Unbreakable Encryption
Encryption Algorithms Under Siege
Over the course of history, the development and subsequent breaking of encryption standards have been a constant cycle. As new keys were developed so they were broken and the speed of with which new keys were broken has increased. Modern day encryption “Data Encryption Standard” or DES was launched int he 70’s with a 56-bit key (64 bits but with 8 parity bits). This encryption was cracked in 1999 and with the likelihood, looming NIST launched a new search for encryption standards giving rise to Advanced Encryption Standard (AES) (aka Rijndael) with 256-bit keys and is under attack both cryptographically and by brute force of faster computers including as and when they arrive. As a result, NIST is seeking new proposals for cryptographic standards to replace AES when it is broken – but with the advent of Quantum computing this will be broken too
Unbreakable Encryption
I spoke with John Prisco, President & CEO for QuantumXchange who in his words are pioneering unbreakable encryption. I know what you’re thinking – the idea of something being unbreakable/unhackable seems impossible and I was dubious as well.
But here’s what’s interesting – the foundation of the technology is the Heisenberg (no not that Heisenberg) uncertainty principle
Single Photon Based Encryption Keys
That uncertainty is a physical property, not a mathematical derivation (the foundation of encryption). QuantumXchange uses the quantum properties of single photons (light) to exchange data between two locations, with keys derived from the exchanged quantum information. The keys are Tamper Evident: Any attempt to intercept (look at or break) the key will change the state thanks to Heisenberg Uncertainty Principle causing a change in quantum state thereby corrupting the key – in which case those keys are rejected and a new pair created.
All this takes place on “Dark Fiber” from Boston to Washington DC and offering this up to customers in the healthcare and financial services markets and have examples already in play of oil rigs using their Quantum Keys to secure the huge numbers of IoT devices that are used in critical infrastructure and control for oil drilling and production
This concept is especially important for Healthcare data which has the longest shelf life of any data in the industry so protecting it over extended periods of time is essential if we are to maintain patients privacy and confidentiality
Here’s the Interview:
Unbreakable Encryption was originally published on Dr Nick – The Incrementalist
Artificial Intelligence in Medicine
Artificial Intelligence in Medicine – Better More Rewarding Medicine
It was great to catch up with colleague and friend Dr. Anthony Chang (@AIMed_MD) Pediatric Cardiologist, Founder of Artificial Intelligence in Medicine (AIMed) and Director of Medical Intelligence and Innovation Institute (MI3) .
How did a pediatric cardiologist find his way into the field of Artificial Intelligence, Machine and Deep Learning?
Those of you that saw the original Watson Jeopardy Challenge
Anthony like me had the same reaction to this incredible achievement by the IBM Watson team that beat out the top 2 Jeopardy champions with an Artificial Intelligence Computer system that consumed the contents of the internet library and tested out the correct answers more frequently than the two human champions.
With a background teaching statistics augmented with an MS in Biomedical Data Science/Artificial Intelligence, he has blazed a path to attract colleagues and data geeks from around the world to participate in the future of healthcare augmented by data
For those of you challenged understanding the terminology of the space this Venn diagram is helpful in putting the various disciplines in perspective
Along the way, he like many of my other guests has discovered the value of the adjacent possible – in his case adjacent to data scientist and technologists with clinicians deeply invested in day to day clinical care – both learning from each other
We cover everything from machine learning and data science through the requirements for clinicians (or not) to gain qualifications in data science. Hear his eloquently answers the age-old question of
Will I still have a job once AI has replaced me
TL;dr – yes and it will be more rewarding
Join me as you hear how and why you should change the way you think of medicine and data. The good news is – you can participate in the next AI Med event which mixes specialist, clinicians, data geeks and patients from around the world in a unique experience that offers a great learning and mind opening experience.
Listen live at 4:00 AM, 12:00 Noon or 8:00 PM ET, Monday through Friday for the next two weeks at HealthcareNOW Radio. After that, you can listen on demand (See podcast information below.) Join the conversation on Twitter at #TheIncrementalist.
Listen along on HealthcareNowRadio or on SoundCloud
Artificial Intelligence in Medicine was originally published on Dr Nick – The Incrementalist
Sleep – The Foundation of Health
Sleep The Wonder Drug
This week I am focusing on sleep – a hot topic given the recent tweets from Eric Topol
What a bad night of #sleep leads to –>https://t.co/ox0mo6IUNP
—extensive molecular response that helps explain weight gain
—also muscle wasting@ScienceAdvances open-access, nice work by @JCedernaes @sleep_advocate @UU_University @UppsalaUni pic.twitter.com/q5SHB6z8cu— Eric Topol (@EricTopol) August 22, 2018
https://platform.twitter.com/widgets.js
and
Just one night of bad #sleep has a surprising, striking and disruptive impact:
—β-Amyloid in the #brain accumulateshttps://t.co/WV8h2Cki2I @PNASNews #OA @NIAAAnews
—Δ metabolism (toward weight gain) and muscle breakdownhttps://t.co/FXDr66oywC @ScienceAdvances pic.twitter.com/uOmTBx3qEh— Eric Topol (@EricTopol) August 25, 2018
https://platform.twitter.com/widgets.js
In fact, the value of sleep is well understood – just poorly implemented
Good news there’s been an AMAZING BREAKTHROUGH! Scientists have discovered a revolutionary new treatment that makes you live longer. It enhances your memory and makes you more creative. It makes you look more attractive. It keeps you slim and lowers food cravings. It protects you from cancer and dementia. It wards off colds and the flu. It lowers your risk of heart attacks and stroke, not to mention diabetes. You’ll even feel happier, less depressed, and less anxious. Are you interested?
The above quote is from Matthew Walker (@sleepDiplomat)- researcher and Author of the excellent book “Why We Sleep”. Essential reading for anyone wanting to deep dive into what we know about sleep and its incredible positive effect on our health and brains.
The science is in and the benefits of sleep are clear so how do you get yours.
Incremental Steps to Sleep
How do you get into the habit and routine of getting a great nights sleep each and every night? Some of the highlights include:
Temperature
Habit/Routine
Light – dark quiet rooms
Say no to Drugs and Alcohol – not the right kind of sleep anyway
Here are my thoughts on Sleep Hygiene – you can also see more here “12 Sleep Hygiene Practices”
Sleep – The Foundation of Health was originally published on Dr Nick – The Incrementalist
Are Your Pagers Leaking PHI Data
Hospital Paging Systems Security
I spoke with Mark Nunnikhoven, VP of Cloud Research at Trend Micro talking about their recently published paper: Leaking Beeps: Unencrypted Pager Messages in the Healthcare Industry which were designed and built in an era when it took a lot of resources and technology to access the system but now all it takes a couple hundred dollars and a pc add-in and you are in.
“When pagers first came out the effort to interact with the system was high”
TL;dr Pagers in the Clinical setting are unencrypted and represent a security risk for breach of Personal Health Information
Mark’s Incremental step – don’t include PHI in any pager traffic, then get rid of pagers and replace with mobile devices that have end to end encryption
In their study they found that the transmissions are not encrypted and contain multiple elements of PHI – they saw lots of examples – (you can download the report here) but the summary of the exposure of PHI information in the unencrypted messages being sent analyzed by TrendMicro offers a peek into the potential breaches taking place on a daily basis
Mark also mentioned another report on Securing Connected Hospitals that looked at connected devices highlighting the huge increase in attacks on healthcare information systems in particular with Ransomware
Incremental Steps for Securing Your Pager System
- Don’t Include Personal Health Information in Pages but rather ask for a Call Back
- Replace the Old Style Pagers with New Technology and Devices, and
- When Building Devices you must build security into the product
Are Your Pagers Leaking PHI Data was originally published on Dr Nick – The Incrementalist
Mindfulness and Meditation
This week we are focusing on mindfulness and meditation and why it is important for your health. People that include mindfulness and meditation in their daily routing find they are better able to deal with pain, have improved immunity, sleep better, lower their blood pressure and have less inflammation.
What are the Incremental steps to get you into a regular habit of mindfulness and meditation – the first step is to find what works for you. What’s the best time and where is the best place that works for you? Once you have decided where and when, like most other incremental steps it requires you to take that first step. It can be hard and one of the important things is to understand that you don’t have to do it for very long – even a few seconds can be helpful and then work up to longer times.
There are a range of apps you can download to help you start including some great free apps and I talk about some of those choices and options
Here are 5 free apps you can download that can help you get started
Can I ask a favor – if you like the video, please subscribe to my channel, and if you don’t leave me your feedback/thoughts on how I can improve things
Mindfulness and Meditation was originally published on Dr Nick – The Incrementalist
Getting into the Exercise Habit
Exercise Routine
In this weeks video I discuss getting into the habit of exercise
Getting into a regular routine for exercise is the first step to making this part of everyday activity. How do you do that – the first step like most other incremental steps is to start. It can be hard and one of the important things is not to seek to do too much initially. If you can only get 5 minutes of exercise, get that. Once that’s a regular event and you are finding that easier, extend the time and distance to 10 minutes, 15 minutes and keep adding.
As for locations outside is always a good place to start but if that’s not ideal you can always try and find a gym, buy some cardio equipment maybe a second hand one or find a nearby mall to start your exercise program.
It can be hard to start but the most important thing is to start – if you can find a friend and start together, company always helps and if someone is expecting you it helps to keep you showing up every day.
Here are some simple suggestions for starting an exercise program
Getting into the Exercise Habit was originally published on Dr Nick – The Incrementalist
Improving Security by Default
Security by Default
The opening Keynote by Parisa Tabriz | Director of Engineering, Google: Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes covered the journey taken by Google to bring the status of browsing into the Security age. It was sobering to see that a company like Google with the resources available started this journey in 2014 and only now starting to see significant progress – 4 years so far. Their path, like so many others, was a series of incremental steps to improvement and change
Wacka-Mole
Security, as described by Parisa, is much like the Wacka-Mole game
The biggest round of applause came when she stated:
“Bl
But the biggest round of applause came when Parisa stated:
Blockchain is not going to solve all your security problems
Google's Parisa Tabriz @ BlackHat2018 says security is like Whack-a-Mole and #Blockchain won't solve all security problems pic.twitter.com/3Wluw3oqz9
— tom spring (@zpring) August 8, 2018
https://platform.twitter.com/widgets.js
Clearly not a lot of support for Blockchain in the BlackHat audience….. yet?
From the journey taken to securing the Chrome browser the key learning boiled down to three elements
- Tackle the Root Cause
- Project Zero (disrupt the industry)
- More Transparency and Collaboration – shared security goals
Three ways we can improve security & stop playing whack-a-mole (also, blockchain will not solve all of our problems). Parisa Tabriz of Google #Blackhat18 pic.twitter.com/36StBR4bAI
— Duo Security (@duosec) August 8, 2018
https://platform.twitter.com/widgets.js
Ultimately it is hacking the status quo and bureaucracy is achieved through Incremental steps that challenge the status quo. For those that don’t remember the concept of bug bounties was controversial initially now it is the gold standard
Also, Auto updates of security patches were controversial now not so much
Interesting slide of the different presentation of “secured” site in chrome
In their survey, most users perceived the second choice as normal and secure. Over time they have moved the security indicators bringing along a large consortium of people along the way
And in bringing together experts Parisa highlighted something I have long advocated in Engineering healthcare technology – the people creating and experts in the technology are rarely the right people to optimize usability – as she put it
Security people are rarely the right people to ask about usability in security interactions/interfaces
“Be a team player, don’t be a jerk”
Also noted that Google Page Rank used as an influencer
Incremental Steps to Security
At the press conference afterward what one incremental step should you take in securing your enterprise:
Getting everyone pulling in the same direction is a key requirement
Focus on finding the incentive and/or ROI for the people who are responsible for security
Everyone has too much on their plate – what is required is allowing people to focus on the security as a priority over all the other tasks on their to-do lists. This was true with project zero and with the https push (remember this took from 2104 to 2018)
Security engineers at Google first tried to change HTTP UI in 2104. They did it in 2018. Things take time. If you’re having a hard time advancing your ideas, don’t give up. Keep fighting the good fight. Progress takes time. #BlackHat2018
— Adam Lewis (@lewiada) August 8, 2018
https://platform.twitter.com/widgets.js
I will leave you with this as a closing thought
A Product that has no security flaws/bugs probably just doesn’t know about them
Improving Security by Default was originally published on Dr Nick – The Incrementalist
Telehealth is Here – Getting There Quicker with Incremental Steps
Telehealth is Here – Getting There Quicker with Incremental Steps
This week I am talking to Dr. Til Jolly, CMO for Specialists on Call (SOC) Telemed who are delivering enterprise-wide telemedicine to over 450 hospitals
Dr Jolly is an Emergency Room physician with a fascinating background that includes working for the NFL Super Bowl “Emergency Preparedness Team” planning super bowls around the country over multiple locations. He shares some of his experiences in that role and some of the things he learned along the way – learning from previous events, clear role assignment and division and above all practice (he’s talking about the medical teams but I’m sure that’s true for the NFL teams :-))
We talk about the small incremental improvements that have been adding up in Telehealth delivery – as he puts it the barriers are not technology anymore and there has been some good progress around reimbursement. In an interesting twist and different perspective, he looks back with fondness at the introduction of the Fax machine and the positive impact it had on care with the ability to fax EKG’s direct to clinicians.
The resistance is no longer coming from patients and in some instances is clinicians and health systems who want to find “traditional” methods of care delivery but the writing on the wall is clear: Telehealth is here to stay and will be a major part of helping support our aging population even mitigating some of the loneliness these individuals have
Listen live at 4:00 AM, 12:00 Noon or 8:00 PM ET, Monday through Friday for the next two weeks at HealthcareNOW Radio. After that, you can listen on demand (See podcast information below.) Join the conversation on Twitter at #TheIncrementalist.
Listen along on HealthcareNowRadio or on SoundCloud
Telehealth is Here – Getting There Quicker with Incremental Steps was originally published on Dr Nick – The Incrementalist
Defending Science
The Fake Science Factory
In hindsight, the Waset publishing organization (I’m not linking to it so as not to help their SEO – waset DOT org) should have refunded Chris (Suggy) Sumner’s money when he asked for it, but the rest of Science thanks them for not doing that. So launched a year-long deep dive into the underbelly of predatory publishing partnered with Svea Eckert (@sveckert) (who blew away any sense of privacy with the outstanding “Dark Data” presentation last year at DefCon25 – take a look at the presentation here) alongside Till Krause (@TillKrause)
Suggy’s trip to present his paper in October 2017 in Copenhagen proved to be a big disappointment with a room filled with a small cadre of presenters and no conference attendees to speak of. He teamed up with Svea and Till who set about a project to investigate this organization and others in the space of predatory publishing (something Jeffrey Beal has long campaigning against who was besieged by legal threats he could not fight as an individual – his list lives on here).
The Science Paper Sting
They Used the SCIgen auto paper generator to create a paper and submitted it for one of the conferences on the Waset site. The paper was accepted and they arrived ready to present the nonsense paper, word for word to a similar audience seen by Suggy. Their biggest challenge holding a straight face and not bursting out laughing as they read the paper. They received an award and certificate for “Best Presentation”
They had another junk paper accepted promoting Bees as a cure to Cancer – one they tried to withdraw explaining it was junk and not wanting to add to the morass of fake claims but were told this would cost an additional fee to remove!
The Data
In a combined effort the team reviewed and downloaded the publicly available data from the websites of the offending publications and organizations they had identified a whopping list of 44,476 conferences!
They created a database to analyze the results with total numbers of abstracts for each of the organizations (Omics and Waset – leading the way in papers both more than double the next nearest at 60,000+ abstracts). The grand total:
179,239 Abstracts and 400,000 authors
(As they pointed out this is 5% of the total of published papers but the trend in the last 10 years is troubling seeing a huge increase) and impacting our academic institutions as seen in their data
The Impact
The harm from these publications extends far beyond the individual papers and authors financial loss for the cost of publishing and attendance. As they highlighted the “validation” these papers give to false claims have allowed snake oil predators to justify their claims as seen with GcMAF “treatment” for Cancer. These claims are amplified by media personalities – with a well-known media personality from Germany Miriam Pielhau (Dr Hope) who was featured in their short film you can watch with English subtitles here
She like many others reached for any last hope as she battled cancer leaving a legacy behind that promoted this remedy – which is set to go to trial in the UK this November which alleges it is being sold using fake studies. And manufacturers have been using these resources to justify marketing for their products (Philip Morris and their smokeless tobacco, Bayer promoting Aspirin and Vitamin C for example) and well beyond healthcare into other science domains and used by lobbying groups as justification for their positions. But this just scapes the surface and the group highlighted several other targets:
- Autism
- Chronic Fatigue
- Cancers
- Depression
- Anxiety
- And there are many who combat the pseudo-science on a daily basis – some facing extreme assaults on their lives, families, and reputations – these people are my heroes.
What do we Do
We need to be part of the solution – identifying these organizations and calling out predatory publishers and conferences. The presenters have joined forces with other media organizations around the world who are also researching these groups and publishing – this recent piece in the Guardian – Predatory Publishers who Churn Out Fake Science
More than 175,000 scientific articles have been produced by five of the largest “predatory open-access publishers”, including India-based Omics publishing group and the Turkish World Academy of Science, Engineering and Technology, or Waset
And continue to seek partners and participants to help remove these groups and paper. This attacks the very foundation of our decisions and actions – especially true in medicine. Take a look at their work, reach out and follow up with them as you identify other potential organizations, conferences, and publishers and participate everywhere you can in addressing claims that are not substantiated by peer review articles backed up by real science
The full presentation – Updated (13Aug2018) Presentation – Inside the Fake Science Factory
My thanks to Suggy, Svea, and Till for an outstanding piece of work and presentation – all credit to them for everything above
Defending Science was originally published on Dr Nick – The Incrementalist
Exploiting Implanted Medical Devices
Hollywood Future Predictions
Spoiler Alert – for anyone who has not watched the Showtime series “Homeland” or not got past Season 2
In the Episode titled “Broken Heart” (December 2, 2012) we watch a hacker gain remote unauthorized access to the Vice Presidents Pacemaker and induces a tachycardia (increase in the heart rate) causing him to succumb to a heart attack. Abu Nazir kills the vice president by accessing his pacemaker remotely:
While the whole operation seemed almost too simple, it was not an implausible tactic. We saw this in October when Darren Pauli wrote about a researcher in Australia who
“reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.”
The risk was real enough that Dick Cheney revealed his fear of this hack to have the wireless function turned off in 2007 and it was covered in this piece in the NY Times A Heart Device Is Found Vulnerable to Hacker Attacks but was discounted based on the high cots and need for sophisticated equipment.
Enter a security manager and researcher – Billy Rios who, thanks to an unplanned extended visit to a hospital surrounded by a slew of unsecured access points in his hotel room and devices connecting via WiFi connected to him went on an 18-month journey to study the risks.
This presentation is the culmination of an 18-month independent case study in implanted medical devices. The presenters will provide detailed technical findings on remote exploitation of a pacemaker systems, pacemaker infrastructure, and a neurostimulator system. Exploitation of these vulnerabilities allow for the disruption of therapy as well as the ability to execute shocks to a patient.
He presented his findings at BlackHat 2018: Understanding and Exploiting Implanted Medical Devices
Here’s the video of the hack demonstrated at the event:
I was fortunate to speak to him to discuss the journey, his findings and thoughts on incremental steps to mitigate this
As Billy points out – it is essential for the clinical team to focus on these risks, understand the concerns raised by the security researchers and others and provide the essential clinical perspective missing from healthcare security discussions
Here is the live stream of their presentation and demo:
Exploiting Implanted Medical Devices was originally published on Dr Nick – The Incrementalist
Navigating Healthcare - Patient Safety and Personal Healthcare Management 
leave a comment