MHS – Cybersecurity Strategy
Puja Gopal
Shubham Kishore
SCAN Health Virtual Business Case Competition 2020, Round 2 Team “BRICK”
Andrey Popkov
Jinyu Yang
Table of contents SWOT Analysis on Current Scenario Problem Statements Solution Overview Evaluation Metrics Implementation Strategy Financial Model Monetization and Future Developments
Strengths: Strong awareness: MHS Chief officers recognized not only the unwavering priority of cybersecurity, IT, business and supply chain. Close community engagement: The participation of diverse communities helps to build a customized solution to diverse population groups across the US. Innovative initiatives: Attempts such as National Patient Identifier, Virtual Hospital, and Health Platform build and strengthen the firm’s industry reputation. Cost-effective: Supply chain coordination (such as reducing specimen variation and establishing protocols) reduces MHS’s, which ensures abundant capital to invest in cybersecurity initiatives.
Weakness: Long tail: The cost of one data breach can last for years, which further damage corporate image and profitability. Insider risk: Many instances in the data breach come from the employee. As MHS has lots of employees, the risk of the data breach from internal actors is higher. Island hop: MHS works with multiple parties, which increases the exposure island hop.
n o s i s y l a n SWOT A o i r a n e c S t n Curre
Opportunities: Huge potential demand: Due to the US's highest spending on healthcare, proposals that reduce administrative costs will be strongly favored by the market participants. Future growth: Synchronization of data between multiple parties will enable more accurate tracking and documenting resources that fulfill the mission of Value-Based Purchasing. Mitigate risk: Shared risk management framework encourage collaboration between different stakeholders, which reduces risk exposure and enables scalability at the same time. Enhance public trust: Having a more well-protected data center will strengthen the firm’s trustful brand image, which could be developed to a competitive advantage.
Threats: Grey Market & counterfeits: Counterfeit (unauthorized manufacturing) and grey market (unauthorized distribution) convey inferior medical products into the industry. Rise in attacks: Healthcare has the second-largest amount of data breaches in 2018 and the highest rate of exposure per breach. This trend is not likely to stop due to the high value of data in the healthcare industry. Third-party risk & Island hop: Companies lack an understanding of the 3rd parties which they share data with. As the number of 3rd parties increases, exposure to vulnerabilities increase.
1
Problem Statements
2 3
Island Hopping Insider Threat Gray market and Counterfeit Goods
1► Problem 1: Owing to the interdependencies amongst various healthcare and supply chain holders, a cyberattack event from one organization has a ripple effect on the linked organizations, which is termed “island hopping”. Reportedly, 70% of all attacks concern lateral movement across these interlinked networks.
2► Problem 2: The threat posed by internal actors need to be significantly lowered, and if possible
eliminated. As the majority of healthcare incidents (58%) involve insiders, and healthcare has the highest average total cost for data breaches ($6.45 million), addressing this issue will go a long way in helping to provide good cyber hygiene.
3► Problem 3: A complex system of medical supply chain, along with a large number of suppliers enable
forgeries to be hidden within original products. The gray product market share has been increasing over the last few years, by an average of 9%. The low quality of counterfeited products leads to a number of issues such as lowered effectiveness of the medical treatment, damage to original products’ and MHS’ reputation, and furthermore this could necessitate having to repeat the course of treatment.
Solution for Problem 1 ►
Roll out Just-In-Time (JIT) Privileged Access Management (PAM) software throughout the organization
►
Every third party access request will be monitored and subject to protocol
►
This will reduce magnitude of data exposure
Only authorized access: Unlike traditional access structure, there is no persistent access in JIT PAM. It eliminates the vulnerability of privileged account misuse as a hacking method.
Only to the right resources: The access approval will only be granted to the appropriate data/files. Also, this is fully automated which will not hinder operations of healthcare stakeholders.
Only during the right time: The minimal access required will be granted, to perform an individual activity. The privilege will expire very soon.
Success story: According to Gartner peer review, a database devoted to technology analysis, a healthcare organization in Canada (size $50 - $100 M) implement a JIT PAM product (Certify Zero Trust). The project took less than 3 months. The company recognizes this tool as very useful, because it avoid manual intervention in authorization and authentication.1
1https://www.gartner.com/reviews/market/privileged-access-management/vendor/centrify/product/centrify-zero-trust-privilege-services?industry=9864&sort=-helpfulness
Solution for Problem 2 ►
Implement Multi Factor Authentication (MFA) approach across the whole ecosystem
►
Every user access request will be authorized using three factors
►
This will help MHS lower the risk from internal threats by blocking 99.5% of hacks, by protecting user access and also protecting from malware Factor 1: What you know Username and Password
Factor 2: What you have Trusted Device
Factor 3: What you are Biometrics – Fingerprint
Access Granted Subject to passing all layers
Solution for Problem 3 ►
►
►
►
Collaborate distributed private Blockchain with the current enterprise software, thereby enhancing the transparency in the entire value chain. Each data will be etched on the network using hash (key/id), providing transparency, decentralization and tamper evidence of the data to the stakeholders. This will help MHS track the inbound and outbound inventory data and would give MHS an edge to verify all the 3PL and 4PL linked with its vendors. Thus, plagiarism or counterfeits would be stalled. This would also lead to remarkable quality control because of transparency with data logs.
Manufacturer 1
Distributor 1
Manufacturer 2
Manufacturer 3
Distributor 2
Distributor 3
GPO 1
GPO 2
Hospital 1
Hospital 2
GPO 3
Hospital 3
Cyber Hygiene Metrics In order to assess the success of the solutions proposed, the following metrics should be considered: ►
Reduction in percentage of “gray” and counterfeit goods ► Year 1: 30%, Year 2: 50%, Year 3 onwards: 70%
►
Reduction in the success percentage of “island hopping” instances ► Preventing unauthorized access from third party systems will cause decrease in the probability of successful
attacks by 70%. As 41% of data breaches are connected to this factor, the final risk will be decreased by 28.7% ►
Reduction in the percentage of internal data breaches ► Multi factor authentication on average decreases unauthorized data access by 95% and with internal factors
causing ~58% of incidents, the overall number of attacks will be decreased by 55.65% ►
Final expected decreasing of data breach risk is 28.7% + 55.65% = 84.35%
►
Reduction in average breach lifecycle ► Our enterprise software will shorten the time it takes to identify a breach and contain it, by 20% thereby
reducing the “long tail” to 223 days (165 days to identify and 58 days to contain it)
Part 1: Solution for insider threat and island hopping Multi Factor Authentication (MFA) Just-In-Time (JIT) Privileged Access Management (PAM)
Cost Savings with MFA and JIT PAM $1.60 $1.40
â–ş
â–ş
$1.20
According to an IBM research, security automation can decrease average data breach cost by 48.64%
$1.00 $0.80 $0.60 $0.40
The estimated probability of a data breach within two year is 29.6% (or 16.1% yearly risk) with an average increase of 5.5%
$0.20 $2020
2021
2022
2023
2024
Money Loss without Cybersecurity Solution Money Loss with Cybersecurity Solution
(in millions of dollars) Money lost on an average data breach Current increasing rate of loss per data breach Probability of data breach Increasing risk of data breach Money loss Average lost on data breach in companies with automated security systems Decreasing risk of data breach at 84.35% (from slide 8) Money saved
2019 $ 6.45 3.50% 16.1% 5.5% $ 1.04
2020 $ 6.68 3.50% 17.0% 5.5% $ 1.13
2021 $ 6.91 3.50% 17.9% 5.5% $ 1.24
2022 $ 7.15 3.50% 18.9% 5.5% $ 1.35
2023 $ 7.40 3.50% 19.9% 5.5% $ 1.48
2024 $ 7.66 3.50% 21.0% 5.5% $ 1.61
$ 3.43
$ 3.55
$ 3.67
$ 3.80
$ 3.93
$ 0.09 $ 1.04
$ 0.10 $ 1.14
$ 0.11 $ 1.24
$ 0.12 $ 1.36
$ 0.13 $ 1.48
Total
$ 6.26
Total Cost of Ownership for MFA and JIT PAM
1 https://duo.com/assets/ebooks/Duo-Security-Two-Factor-Evaluation-Guide.pdf 3 https://www.centrify.com/privileged-access-management/solutions/
2 https://mpa.co.nz/media/4410/twofactorauthenticationtherealcostofownership.pdf 4 https://store.devolutions.net/pricing
Part 2: Solution for counterfeits Blockchain-based SCM System
Impact of Counterfeit Drugs ►
The personal and public health tolls are huge, as is the economic burden — up to $200 billion annually
►
Popular fake drugs: Sildenafil, Vardenafil, Avastin, Oxycodone, Percocet, Fentanyl, Botox
►
In November 2016, Drug Enforcement Administration (DEA) agents confiscated a pill press, powdered synthetic opioids and alprazolam, 70,000 counterfeit pills made of fentanyl (and another 20,000 counterfeit Xanax), and $1.2 million in cash, from houses in Cottonwood Heights and South Jordan, Utah https://www.reuters.com/article/us-customs-drugs/customs-group-to-fight-200-bln-bogus-drug-industry-idUSTRE65961U20100610
Scenario Analysis of Counterfeit Drugs ►
Scenario 1: Counterfeit drug contains no active, or no harmful, ingredients ► Result: The drug fails to improve the patient's health, which can ultimately harm the patient
►
Scenario 2: Counterfeit drug contains no active ingredient, but has harmful ingredients such as antifreeze, bacteria-laced water, toxic yellow paint, powdered cement, and so on ► Result: The drug causes adverse health effects ► Example: >500 children died, worldwide. from counterfeit cough syrup that contained ethylene glycol (antifreeze)
►
Scenario 3: Incorrect drug is used in the counterfeit agent ► Result: The drug causes adverse side effects and could also harmfully interact with other medications that the patient
may be taking
►
Scenario 4: Counterfeit drug contains incorrect concentration or wrong dose of the drug ► Result: The drug causes adverse health effects or does not improve the patient's health to the fullest degree ► Example: A physician used a research version of Botox, which had a much higher concentration of the drug. This
caused respiratory paralysis and near death for many patients 1
Liang BA. Fade to black: importation and counterfeit drugs. Am J Law Med. 2006; 32: 279–323
Blockchain Solution builds on strengths of US healthcare industry ►
Consolidated Systems: According to an article from Deloitte, in the US healthcare industry, some health systems are increasingly consolidated. It enables higher efficiency and connect doctors, nurses and other stakeholders more closely.
►
Abundant Service Providers: According to a report issued by Netscribes, in 2019, around $550 million dollar was invested in the BC-enabled start-ups, of which grow to be the leaders in the globe. Consistently new patents are filed for BC-enabled healthcare projects.
►
Strong Government Support: The United States Department of Health and Human Services (HHS) invested $49 million to build A.I. and blockchain solutions to reduce operational backlog and costs.
https://www2.deloitte.com/us/en/blog/health-care-blog/2019/year-of-consumer.html https://www.prnewswire.com/news-releases/us-department-of-health-and-human-services-awards-unisys-contract-to-provide-artificial-intelligence-solutions-300933193.html
Blockchain SCM system ►
In addition to money saved from prevention of data breaches, monetization of Blockchain Supply Chain Management System is considered below.
►
Total Number of All U.S. Hospitals 6,1461
►
The number of consignments in year for one hospital is roughly 15 000 with average $16 for each invoice processing2 , so we expect that $2 for transaction will be a reasonable value based payment for using blockchain based supply management control system.
►
Therefore selling blockchain systems as a service with the low payment $2 for any received consignments creates a market of $180 million. 1 https://www.aha.org/statistics/fast-facts-us-hospitals 2 https://www.chromeriver.com/blog/automating-invoice-processing-benefits-for-hospitals
Monetization of Blockchain SCM system By Global Healthcare Supply Chain Market Growth (Status and Outlook) 2019-20241 : ►
Total addressable market (TAM) (whole supply chain management market) at 2024 reach US$ 2480 million
►
TAM $2480m
Software share – Serviceable Available Market (SAM) is
SAM $1537m
62% or US$ 1537 million ►
Serviceable Obtainable Market (SOM) for the 5 years forecast is 10% or US$ 154 million
1 https://www.marketwatch.com/press-release/at-88-cagr-healthcare-supply-chain-market-size-is-expected-to-2480-million-usd-by-2024-2019-03-28
SOM $154m
Best Practice for Blockchain Technology ►
Hyperledger fabric blockchain provided by IBM, AWS, AZURE, SAP and used by finance industries and automotive industries such as J.P Morgan, Daimler
►
The consensus mechanism mirrors the enterprise requirements and encompasses the entire transaction lifecycle. It works as follows: ► ‘Client’ nodes invoke transactions. ► ‘Ordered’ nodes provide updates to the transaction data. ► ‘Peer’ nodes receive the update from the orderer and maintain the distributed
ledger. They commit the transactions in the ledger. ► ‘Endorser’ nodes are peers who validate transaction validity such as digital
signatures. They endorse transactions so that other peers can record the transaction in the ledger. https://www.ey.com/en_gl/blockchain
Best Practice for IS implementation Framework
Cui, P., Dixon, J., Guin, U., & Dimase, D. (2019). A blockchain-based framework for supply chain provenance. IEEE Access, 7, 157113-157125. doi:10.1109/ACCESS.2019.2949951
Complex IS is related to the interests of different stakeholders Project team for pilot implementation should include representatives of: ►
MHS supply chain department
►
MHS top management
►
GPO and vendor
►
Government regulation experts
►
Community
Internal Stakeholders
External Stakeholders GPOs
Doctors
Vendors
Employees Management
Blockchain SCM system
Board
Patients Community Government
Contractors
All participants of the pilot project are important Stakeholder analysis power/interest grid
Plan to engage industry experts and partners:
Use collaboration software like SLACK, TRELLO and
high
►
Use social media to share progress
► ►
Participate in blockchain conferences Organize weekly team meetings and demo
walkthroughs to update key internal stakeholders, and also to obtain feedback ►
Perform periodic stakeholder engagement matrix
assessments to compare current and desired levels of engagement and take appropriate action
keep satisfied
manage closely
Government
Management
Board
Vendors GPOs
POWER
others
low
►
monitor
keep informed
Community
Doctors
Employees
Contractors
Patients
high
low INTEREST
Pilot project timeline Q2 2020
Q3 2020
Q4 2020
Q1 2021
Q2 2021
Q3 2021
Q4 2021
Q1 2022
Project Initiation Negotiations with vendors to choose a partner for a pilot project Choosing contractors for software development
Defining technical task
Front end Back end Smart contracts Integration with existing IS
Pilot testing with real data
Rolling out the system to other channels
Project management hybrid principles ►
►
►
Blockchain SCM system development is complex project based on the interests of different groups of stakeholders Complexity of technical solution and rapid change in blockchain innovations require agile approach in project management Collaboration of variety of participants such as vendors, experts, contractors and other does not allow to form SCRUM team for the whole project
►
For these reason hybrid approach to manage a project is suggested
►
While the whole project is managed by PM BOK methodology software development phases will be managed with SCRUM methodology.
Defining technical task Front end
Back end
Smart contracts
Integration Pilot testing with real data
Commercialization timeline Cash Flow (in thousands)
2021 -$957k
2022 $317k
2023 $3,172k
2024 $6,437
2025 $11,139k
Pilot project Serial implementation through all suppliers Sale access to other hospital in the US
International sales
2026 $13,734k
Investment Structure This project requires $975 thousands dollars in the initial year. The entire project will be funded by 2 parts: $900k from bank loan, which will be paid off by second year after going to the market, and $400 k private investment. $900k
$400k
Private Funding
Initial Investment Required Category
Amount (in thousands)
Platform Building
$660
On boarding deployment costs
$98.376
Cloud cost
$22
Ongoing maintenance cost
$140.640
Interest expense
$54
Total Cost
$975
Bank Loan Credits: devteam, IBM, EY
Cash Flow Projection: Development & Market Penetration phase (in thousands) Sales, net Cost of Goods Sold Gross Margin Depreciation & amortization Selling, general & administrative expense R&D expense Platform Building On boarding deployment costs Cloud cost Ongoing maintenance cost EBIT Interest expense EBT Income taxes Net Income (loss) Net Margin
2021 $$$$-
2022 $12,000 $7,200 $4,800 $66
Penetration Stage 2023 2024 2025 $60,000 $90,000 $126,000 $36,000 $54,000 $75,600 $24,000 $36,000 $50,400 $66 $66 $66
$-
$2,400
$12,000
$18,000
$25,200
$30,816
$-
$1,800 $-
$7,200 $-
$9,000 $-
$10,080 $-
$12,326 $-
$4 $19 $140 $371 $54 $317 $-
$5 $234 $480 $4,015 $-
$6 $240 $540 $8,148 $-
$7 $254 $693 $14,100 $-
$8 $260 $770 $17,385 $-
$317
$4,015 $843 $3,172
$8,148 $1,711 $6,437
$14,100 $2,961 $11,139
$17,385 $3,651 $13,734
2.64%
5.29%
7.15%
8.84%
8.91%
$660 $98 $22 $141 $(921) $54 $(975) $$(975)
2026 $154,080 $92,448 $61,632 $66
Cash Flow Projection: Mature Stage (in thousands) Mature Stage (in thousands)
2026
2027
2028
2029
2030
2031
Sales, net
154080
180000
198000
217800
239580
263538
Cost of Goods Sold
92448
95400
104940
115434
126977
139675
Gross Margin
61632
84600
93060
102366
112603
123863
Depreciation & amortization
66
66
66
66
66
66
Selling, general & administrative expense
30816
27000
29700
32670
35937
39531
R&D expense
12326
14400
15840
17424
19166
21083
Platform Building
0
0
0
0
0
0
On boarding deployment costs
8
10
12
14
17
21
Cloud cost
260
267
267
267
267
267
Ongoing maintenance cost
770
900
990
1089
1198
1318
EBIT
17385
41957
46185
50836
55951
61578
Interest expense
0
0
0
0
0
0
EBT
17385
41957
46185
50836
55951
61578
Income taxes
3651
8811
9699
10675
11750
12931
Net Income (loss)
13734
33146
36486
40160
44201
48646
Net Margin
8.91%
18.41%
18.43%
18.44%
18.45%
18.46%
Return on Investment
Blockchain is a new trend across industries ► Walmart traces products all the way back to the farm using blockchain technology
to ensure quality of food.
► “When it comes to safety, this is not a competitive issue. We all win or lose together.” Frank Yiannas, VP of Food Safety at Walmart 1
► International food and drink firm Princes requires all Italian farmers, providing fresh
tomatoes, to use a blockchain platform.
► “This agreement reflects the shared desire that exists for innovation and change to historical ways of working in the tomato supply chain.” Princes’ corporate relations director David McDiarmid said 2
► Unilever has expressed its satisfaction with the results obtained from its pilot
blockchain program for the purchase of digital advertisements. 3 (Unilever Saved Two to Three Percentage Points On Advertisement)
► Marks & Spencer is partnering with Microsoft to enter a new, AI-blockchain
powered technology, helping the retail industry is mainly to eliminate queues and checkout turmoils experienced by many customers, especially at large retail giants. ► “M&S is transforming into a digital-first retailer, at a time when the sector is undergoing a
customer-led revolution. We want to be at the forefront of driving value into the customer experience using the power of technology” said Steve Rowe the CEO of Marks & Spencer 4
1 https://corporate.walmart.com/newsroom/2018/09/24/in-wake-of-romaine-e-coli-scare-walmart-deploys-blockchain-to-track-leafy-greens 2 https://www.edie.net/news/7/Princes-turns-to-blockchain-to-minimise-supply-chain-sustainability-risks/ 3 https://www.cryptoknowmics.com/news/unilever-satisfied-with-its-blockchain-pilot-project 4 https://www.leaprate.com/cryptocurrency/blockchain/microsoft-in-partnership-with-marks-spencer-with-a-new-blockchain-project/
Further development The EU pharmaceutical market is close to the US industry as developed and mature environment with a size of more than 200 billion dollars 1 ►
It is planned to enter the EU market through international vendors who are already working with MHS, as our system will be adopted buy these vendors it will be easier to sell solution to EU hospital and pharmacies networks
The adjacent markets to expand sales are pharmacies for drugs supply chain and the markets of medical equipment and dietary supplement ►
There are approximately 67,000 pharmacies 2 in the United States compare to 5,564 registered hospitals 3
►
The U.S. medical device manufacturers market size forecast for 2020 is more than $ 190 billions 4 and dietary supplement is more than $ 130 billions 5
International and adjacent markets expansion can increase total sales at least twice 1 https://info.evaluategroup.com/rs/607-YGS-364/images/Evaluate-European-Drug-Forecasts-Infographic-IG.pdf 2 https://en.wikipedia.org/wiki/Pharmacies_in_the_United_States 3 https://www.beckershospitalreview.com/hospital-management-administration/50-things-to-know-about-the-hospital-industry-2017.html 4 https://www.grandviewresearch.com/industry-analysis/us-medical-device-manufacturers-market 5 https://www.grandviewresearch.com/industry-analysis/dietary-supplements-market
Thank You For Your Attention
Appendix
Option Appraisal for Problem 1 Intrusion Detection and Prevention Systems
The IDS contains a database of known attack signatures and compares it to the inbound traffic. The IPS sits between a firewall and the rest of a network, to stop the suspected malicious traffic.
Network segmentation
Systems that have connections with third party software can be placed in a special network, mirroring in real time with synchronization with main resources and backing up information on a regular basis.
Just In Time Privileged Access Management
No one has permanent access to data in this concept. Users are divided into different groups with ability to access specific type of data. Users are authenticated whenever they need access.
Pros Intrusion detection and prevention systems
Quantify and qualify attacks: IDS can analyze the amount, and types of attacks. Boost Efficiency: IDS can identify the services or operating systems being used, which is time saving compared to manually doing this. .
Network segmentation
Better containment: When a network issue occurs, the effects are limited to the local subnet. Better access control: Can allow users to access only certain network resources.
Just In Time Privileged Access Management
Segment the privilege group: It divides users into different privilege groups, reducing the exposure of data to potential leaks. Quick implementation: From the company reviews, the implementation time is less than 6 months.
Cons Fake IP: IDS reads the information from an IP, but this can be faked, leading to difficulty in detecting and assessing the threat. Cannot see encrypted packets: An IDS is unable to see into encrypted packets Harder to design: The more segmented the network is, the more time it would take to design and subsequently manage it. Harder to manage user access: In complicated network segmentations, it can be difficult to ensure users have correct access. Added Assistance: Requires more assistance from third parties to implement this. Limit Suppliers: Owing to the added assistance, suppliers maybe less inclined to implement this
Option Appraisal for Problem 2 Machine Learning for Firewall
Algorithm will pick up keywords related to data, phishing links and anomalies in employees’ email. Maintain the cut-off point for a possible hack to a rigorous value will lower the risk of a possible attack.
Bring Your Own Device Security
Special systems can create virtually divided network that will not allow unsecure devices, users, and software to get access to hospital system. Such solution usually includes hardware and software part.
Multi-Factor Authentication
This is a layered approach. Compromising all the factors poses a significant challenge to attackers as even if they are able to obtain a user's password, it is useless without obtaining the other authentication methods.
Cons
Pros Incident Response: Risk of attack would be averted as automatic responses would be triggered resulting in the enterprise-wide removal of all internal spam Efficient for untrained workforce: Untrained workers are prone to opening phishing mails, so it acts as a firewall
Risk of filtering important mails: Important mails from suppliers or other collaborators might be filtered out. Employee satisfaction: Employees might feel this continuous monitoring as a breach to their privacy
BYOD Security
Cost effective: It eliminates the need to buy employee specific devices and equipment. Boost productivity: It allows employees to use devices they are familiar and comfortable with, leading to greater satisfaction.
Lost or stolen devices: Misplaced devices could enable unwanted third-party access Additional Measures: To protect safety, additional measures like VPN is required
MultiFactor Authentica tion
Additional security: This provides an added layer of security, thereby lowering the risk of an intruder getting access Lower password reliance: Passwords are easily hackable, and as phishing attacks are a major threat in healthcare, additional safety layers are essential
Dissatisfaction: Employees may find additional layers of security cumbersome Backup options: In instances wherein the user misplaces their token or device, they would need an alternate route to gain access
Machine learning for the firewall
.
Option appraisal for problem 3 Secure Anti-Counterfeit Packaging
Existing technologies (RFID, Barcode, Hologram, Taggants) that can be used by manufacturers to enhance transparency in the supply chain.
Selective Chemical Quality Control
Modern technologies provide small devices for a fast chemical test, they can be used for additional control for every shipment receiving from GPO.
Private Permissioned Blockchain
Proof of transactions could be used to store in NoSQL form in blockchain nodes to provide transparency and tamper evidence to the data. Storing of the data will be using hash a key which can be used to access the contributor of data.
Pros Secure AntiCounterfeit Packaging
Selective Quality Control
Private Permissioned Blockchain
High visibility: Multiple stakeholders can track the inventory across the network. High efficiency: Manual intervention is replaced by process automation. Quick integration: Very little training is required. Fast & convenient: the test can be done in a quick way and generate immediate results. Safety: Blockchain ensures security and accurate data storage. Transparency: It is almost impossible for someone to make a change without being noticed.
Cons Training Period: Staff needs lengthy training. Privacy: Some non-state actors can read these chips if they are tuned to the right frequency, leading to widespread identity theft Limitations: The test gives limited information, and errors can happen. Sample consumption: The process destroys the sample under investigation. Need of commitment: Require high level support from management team. Difficulty in scalability: The ability to scale is advancing day by day, but it is not mature yet.
Risk
Mitigation Strategies
Human factor implementation of new software, standards, and technologies can face resistance from employees
Involve key experts from different departments in the project team and provide periodic training to end users
The time required for software development and system implementation could increase
It is necessary to allocate a separate project manager, one for each solution. Use the Earned Value Management approach to control the development of the project through its milestones
Could face changes in government regulation
System should be implemented in phases, which will allow the project team to respond to changes according to the principles of Agile methodology
The partners (vendor, suppliers) may have low motivation/involvement in the pilot stage
Partner representatives should be included in the project team. Clear expectation of all participants should be clearly defined in the planning stage
Long Term Strategy ► In the long run, we would strive to optimize the
blockchain network and, using faster and cheaper computing as a service we can monetize and scale the blockchain enterprise package to all the industry segments. Even, in healthcare EHR(Electronic health record) can be added to the private node of blockchain to have fluidity.
► A large hospital can have as much as 85,000
connected medical and IoT devices in 2024, putting a significant strain on the digital supply chain. Edge analytics and computing should be developed to reduce this. ► The risk model comprising AI, blockchain, edge
analytics would be uniformed throughout the whole connected devices, and implementation of AI can help us to predict a discrepancy in the value chain, which will reduce the scope of future hack. Figure from MIS Quarterly Executive. Dec2019, Vol. 18 Issue 4 1 1 https://aisel.aisnet.org/misqe/
Conclusion ►
MHS need to focus on eliminating 3 main problems, to the maximum extent possible
►
Based on the various options considered, we believe the best solutions for these 3 problems are: ► Problem: Gray and counterfeit goods; Solution: Blockchain so there is better traceability in supply chain ► Problem: Island hopping; Solution: Multi-Factor Authentication for access to third party software ► Problem: Insider threats; Solution: Just-In-Time Privileged Access Management so as to ensure the legitimate
users have the correct access they need to perform their job
►
We propose these to be implemented first on a pilot hospital, and subsequently scaled up
►
Risks such as resistance from employees can be significantly lowered by taking the necessary precautions upfront such as providing the proper training and involving key members
►
The success of implementation can be monitored by analyzing how aspects such as the number of attacks is lowered over time
►
Overall, by implementing the proposed solution $6.26 million will be saved, over 5 years
►
All these combined together will pave the way to a better cyber hygiene for MHS
Cash Flow Projection - Assumptions
Penetration Stage Penetration Price
Mature Stage $20,000
Quantity sold in Year 1
100
Sales Growth per Year
40.0%
Gross Margin Amortization Rate
40% 0.90%
Price after expansion stage
$30,000
Quantity Sold in Year 2028
1500
Sales Growth per Year
10%
Gross Margin
47%
Amortization Rate Selling, general & administrative
20.00%
R&D
15.00%
Interest Rate
6.00%
Loan amount
$900,000
Tax rate Initial Investment
21% $905,056
Reference: IBM 2018 Annual Report – Income Statement
0.90%
Selling, general & administrative
15%
R&D
20%