lowest cost. Objectively track the ROI of your improvement changes today.”- Haystack Intelligence

“Haystack Monitoring, showing an anomalous access (red link) and the context around it"

Distinguishing Characteristics The company encourages employee diversity and empowerment. It believes that different points of views and personal initiative generally lead to stronger outcomes and this makes the work environment more exciting. Haystack is a customer centric organization and its special relationship with CHOP keeps it abreast of the latest challenges and opportunities in healthcare. In turn, these allow it to remain best aligned with industry needs. Haystack works alongside its customers in four steps: Ingest: simple data retrieval from EHR; Identify: exploring the data to find snooping risks and best practices and opportunities; Improve: make changes to improve the provider behavior; and Measure: quantify and monitor the impact of any changes. There are several data sources that track the on-going processes within the health system and each of it creates a unique viewpoint into what is happening. Haystack Monitoring is analyzing the entire universe of risk and Haystack Intelligence combines them all to provide insight about performance bottlenecks and opportunities.

“Haystack Intelligence, showing how an encounter type is performed across various sites, with associated cost differences” Certainty about a Bright Future Haystack is aware that the healthcare industry will continue to experience significant challenges in the years to come. It foresees that a data-based approach, inspired from lean manufacturing techniques, can help healthcare leaders adapt to changing circumstances. The company believes it is wellpositioned to assist health systems navigate through these upcoming challenges, given its focus on safeguarding and optimizing healthcare. 1

https://www.verizon.com/about/news/new-report-putshealthcare-cybersecurity-back-under-microscope

| September 2018 |

27


Dr. Steven Pelech Founder, President, & Chief Scientic Ofcer

28 | September 2018 |


Biomarkers

T

he costs of sequencing the order of nucleotide bases in the DNA strands found in chromosomes have plummeted by a million-fold over the last 25 years. The entire sequence of 2.9 billion nucleotide base-pairs in a single human genome can now be determined for less than $1000. Complete genomes of hundreds of thousands of people are expected to be sequenced over the next decade. While the acquisition of such genomic knowledge was originally forecasted to herald better diagnostics and therapeutic treatments, the actual deliverables for improved health care have been disappointing. Excluding cancer, it has become apparent that only about 10% of the cases of the most common diseases that afflict our population have a genetic basis that can be ascribed to hereditary mutations in the DNA sequences of specific genes. Over 100 million single nucleotide variants appear to exist in the human population, and perfectly healthy people appear to commonly harbour about 100 or so serious disease-associated mutations without any apparent manifestations of these particular diseases. Studies, with over 50,000 genetically identical twins, have shown no increased risks for the 24 most common diseases amongst the twins than for a twin with the general population.

About the Author Dr. Steven Pelech is the Founder, President, and Chief Scientific Officer of Kinexus Bioinformatics Corporation, and concurrently a full professor in the Department of Medicine at the University of British Columbia. He was formerly the founder and president of Kinetek Pharmaceuticals. He has authored more than 230 scientific papers and created the SigNET on-line Knowledge-bank. Seasoned with over twenty-five years of experience in the areas of science, business, and administration, he has contributed leadership, vision, and strategic planning to Kinexus.

| September 2018 |

29


Over 95% of the known 21,300 genes carried in the human genome serve as the blue-prints for the construction of all of the cellular proteins, known as the proteome. These proteins function like molecular robots to regulate and carry out all of the biochemical reactions needed to keep cells alive. Their programming for specific tasks is partly hardwired into the structures of these proteins as dictated by their gene sequences. But, they are also tightly controlled by reversible modifications after they are initially manufactured, which are added on by regulatory proteins that operate within cellular intelligence systems. While gene sequences can provide some clues as to the potential functions and interactions of proteins with each other and other molecules, this information is extremely limited. Even now, we do not have a real sense of what over a third of these diverse proteins do, and less than 20% of these proteins have received any real serious attention in research labs. The disconnect between genetic information and the actual occurrence of disease is due to the high impact of environmental factors such as diet, life style and exposure to agents in the environment that can affect the proteome. Proteomes are immensely complex and dynamic. For example, blood plasma may contain as many as 40,000 different protein products, and their individual concentrations can range over a trillion-fold. Consequently, tracking proteins offers much better insights into the occurrence of diseases than genetic profiling, and importantly the opportunity for more rational therapeutic intervention. While about 21,300 genes encode proteins in the human genome, the actual number of distinct protein entities in the proteome may actually exceed several million, largely due to the range and degree of added modifications and other processing. More than 50 types of modifications have been documented in proteins, with phosphorylation as the predominant reversible regulatory mechanism. Over 85% of the proteome is known to be phosphorylatable at over 250,000 sites, but the actual number of phosphosites appears to be closer to a million. The occurrence of these and other modifications in proteins represent a rich source of biomarkers that may correlate better with the development of pathologies. Most sites of known protein modification were originally revealed by mass spectrometry (MS). However, apart from being very expensive, MS requires milligram amount of biological sample material and is finicky for reliable detection of desired target proteins. For example, out of some 3000 phosphosites in proteins that have been well documented to be functionally important in the scientific literature, about 22% have not been reported in any MS studies, whereas another 16% were documented in only one of thousands of MS analyses that had been performed. Antibodies have been well proven to be reliable and effective probes for the detection and quantification of specific proteins for their present and modification states. Over a million different antibodies against diverse proteins are presently commercially available. Furthermore, the printing of antibodies as individual microdots on microscope slidesized chips with densities exceeding 5000 spots per chip has paved the way for biomarker discovery that is easily translatable into the development of routine diagnostic tests. Biomarker antibodies can readily be re-deployed into other tried and true platforms such as immunoblotting, ELISA, and immunohistochemistry. Problems with sample preparation, high background issues, and low sensitivity of detection initially hampered the widespread adoption of antibody microarrays. However, recent breakthroughs on all of these fronts have poised antibody microarrays to become the most versatile, reproducible, and cost-effective tools in the foreseeable future for biomarker discovery, using as little as 25 microgram amounts of protein samples from crude, unfractionated lysates from cells, tissues, and bio fluids. High content antibody microarrays can identify the most appropriate and robust panel of biomarkers. When used to probe lysate microarrays printed instead with hundreds of patient specimen samples on each slide, these biomarker antibodies can provide accurate, comprehensive and economical diagnoses for diseases and for the monitoring of the effectiveness of therapeutic treatments.

30 | September 2018 |



Prey Devouring Cyber Theft with Modernism & Amendment

T

he development of technology is leading to more and more devices to be connected to the internet; data is becoming the new oil for both the developed and developing nations. However, this has given rise to the threat of data breach, loss, and misuse, which have become an alarming issue in today’s scenario. This is especially true for medical data, which is increasingly stored on mobile and connected devices, becoming vulnerable to theft or misplacement. Even with the industry in constant development, IT security in healthcare suffers from outdated regulations that set security standards far below the threat line. To counter this issue emerged a company, Prey Software. It specializes in providing a software platform that secures and manages mobile devices like laptops, phones, and tablets against theft, loss, and data misplacement. Prey wants its users to have all the necessary tools to stop fearing theft, and to prevent the chance of devices getting lost or stolen in the first place. The company wants to turn that problem into an opportunity for organizations and users to stand up against theft or loss of critical devices and regain control over their data.

32 | September 2018 |

‘Prey’ing Tactics It integrates all devices independently and irrespective of their operating system, and centralizes them under an online panel that serves as a remote control room. From there, the administrator can operate Prey’s functionality, triggered by Prey’s installed agent to monitor a mobile device fleet’s position, organize into labeled groups, and passively monitor devices utilizing its Control Zones geofencing tool to detect movement, if the devices leave a designated area such as a hospital lab, building, or campus. In case of theft or loss of a device, the administrator will be ready to react to the event and secure the data located on a lost device remotely, locking it down and eventually retrieving it. As for the asset itself, Prey’s tracking, or

“Our solution promises no theft, no data leaks, only organized and secured mobile fleets”

‘MISSING mode’ will generate reports with pictures, location, nearby Wi-Fi networks, hardware changes, and a wealth of actionable data that empowers police to take immediate action to retrieve the mobile device. Overpowering the Cyber Security Space Prey provides a thorough solution with a steadfast focus upon anti-theft and data loss prevention. Health and educational organizations interact with extremely sensitive data regularly and require a solution that, aside from general management, ensures that there is a barrier against all the worst cases. This is why Prey focuses on protecting the data, locking it, or eliminating it if necessary. The company makes it easy to retrieve a misplaced device, or stolen devices. It initiates proper device recovery and identification of the perpetrator through comprehensive evidence reports. The organization’s initial success has created a strong base of trust. Prey Software, being a part of an industry that deals with extremely sensitive issues, focuses on transparency and open development that has proven to give its users the peace of mind they need.


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

A Leader with a Revolutionary Thought Process Prey was born in 2009 when Carlos Yaconi, who is the current CEO of the organization, joined forces with Tomás Pollak, the initial founder of the Linux application. Together they created the first global tracking and anti-theft application for mobile devices. Prey Anti-theft, the brain child of Carlos, grew from an initial single-platform solution into today’s comprehensive multi-O/S and multi-device tool; which aids businesses and consumers to protect nearly all devices, regardless of the operating system or device manufacturer. It is a one-stop solution, which secures and manages all of a company’s various mobile devices. The key to this continued expansion of Prey is the byproduct of the flexible environment Carlos created within the company, welcoming methodology changes, according to the team’s needs or the evolving needs of customer organizations. This open approach came from Carlos’ past experience as an entrepreneur leading two software and service provider companies named Nectia and Bizware that are still active today, as well as his background as a Computer Science and Information Technology graduate. Notable Milestones Achieved by Prey Carlos is a firm believer in the power of open-source community and solutions, and in 2012, this led Prey to become part of the global Endeavor program, an initiative that connects entrepreneurs all around the world to promote and generate change. By offering an exceptional service and protection against theft, Prey has been granted the Presidential Award for Innovation in Chile and it is the first public anti-theft solution available for mobile devices worldwide. The company has led to the development of an entire industry with the basic goal to provide anti-theft solutions, which gave a thrust to various similar platforms like ‘Find my iPhone’ by Apple. Today, Prey is protecting more than 8 million devices! Maintaining a Healthy Office Environment Carlos asserts, “Office culture plays a huge role in the company”. Prey believes in open spaces and comfortable environments, with flexible positions, games, and isolated spots for anyone in the company to

Carlos Yaconi Founder & CEO

work. “We’re a small group of people so we must ensure all relationships develop smoothly, tackling any issues up front with open discussions”, adds Carlos. Prey has applied a unique horizontal methodology to the company’s business approach. In a nutshell, Prey employees bring their talents to participate as a whole, independently of the area or position they work in. Speaking of the dynamic workspace, Carlos says, “Projects and ideas are approached in collaboration, welcoming new ideas and encouraging feedback from every employee, no matter what their defined role is.” A Strong Leap into the Future The company is continuously looking to tackle new security opportunities, from the development of improved anti-theft and multi-device management capabilities, to reaching new frontiers that suffer from the same problems and security challenges. Prey Software works hard to stay up-to-date with its user’s requirements and help them with more thorough solutions that add additional barriers to block threats, such as the development of remote encryption. The following years will see Prey expanding to help secure new formats from theft and to simplify the management & control of devices and data in an increasingly mobile world. | September 2018 |

33


Tokenization

or Encryption - Choose Wisely

34 | September 2018 |


Data Cryptology

P

ersonal Health Records (PHR) security is the new ladder that many security technologies are trying to climb. One of the reasons that healthcare providers are working towards this is that they are willing to secure their and patients’ data. The other reason is that is a requirement imposed by the legislations such as HIPAA, HITECH, etc. which are to be obliged to, to avoid penalties. Tokenization and encryption are two of the technologies used to safeguard information. Both of these are critical to an organization to avoid breaches. Even then the dilemma of encryption versus tokenization does exist.

In simple words, encryption is masking of critical information. At one end, the data is encrypted, like a code, and then sent over to the other end. Only the user at this end has the key to decrypt the already encrypted data, and no other party can decode it. This key can be given to more than one end user to facilitate broadcast of information to authorized group of people. This process helps in avoiding interference of any third party and reduces the risk of data theft or unwanted data modification. In tokenization, the data is protected using tokens. Small chunks of data are

assigned particular tokens, which point to the location where this data is stored. Giving the tokens to selective users allow them to access data with ease and security. Once intercepted, these tokens are rendered useless and cannot help in accessing the real information. The benefit of tokens over encryption keys is that the tokens are easy to handle, they are one time generated codes and hence, do not compromise real data. Forms of Encryption The mathematically encoded data using encryption is called ‘Cipher’ and the key used to decode the cipher is

| September 2018 |

35


called as ‘secret key’ There are two types of encryption keys: symmetrical and asymmetrical. In symmetrical process, same key is used to lock and unlock the data, while in asymmetrical these two keys are different. This helps to reduce the radius of data vulnerability. Additionally, key rotation can be used. Regular key rotation limits the amount of data that can be encrypted using a single key. Therefore, in case of interception, only a small amount of data is vulnerable.

In tokenization, these intricacies are eliminated. As the token is a random code and not actually data in the encrypted form, when and if compromised, no data is breached. Also, as tokens only map the actual data, the problem of application functionality is solved. But, with tokenization, the user’s database increases in size as it has to store the tokens separately. This makes it harder to scale and maintain the database. Exchange of data is also difficult as the exact token is needed to unlock it.

Vault-based and Vault-less Tokenization In the process of tokenization, all the tokens are stored in a token vault alongside data and in the same size at data, eliminating to need to modify the storage space. Referencing the token vault is the only way to access data. The vault-based tokenization needs expensive synchronization methodologies as well as it is too complex to store large amount of data. Recently, vault-less tokenization was developed to tackle the challenges in vault-based one. In this, the sensitive data is replaced with a fake data that looks exactly alike. It provides high security while maintaining the usability of data.

The Ever-Growing Need With the digital revolution, the landscape of business world has turned upside down. It has created entirely new industries and enterprises. But, it has made the organizations vulnerable to various destructive and new threats. Some of the industries, including healthcare, rely on large amount of data that is sensitive in nature. As the volume of this data grows, so does the risk of cyberattacks. Cyber criminals trade in personal and sensitive information; it is literally the currency for them. The stolen or hacked data is further sold to various buyers who sell it further for even more money. To safeguard against these threats, businesses and individuals should take immediate steps in this direction and comply to several regulations like HIPAA, GDPR, etc.

The Dilemma Although both, encryption and tokenization are forms of cryptography, they are very different and not interchangeable. Each of them has its own set of benefits as well as disadvantages. There remains a conflict between which of them is best, the solution to which depends on the organization’s requirements. Edward Snowden, an American computer professional, said, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on”. Encryption, today, is commonly used by millions of people to encrypt the data on their phones and computers to remain secure in case of accidental loss of sensitive data. Also, it is used by government and corporates to thwart sensitive data, surveillance, and so on, as it is possible to encrypt and decrypt large amount of data with just one key. Although it brings in many effective solutions, it also has few drawbacks. Encryption breaks application functionality; there is always a trade-off between the strength of encryption and application functionality. Moreover, if the key is compromised, the thief or hacker can unlock all the data the key was used to protect.

36 | September 2018 |

Use Cases of the Two Tokenization is commonly used to protect payment card data. It is also used to safeguard other types of data, sensitive in nature, like telephone numbers, account numbers, email addresses, security numbers, and the data needed in back-end systems. Encryption, on the other hand, is better suited for unstructured data including long text paragraphs or complete documents. It is also ideal for exchange of data with the third party, helping to validate its identity online. Both these technologies are being widely used now-a-days to protect the data stored in applications or cloud services. The question that remains is- which one of them is better? But the ideal solution depends upon the circumstance under which it is used. Although tokenization is often seen to more efficient, as there is no link between the original data and the tokens, encryption can be considered the best choice in case of unstructured data. Organizations can leverage the benefits of either encryption or tokenization, or even both, according to the difficulty at hand.



Seceon

Delivering Cutting-Edge IT Security for Healthcare’s Digitally Transforming World

I

nnovations in mobility, IoT, wearables, and cloud computing have empowered healthcare systems to improve healthcare management and enhance patientprovider relationships. While the healthcare industry has embraced these benefits, increased connectivity is also putting health systems at much greater risk of malware and other cyber threats that, if successful, could have devastating consequences on patient care, privacy and healthcare organization management. Massachusetts-based Seceon delivers cutting-edge IT security solutions to its clients to protect against these risks by immediately detecting, quarantining, and eliminating any threats before they do any damage. This trailblazing IT security company is distinguished for offering the first fully automated, comprehensive cyber security platform that helps organizations to safeguard their valuable information and people. Seceon’s mission is to empower SOC and IT teams of all-size organizations to easily and affordably detect and mitigate threats, as soon as they are uncovered. Since its inception, Seceon has successfully served over 300 clients, won more than 50 awards, and built a robust network of 50+ distributors and

38 | September 2018 |

reseller partners globally. The company launched its Open Threat Management (OTM) Platform in April 2016 and has been releasing major updates every quarter with enhancements in machine learning, dynamic threat models, multitenancy, and scaling. Seceon’s innovations have continued in 2018 when the company introduced aiSIEM™ and aiMSSP™ to transform the landscape of IT security in healthcare. Seceon’s Solutions Provide MuchNeeded IT Security Assurance Over the years, Seceon has crafted a niche in the market as an adept security solution provider that deeply understands the nuances of cyber threats encountered by small-tomedium sized businesses (SMBs) and enterprises. To achieve the goal of “Cyber-security Done Right,” the

“We make it easy for healthcare organizations to protect their data and their business from all known and unknown cyber threats.”

company engineered its groundbreaking OTM Platform from scratch. OTM works out-of-the-box to instantly protect against known and unknown threats. It provides comprehensive visibility, proactive threat detection, and automated containment and elimination of threats in real-time, all while minimizing costs, staff bandwidth constraints, and performance impact. OTM helps enterprises automatically generate prioritized threat alerts that matter in real-time and empowers SOC / IT teams to detect and respond to the threats quickly, before critical data gets exfiltrated. Seceon’s aiSIEM and aiMSSP solutions are built on the OTM Platform: Seceon aiSIEM goes beyond traditional SIEM and eliminates the need for adding multiple silo solutions. It ingests raw streaming data from applications, identity systems, flows, and raw traffic from networks to provide comprehensive visibility, proactive threat detection, automated threat containment and elimination, and continuous compliance, policy management, & reporting. Seceon aiMSSP enables Managed Security Service Providers (MSSPs) to


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

offer outsourced security services to SMBs, including 24x7 security monitoring, threat intelligence, and realtime detection and remediation, at nominal and predictable linear costs. The Secret behind Seceon’s Success Seceon’s OTM platform is growing in popularity across all business verticals due to its unique ability to ensure proactive detection, containment, and elimination for all threat categories. Key differentiated benefits of Seceon’s OTM platform include: • Comprehensive Visibility The OTM Platform ingests all raw streaming data (Logs, Packets, Flows, and Identities) and provides real-time extensive view of all assets (users, hosts, servers, applications, data access, and movement traffic) that are on premise, cloud, or hybrid, and their interactions. • Reduce Mean-Time-To-Identify (MTTI) with Proactive Threat Detection The platform proactively detects threats and surfaces threats in real-time without an agent or alert fatigue. • Reduce Mean-Time-To-Resolve (MTTR) with Automatic Threat Remediation The OTM Platform performs automatic threat containment and elimination in real-time. It also provides clear actionable steps to eliminate the threats that can either be handled automatically by the system or manually by the security expert postanalysis. • Continuous Compliance, Policy Management and Risk Monitoring The platform provides continuous compliance and scheduled or on-demand reporting. This includes, HIPAA, PCI-DSS, NIST, GDPR, SOX, FINRA, etc. Innovation Starts at the Top An ideal 21st century IT security leader is one who envisions the upcoming threat landscapes and prepares foolproof solutions for it in advance, not only to drive the success of his business, but to benefit the industry at large. Chandra Pandey is a leader who fits this mold. As Founder and CEO of Seceon, he has guided his organization in pioneering solutions for critical cyber threats. He orchestrates the company’s business and technical strategy, and fosters innovation by

Chandra Pandey CEO & Founder

empowering all company members with decision-making abilities, encouraging open and respectful communications, and building a culture of continuous improvement. Chandra is the driving force behind Seceon’s commitment to creating affordable cybersecurity solutions for organizations of all sizes. An engineer by trade, Chandra applies the deep leadership, technical, and business strategy expertise gained during previous positions at Nokia, Ciena, Juniper Networks, and BTI, to Seceon’s groundbreaking IT security business. The Road Ahead Seceon’s expertise in crafting leading-edge solutions for rising cyber security challenges, out-of-the-box thinking, and passion for ensuring “Cybersecurity Done Right,” has made it a dominant IT security provider. During the next few years, Seceon will continue to be laserfocused on adding innovations to its aiSIEM and aiMSSP “Comprehensive Cyber-security for the Digital-Era” solutions. “Seceon is designed from the ground up to automatically detect, contain, and eliminate critical cyberthreats faced by the healthcare industry in real-time, including data breaches related to PHI and IP ransomware, malware on medical devices, credentials/insider threats, and compliance with regulations like HIPPA, PCI-DSS and NIST,” concluded Chandra Pandey. | September 2018 |

39


STRATEGIES FOR HEALTHCARE ORGANIZATIONS TO COMBAT

CYBERCRIME O

ver the past few years, the magnitude of threat against healthcare organizations is growing exponentially. Currently, the healthcare industry is striving hard to target the cyber breaches. The Chief Information Security Officers (CISOs) are becoming smarter and sophisticated to outmaneuver the cybercriminals. The healthcare organizations are acutely focusing on their IT functions and effectively correlating information to mitigate the risks of cybercrime. They are consolidating this information from the various vulnerability scanners to effectively manage and aid their business context. Various foremost healthcare organizations are adopting cutting-edge cyber security approach, where the senior board arrays the tenor for the organizational operations to successfully respond to the cyber risks. Categorizing the Assets There is a major necessity for the healthcare organizations to understand the cyber security risks for smooth management of their business context. They need to establish a specific data security team to classify data assets in association with their business significance. Managing the patient records and keeping in mind the susceptibilities existing in a client's desktop would be far less than those present on an acute database server is very imperative. The healthcare organizations should prioritize the most critical assets which can lead to effective threat mitigation efforts backing the cyber security. The traditional and upcoming healthcare organizations need to conceptualize and take firm measures safeguarding the patient data and classifying the assets to certify complete network security.

40 | September 2018 |

Staying Updated to the Latest Threats The developing world is witnessing severe cyber security threats. This budding cyber security landscape influences the IT and security squads to stay updated to the latest threats and their respective agents. They need to successfully predict the attack vectors by educating their staff about the recent scams and threats. The healthcare organizations should provide their employees with the training based on the security risks in accessing links and attachments in the email. The healthcare organizations need to abandon the obsolete technology and replace it with modernized technology that is highly resistant to cybercrime. They need to tremendously engage with the smart and quick Big Data Analytics to secure gigantic computerized data and converting the unstructured SIEM data to a specific format for making strategic decision to reduce cybercrime. Involve Business Acquaintances The healthcare organizations need to pitch in with additional resources, to ensure information security. These organizations need to engage the various business associates and merchants for accountable and secured health information under the Health Insurance Portability and Accountability Act (HIPAA). The business associates can face direct civil liability for a breach of this act. However, it is the responsibility of the healthcare organization to confirm that their business associates are maintaining Protected Health Information (PHI) effectively. Establishing a strong persistent program to monitor business associates gives the health organizations the threat intelligence they need to guard their business against duplicitous transactions. The affiliation of the healthcare organizations with the business associates will help them to monitor the new risks, controls, and the emerging vulnerabilities of the cybercrime. Implementing Appropriate Controls The healthcare organizations should implement strict measures to confront and terminate the Bring-your-own-device (BYOD) programs. They should focus on the execution of the suitable


Cybernetics

controls around data segregation and infrastructure security. Constant monitoring practices are required to ensure that the controls are active and functioning in a desirable manner. The healthcare organizations should influence certain security incident recognition and response programs to mitigate the cyber security risks. Additionally, operations regarding crisis management must be integrated into the flexible business strategies. The healthcare organizations need to implement adaptive technologies to manage identities and to regulate the information being accessed. They should undertake operations to detect the loopholes and vulnerabilities in the mobile apps that would surely reduce and support the high grounds of the cyber security.

Monitoring Internal Systems & Logs The healthcare organizations need to invest in the evolving technologies that enable them to spontaneously scan and secure data, log data modification activities as they arise, and instantly alert their IT teams about the fraudulent behavior. These teams must focus on detecting the loopholes with the help of an automated bot or a specific process that intermittently run through the system, combating the threats. This will help the organization to spot the vulnerabilities and save time, resolving it before enough damage. Monitoring the logs is a key component of an organization’s compliance initiatives. This would help the healthcare organizations to properly audit and prepare a report on the file access which can detect illegal

activity by the users and other major cyber threats. The Future Innovations The increasing complexities of IT landscape in the healthcare organizations, the future is critical for the security teams to choose the exact processes and tools to defend the organization from budding breaches. The healthcare organizations in the upcoming future are planning to design robust systems and stronger encryption algorithms to successfully safeguard the cybercrime in the healthcare sector. Soon there will be an introduction to the new General Data Protection Regulation (GDPR) to replace the ageold Data Protection Act, which would increase the security of the personal data and also its exploration.

| September 2018 |

41


SecureNetMD An Innovative Technology Partner for Healthcare Leaders

C

yber security is no longer just a trending practice; it has become an absolute necessity. With paper records moving to electronic ones, the side-effect of this revolutionary transition cannot be ignored. To address the same in healthcare industry, a remarkable piece of legislation- The Health Insurance Portability and Accountability Act (HIPAA), was coined. Made with the primary goal to tackle the issue of insurance coverage for individuals between jobs, HIPAA helps healthcare providers to safeguard against healthcare frauds, ensure the security of PHI, restrict healthcare information authorization as well as help in securely sharing healthcare information across various platforms. SecureNetMD is one of the fastest growing HIPAA Compliant Managed Technology Solutions Providers that help healthcare leaders make better decisions around technology. Founded in 2009, the company empowers healthcare providers to expand patient reach and improve patient care. SecureNetMD aims to be an innovative technology company, strategically focused on partnering in its clients’ success.

42 | September 2018 |

The Prodigy Leading SecureNetMD Jack Berberian is the Founder and CEO of SecureNetMD. He holds diverse educational proficiencies- JD, CPHIMS, CHSP, CHSA, ATC, to name a few. He is a seasoned entrepreneur who has worked across multiple industries and verticals. Jack has also founded Troy Ventures, LLC, MedTix, LLC, as well as co-founded ThinkSecureNet alongside SecureNetMD. Under this dynamic leader, SecureNetMD has reached the height of success that it is at today. “At SecureNetMD, we’ve invested in becoming a true technology partner for our clients. Our award-winning solutions are backed with first-class service, providing healthcare providers the leverage and confidence to get back

“We render strategic technology solutions built around your organization”

to what’s most important—improving and expanding patient care,” asserts Jack. Promising Solutions and Services Not only does it deliver fully-HIPAA compliant solutions, SecureNetMD has invested in developing a trusted relationship with its clients. It believes that the needs of healthcare organizations can vary greatly and hence, is not interested in a one-sizefits-all technology. With the largest needs of maximum healthcare organizations at its nexus, SecureNetMD offers solutions in four core focused areas: Managed Security Solutions, Managed IT solutions, Unified Communications, and IT Infrastructure. These aid in protecting healthcare organizations and their patient ePHI through innovative threat management, endpoint encryption, and compliance management solutions. The Managed IT solutions allow SecureNetMD to empower and streamline healthcare organizations with fully managed or co-sourced 24/7/365 service desk. They also allow healthcare providers of all sizes gain invaluable access to a full fleet of


10 MOST Trusted

The

Healthcare IT Security

Solution Providers 2018

certified technology experts whenever they need it. With its Unified Communications solutions, the company improves the flexibility and dependability of crystal clear VoIP and intuitive custom call flow designs. This helps healthcare leaders ensure that their patients are delivered to their destination quickly and efficiently. Its cloud-based Unified Communication (UC) platform empowers practice managers and healthcare leaders by delivering enhanced call analytics that can track peak call times, patient hold times, missed calls, and staffing efficiency through an intuitive reporting dashboard, 24x7. With its IT Infrastructure, SecureNetMD improves the infrastructure and scalability of healthcare providers with the fleet of certified cabling technicians, project managers, and onstaff certified RCDD. Outshining the Confrères Three areas that really set SecureNetMD apart from other Managed Service Providers are that it is a fullyHIPAA compliant solution provider. The company is rooted in technology and process efficiency and it has been passing this value to its clients to streamline their operations. It has spent the last decade developing a nimble and responsive service model, allowing its teams to respond quickly to the customer and industry needs. Moreover, SecureNetMD emphasizes on being a partner and not just another vendor, for its clients. Its award-winning solutions with first-class service are backed with partnerships. The company proudly says, “We don’t have business relationships, we develop long term partnerships that are earned over the course of time.” An Ambitious Workplace The company takes great pride in calling themselves a team, demonstrating true teamwork that rallies delivering world-class. One of the core values SecureNetMD is Growth. It focuses on investing in the growth of its team and each individual team member. Being in an industry that is ever-changing, it is required that the team members be agile and eager to improve on their specialties and expand their skillsets. SecureNetMD encourages its team to continue growth by providing incentives, recognition, and career advancement tracks to help them achieve the best version of themselves.

Jack Berberian Founder & CEO

Recognitions and Accolades SecureNetMD was recently recognized and featured as one of the Top 10 MSP for 2018 by a prominent magazine of the industry. It was also recognized as one the Top 10 Healthcare Companies in Delaware and Fastest Growing Companies in America by a well-renowned source. A prestigious source named SecureNetMD as one of the Top 10 VoIP providers. Additionally it has received several other recognitions throughout the local community as a leader in Healthcare IT, including Delaware Small Business Chamber Blue Ribbon Award, 2016 Best of Lewes Award in the HIPAA Compliant Healthcare IT Provider category, to name a few. Future Endeavors SecureNetMD’s plan for the future is to continue being recognized as a leader in the industry and a trusted partner for healthcare providers. As a partner to healthcare providers, it aims to be foster a strong commitment; so that healthcare providers can be confident in trusting SecureNetMD with not only the technology that their staff and patients interface with, but also in providing innovative solutions that future-proof their growing organization.

| September 2018 |

43





Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.