Cybercrime Archives - InnoHEALTH magazine

Webinar: Cyber and Data Security for Healthcare Establishments

InnoHEALTH Magazine — Tue, 10 Dec 2019 08:25:58 +0000

Title: Cyber and Data Security for healthcare establishments
Date: December 21, 2019
Time: 4 pm to 5 pm
Speakers: Satyendra Verma, Sachin Gaur
Organizers: CAHO and ICFHE
Register now
Introduction:

Healthcare is a vulnerable target for cybercrime because of two simple reasons; Firstly, it is a rich source of valuable data and Secondly, defenses are virtually absent in most healthcare establishments around the world and the case is no different in India.

The decision makers in the ecosystem are aware that Databreaches and attacks on medical devices can have severe consequences but unlike other sectors, the slow pedalling in this direction has little to do with lack of security budget or availability of methods to secure them but has more to do with the Gap in understanding among them.
This Webinar aims to help to demystify this topic with minimum technical jargon and demonstrate how no amount of technology or solutions can help unless they are preceded by clear Decisions & Directions from the Top Management. We will also share an innovative cybersecurity toolkit which can be used to do a quick in-house assessment of the Information Security Statues at your Healthcare establishments and how simple steps can resolve 80% of the Information/Cyber/Data Security issues.
Who will Benefit ? / Target Audience:

Top management
Decision makers
Owners

What it IS?

Attempt to Demystify the Subject for Top management.
Guided Quick Self Assessment of your Cybersecurity Status
Educate about forthcoming Indan Regulations related to Data Security
Explanation on which 20% of efforts can solve 80% of the problems.

What it is NOT?

Technical Details of Cyber Attacks.
Explanation of a particular solution.
Aimed at IT Managers

Speaker Bio:
Satyendra Verma
An Army vetran has an extensive exposure to Information System Security in his 23 years of service with Indian Army. After retirement, he has done extensive research to gain knowledge about the cyber issues pertaining to Healthcare and Education sector. He has conducted extensive training and workshops in Information Security in both the fields. He is ISO 27001, Certified Lead Auditor for Information Systems Security. He is also an active sportsman and the Indian Team Captain for Wingsuit Flying.
Sachin Gaur:
He has a double M.Sc.(tech) in Mobile Security and Cryptography from Aalto University, Finland and University of Tartu, Estonia. He has worked in the past with organizations like Adobe, C.E.R.N. and in research at the Aalto University in security related topics.
Register now for free

Also Read:
Exclusive Interview with India’s National Cybersecurity Coordinator
Don’t ignore the cyber threats in hospital. Enroll for the Cyber4Healthcare course on Udemy

The post Webinar: Cyber and Data Security for Healthcare Establishments appeared first on InnoHEALTH magazine.

Cybercrime and Threats in 2019

InnoHEALTH Magazine — Thu, 23 May 2019 09:45:17 +0000

Karnal Singh, the Former Director of Enforcement Directorate opens up with the Sachin Gaur, Executive Editor, InnoHEALTH Magazine about his opinion on trends of cybercrime and threats in 2019.

He is a 1984 batch IPS officer and Engineer from Delhi College of Engineering (DCE) and Indian Institute of Technology (IIT), has over 34 years of experience in the investigation of corruption, terrorism, money laundering, and cyber-crime cases. He is a recipient of President’s medal for distinguished service and Police medal for meritorious service.

Q. Given your important assignments for the Government of India in the past, share with us the big picture. What are the trends you see in terms of cybercrime and threats for 2019?

The world is getting more connected and technology has seeped into every aspect of our lives. On one hand, these advancements make our lives easier and on the other bring a lot of vulnerabilities with them if security isn’t strong enough to tackle cyber criminals. Hackers today are well-educated and have the capabilities to develop new methods and tools to exploit the vulnerabilities on the computer systems and networks. Few do it for their academic interest and thrill and inform the person concerned about the vulnerabilities so that the same can be plugged. They are known as white hat hackers. While the others do it with malice and self-gain and are known as Black hat hackers.

To gain access to the computer systems, the cybercriminals and hackers will continue to deploy already existing tools (called as exploits) with enhanced capabilities. More advanced tools will be also be developed in the coming years. Some of the important ones are enumerated below:

1. Chatbots: There will be extensive use of machine learning techniques (Artificial intelligence) in the near future. A Chatbot can be injected into the important website (for example, a banking site). Chatbot in the form of a man or woman would pop up on the screen and will start interacting with the user (like what we see the google assistant doing). Then it may misdirect the customer to a nefarious link similar to an actual banking site, thereby fetching important information from the customer and compromising his banking information.

2. Bot and botnet: The hackers have been successful in remotely taking control of the hacked computer systems. Such a system is known as a bot. The hacker can remotely misuse a machine (using computing time or other resources) without the actual user being aware of it. If there is more than one compromised device, then it is called a botnet. Botnets can be put to perform some distributed function viz, crypto jacking (mining bitcoins) or distributed denial of service attack.

3. Discover and target organizations outside the firewall: Most of the commercial organizations deploy firewalls, intrusion detection systems, and intrusion protection systems; thereby making hacking difficult. But they use the third-party software, which may be having vulnerabilities. Hackers can attack the third-party systems used by commercial websites.

4. Injection Attack: Protective systems installed on computers look for malicious files to detect cyber-attack. The injection attack is filed less; the hacker directly inserts the malicious code in the memory, thereby compromising the machine, without ever dropping a file onto the infected system. One such example is British Airways site hack in 2018, resulting in identity theft of around 3,80,000 users.

5. Biometric Hacking: Cybercriminals use brute force attack, dictionary attack or social engineering, etc., to crack the passwords. Many people have shifted to biometrics. The academic research suggests that a number of officers print authentication systems could be spoofed, even highly sophisticated facial recognition system has been proven vulnerable to more advanced hacking efforts.

6. Application of artificial intelligence: Artificial intelligence techniques will be used more and more to avoid detection by intrusion detection tools. For example, Waterminer, a cryptocurrency mining tool injected as malware, stops mining when task manager or antimalware scan is run.

Also Read:
Social Isolation in a Digitally Connected World
Sweden-India Collaboration in Health Sector

7. Rouge AP(access point) and Evil Twin: Rouge AP is an access point installed on the network without the knowledge of the administrator, while the evil twin is identical network.

The above-mentioned techniques will be sharpened to attack numerous utility services (some of which are listed below) by the black hat hackers for malicious purposes:

A. Internet of things(IoT): the Considerable number of smart gadgets (such as TV, plugs, IP cameras, smartphones, tablets, network video recorders, heaters, refrigerators) are used at homes and industries. When these gadgets are connected to the Internet, they are termed as the Internet of Things. The hackers will increase their attacks on IoT using a vulnerability in cloud infrastructure and hardware to threaten the users physically or mentally.

B. Attack on identity platforms: Identity platforms offer centralized secure authentication of users, devices, and services across the IT environment. It could be a database of banks, hospitals, social media sites, etc. Identities of a large number of persons would be attempted to be stolen for extortion, impersonation or proving the inadequacy of the commercial organization in securing the important data (so as to blackmail).

C. Real world damages: There will be more and more attacks on services providing community services viz, municipality, health sector, electricity supply, water supply, and sewer systems. Besides the cybercriminals, who would use such hacking for ransom, terrorists and even nations can use it against public or adversaries.

D. Social media content compromise: There will be increased use of Botnets to compromise social media to influence public opinion.

Q. Being a healthcare publication, our readers would be interested in healthcare-specific cyber threats. What is your opinion on the health sector threats?
The health sector offers life critical services. It maintains the identity and clinical records of a large number of patients. The following factors make the health sector more vulnerable as compared to the other sectors.

IoT (Internet of Things) devices are used extensively for the treatment of the patients viz. smart continuous glucose monitoring, connected inhalers for asthma, apple watch Identity platforms offer centralized secure authentication of users, devices and services across IT environment. It could be a database of banks, hospitals, social media sites, etc. PERSONA THEME TRENDS WELL-BEING ISSUES RESEARCH NEWSCOPE app that monitors depression, etc.
The doctors and patients can connect external storage devices and even mobile phones to the hospital database system.
Third-party software and hardware are deployed which makes it vulnerable to supply chain poisoning.
Most of the services provided by the hospital are connected through the Internet or the cloud services.

Clinical data is of immense use for cybercriminals and cyber terrorists. They can use vulnerabilities in cybersecurity in the following ways:

Identity theft: Medical identity record is very useful for the cybercriminals as it can be used to impersonate people in the digital world and gain access to financial systems as well as to commit fraud by claiming treatment or insurance at the cost of insurance agencies and the patients. Therefore, this data is sold at a higher rate in the darknet as compared to identity records of other sectors.
The clinical records of the patients may sometimes contain their psychological disorders or conditions, or a person may be suffering from concealed diseases (sexually transmitted disease, etc). The hacker may make use of such information by blackmailing or harassing the patients. It would cause hardship to the patients and would put the reputation of the healthcare service provider/hospital at stake which failed to protect the patients’ identity and clinical records.
Ransomware attacks on hospitals will be on rising. The information of the patients is mostly time critical. If the cybercriminal denies the access of data to the hospital even for a short span of time, it may lead to lack of timely treatment to critical patients and therefore, hospital administration is not in a position to delay the ransom payment.
Prescription change: In India, the majority of renowned hospitals in metro cities are computerized. Doctors give online prescriptions which immediately become available to the concerned medical staff, such as a nurse who administers the drug to the patient. Cybercriminal scan tampers the prescription which may harm or even cause the death of the patient. They can cause an obstruction in the oxygen supply line or failure of electricity. They would be able to change the medical records of the patients, which will lead to wrong diagnosis and treatment. Not only cybercriminals but the terrorists can adopt the above techniques and threaten the nations or can even cause large scale fatalities.

Therefore, it becomes extremely important to adequately secure the health sector databases.

Q. The health sector has seen major attacks of ransomware; part of the equation is ‘money aka cryptocurrency’ in organized crime. How do we handle this?

Being proactive about cybersecurity is perhaps the best approach to tackle cyber-attacks. The health sector should form cybersecurity forum for cybersecurity policy formulations and mutually evaluate hospitals’ preparedness against the cyberattacks ensuring adherence to the cybersecurity policies. Additionally, each hospital network should have a dedicated team of IT security professionals to guide the management and proactively check for any cyber invasion. The IT team should ensure that the latest patches for all the devices and software are installed and there is protection from supply chain poisoning. The system should be equipped with features firewalls, Intrusion Detection System, Intrusion Protection system and processes analytical tools among others.

The blockchain techniques can also be explored for data management and the patient databases should be encrypted so that they are of no use to the hacker. Further, the hospitals must take data backup with a fast recovery plan. Regular penetration testing of the system should be done to eliminate potential vulnerabilities.

Hospitals should invest in training IT staff in cybersecurity policies and cybersecurity technologies. Regular analysis should be done of employees’ computer usage pattern so that any compromised user is effectively detected and timely removed from using the system. There should also be a secure access control preferably using biometric features.

Q. Today security has become a hot topic and world over we see that regulation is leading change and innovation! What is your vision for India in regard? What regulations will make the health sector more secure? Or we don’t need regulation?

The cybercriminals attempt to hack the computer resources of the hospitals by exploiting the vulnerabilities in the computer systems. They manipulate the stored information, steal the same or hold it for ransom. The hospital databases work on the trust reposed by patients in the hospital administration that their data will be guarded with privacy.

Cybercriminals can be prosecuted under various provisions of the Indian Information Technology Act, 2000(ITA). The IT Act creates civil liabilities for the offenses under the Act vide Sections 43 to 45, wherein an amount of compensation can be given to victims; it also creates criminal liabilities vide Sections 65 to 74 of the Act. Cybercriminals are liable to both civil and criminal liabilities.

Hospital administration is responsible for protecting the data and failure to protect can result in civil liability under Section 43A of the IT Act. However, this section can be invoked if the breached data results into wrongful loss to the victim or wrongful gain to a cybercriminal. The victim has to prove that there was a wrongful loss to him/her. The offenses by the intermediaries are criminalized under Section 67C of the IT Act. However, the same gets diluted by the provisions contained in Section 79 of the IT Act. Hence, the IT act doesn’t provide absolute data security laws.

The Government of India appointed Justice BN Srikrishna Committee for effective data protection laws in India. The committee submitted the Draft Data Protection Bill, 2018 to the government in July 2018. It will be introduced in parliament after the forthcoming elections in India. The Government of India is also planning to introduce “The Digital Information Security in Healthcare Bill” in the parliament to secure the healthcare data of patients in India.

Q. As the cyber incidents keep rising and legal regime catches up, what is your opinion on our abilities in investigating cybercrime? As you know attribution and audit trail are not the easiest in the cyber world, any advice for stakeholders so that they are not wrongly prosecuted or get justice on time?

According to Section 78 of the IT Act, 2000, a police officer of the rank of Inspector and above is authorized to investigate the offenses under the IT Act. This is to ensure the quality of the investigation. However, all Inspectors in police are not trained in cybercrime investigation. Further, complexities of computer technology, tools, and methodology used by cybercriminals make it difficult even for a trained person to keep pace with the development in this field. Police organizations don’t employ external cyber experts to aid in the investigation. Each police officer investigating the case seeks help from other expert police officers or cyber experts of his/her choice. Therefore, institutional help is lagging.

There is also the dearth of cyber experts in forensic science laboratories, resulting in delays of months and years in getting reports from them which can compromise the further evidence leading from forensic analysis of seized electronic material. During my tenure in the Enforcement Directorate, I found this delay to be of 1 to 3 years, therefore, I initiated six in-house cyber forensic labs. This led to the cyber forensic analysis done at a quicker pace also improving the quality of investigation.

The next hurdle is the global spread of evidence into other jurisdictions. A letter rogatory (letter of request) is sent to each foreign jurisdiction for getting the evidence located in that jurisdiction. The process is slow and it may take 3 to 4 years in getting a reply. If that reply further requires evidence from another foreign jurisdiction then another 3-4 years are gone. Therefore, the entire investigation is time-consuming.

The investigation becomes further complicated if Tor or onion routing is employed by cybercriminals. Finding the cybercriminal in this scenario becomes more difficult.

The IP address (internet protocol) and the time of its use, identify uniquely the source of the attack. However, the cybercriminal may commit cyberattack through Bot or botnet. In that case, the IP address will lead the investigation officer to the slave machine, even though the user of this machine would have no knowledge of the misuse of his computer resources. If the investigating officer doesn’t go into the depth of log analysis of such a system, then the innocent people might have to face false prosecution. The stakeholders should ensure all logs are maintained and stored by his computer system so that the audit trail can lead to actual perpetrator of cyber-attack.

The post Cybercrime and Threats in 2019 appeared first on InnoHEALTH magazine.

Cyber-Biosecurity: Are we ready?

InnoHEALTH Magazine — Thu, 02 Aug 2018 08:42:50 +0000

Bertrand Russell once said, ‘War doesn’t determine who is right−only who is left”, thus ‘we need to update, upgrade and be prepared for our own survival’. These words sound more relevant in the contemporary phase in the wake of fast changing global scenario and emerging inevitability for updating virtually by spilled of seconds.

Amalgamation of biotechnological and information technology advancement in the 21st century has altered our world at the fundamental level which is evident in the area of health, manufacturing, and food security. Humankind has also witnessed malicious bugs like Y2K and Wanna cry in biological and cyber field respectively. We have reached new landmarks on our understanding of how biological systems work and also discovered ways to meaningfully manipulate these systems as per our advantage/ requirement. Biotech tools, such as gene drives, can deliberately engineer inheritable genetic traits into wild populations, offering a powerful new way to escape from certain vector-borne diseases.

Gene editing tools such as CRISPR-CAS9 (Clustered Regularly Interspaced Short Palindromic Repeats associated protein-9 nuclease) are being used globally for quick and precise gene editing. Researchers like to use computers to analyze DNA, operate lab machines and store genetic information. In the health sector, the digitization of biology & metabolic engineering accelerated the development of new vaccines, drugs, and painkillers. Agriculture is becoming smarter/digitized, with farmers relying on data-driven decision acquired through sensors planted in the ground, satellites guiding tractor movements and other new practices. But these emerging capabilities come with a whole new category of vulnerabilities and risks.

Also Read: IIT Kanpur Braces Up to Prevent Cyber Attacks

Over the last five years “technological barriers to acquire and use biological weapon has been significantly eroded.” The security impact of biotech advances goes beyond bioweapon. For example, developments in metabolic pathway engineering also offer opportunities to produce illegal drugs such as heroin. Scientists have already identified how to make the active compounds in other narcotics, such as for cannabis and precursors of LSD. What if a terrorist group or a despotic regime tries to spread modified organisms aimed at striking troops, frightening civilians, or putting food production in disarray? The failed attempt of Japanese cult to obtain Ebola strains from South Africa is one such indicator.

Recently Jean and coworkers (2018) highlighted the risks of using gene sequencing technologies to corrupt the databases by altering sequences or annotations. In this article, computer scientists designed a DNA sample that when sequenced, resulted in a data file which enabled the hacker to control the sequencing computer remotely and gave access to the hacker to make changes in DNA sequences. These alterations could delay a research program causing capital, labor loss or can be used in act of terrorism for uncontrolled production of toxins or infectious agents. To mitigate these risks, the culture of the life sciences community needs to shift from trusting blindly to a highly aware and trained community. This also requires intricate relationships between the computational and experimental dimensions of product development workflows.

The diverse nature of pathogens and toxins with their potential to be used as a biowarfare agent (BW) could be attributed to multiple factors. These include infectivity (the number of organisms required to cause disease), virulence (the severity of the disease caused), transmissibility (ease of spreading from person to person), and incubation period (the time from exposure of a biological agent to the onset of illness). All these attributes are manageable by modern biotechnology and information related to such experimentation trials is key to any covert attack using these for BW.

Similarly, in the cyber world, there is a diversity of malicious codes. These include viruses (programs that replicate in target machinery); worms (self-sustaining programs) and carriers such as a trojan horse to perform a legitimate function with malicious activity. Additionally, Botnets, or networks of computers infected with malicious code, can be coordinated to perform distributed denial of service attacks. For biological weapons, delivery vehicles range from advanced aerial spray technology to contamination of food products or water, while malicious code in cyberspace can be delivered by usage portals, email, web browsers, chat clients, web-enabled applications, and updates. The cyber threat has expanded dramatically in recent years with a series of damage. Terrorists are using cyber capabilities over traditional methods to target 104 countries including India.

Also Read: Time To Take Some Intelligent Decisions

Governments and security experts have singled out the life sciences sector as being significantly vulnerable to cybercrime. In cybersecurity terms, innovation is fast 50 Volume 3 | Issue 3 | July-September 2018 becoming a double-edged sword for life sciences clients. Recently FireEye disclosed the threat posed by two Advance Persistent Threat (APT) groups which gained access to the environment of a leading pharmaceutical company for up to three years prior to detection. They stole IP and business data from the victim, information on bio cultures, products, cost reports, and other details pertaining to the company’s operations abroad. There is nothing more important to a pharmaceutical organization than the formula for one of its new drugs.

For cyber biosecurity, employee training should be given priority. It can greatly increase an organization’s general awareness of these new risks. Similar to biosafety training, cybersecurity training modules and policies should be introduced. Secondly, organizations should perform a thorough analysis of its exposure to cyber biosecurity risks not covered by existing biosafety and biosecurity policies.

Training exercises based on this type of analysis will encourage participants to review their workflows and identify their vulnerabilities. It is high time now to evolve a policy framework to detect and prevent security threats that may compromise life sciences assets. It includes guidelines on synthetic DNA targeted companies that provide DNA synthesis services to monitor research focus and relates features.

Bioinformatics software is still not hardened against attack. Encouragement of widespread adoption of standard software best security practices like input sanitization, the use of memory safe languages or bounds checking at buffers, and regular security audits is necessary. Patching still remains challenging as the analysis software are often located in individually managed repositories and not regularly updated. One solution is to use a centralized repository to manage updates and deliver patches, similar to the APT package manager.

These could also be signed to ensure their authenticity. In the case of file sharing, the sequencing files themselves could be signed by verified research groups before uploading them to centralized databases. This is just the glimpse of the long list of strategies that need immediate deployment, continuous review, and improvement with time.

The post Cyber-Biosecurity: Are we ready? appeared first on InnoHEALTH magazine.

TIME TO TAKE SOME INTELLIGENT DECISIONS

InnoHEALTH Magazine — Tue, 28 Nov 2017 10:34:57 +0000

[vc_single_image image=”2799″ alignment=”center” onclick=”link_image”]

The author Mikko Kotila has 12 years of continuous research and development in machine intelligence, and is the core developer of Autonomio, the first rapid machine intelligence prototyping platform for non-programmers. Mikko is the principal of Botlab, a nonprofit foundation focused on long-term thinking on machine intelligence, and decentralization, and a co-founder of Autom8, one of the world’s first deep learning focused startup foundries.

A new paradigm for use of machine intelligence in healthcare

Many national economies are on the brink of collapse under the burden of state-supported health insurance programs. For example in the US, a country that does not provide universal healthcare, the national debt is expected to double as a result of healthcare related liabilities over the next three decades. There is an even greater price to pay for the inefficiencies found in healthcare systems. When already overburdened systems are pushed to their limits, healthcare professionals are forced to make bad decisions.

In a startling example, during Hurricane Katrina, doctors and nurses at New Orleans’ Memorial Hospital found themselves incapable of making even simple decisions. In her Pulitzer Prize-winning coverage, Sheri Fink reported how patients deemed the least likely to survive, were injected with a lethal combination of drugs — even as the evacuation was already on its way.

This chilling anecdote sheds light on a greater problem underpinning many of the biggest threats hurting human society and the eco-system of our planet.

We humans are not equipped for making good decisions under stress. Positive outcomes across a multitude of fields, including healthcare, largely depend on the ability to make good decisions under unpredictable and stress inducing conditions. We, humans, are not only bad at making decisions under pressure but are poorly equipped for making any rational decisions at all.

Daniel Kahneman, in his Nobel Prize winning work on decision making, explains how after years of deliberation leading to a single decision, the person making the decision might still completely ignore the entire process of deliberation and instead make a decision driven by emotions in a whim of the moment.

An Age of Automated Decision Making

As the information age is about the focus on automating processes related to access to information, the next age, the age of “decisioning”, will focus on automation of processes related to decision making. Whereas humans are excellent in pattern detection and pattern making, an essential requirement for creating intelligent computer systems, computers are strong in making decisions where processing of facts is of vital importance. This almost magical ability of computing systems to process information includes the capability to identify and utilize extremely subtle connections between otherwise seemingly disconnected pieces of information, a feat us humans could never do on our own with the kind of precision and scale even a simple computer system can. In no other field, rational decisions are of such vital importance as in healthcare.

Not only healthcare is the most significant economic liability for many nations, but it is also the only field of practice affecting people’s everyday lives that can be considered truly as “life and death” matter. It is, therefore, the area where the human society most desperately needs help.

[vc_single_image image=”2800″ img_size=”medium” alignment=”center” onclick=”link_image”]

Computer-aided decision systems can be categorized into three evolutionary stages, each with a corresponding quality of results, and the requirement for a level of human involvement.

Whereas up until a few years ago, most systems were still ‘descriptive’ with some examples of ‘predictive’ decision- making support systems, in the last two years the developments in the field of machine intelligence have for the first time made the dream of prescriptive expert systems realistic. Recent advancements in both open source software and commercial hardware have paved the way for rapid prototyping of ideas that promise to revolutionize the way decisions are made across a multitude of fields, including healthcare.

Examples of these advancements include deep learning platforms such as Google’s TensorFlow and Keras, unstructured data processing innovations such as word vectorization, and Nvidia’s data processing focused GPU product-line.

Regardless of the tremendous promise and the recent hype surrounding machine intelligence, some significant concerns remain without any serious attention. While machine intelligence innovators would like to focus on showcasing “what’s possible,” before introducing new ideas and processes into the healthcare apparatus, it is far more important to ask “what could go wrong”.

Morality and Healthcare Algorithms

Every machine intelligence solution can be reduced into two aspects; the data inputs available for the solution, and the means by which the solution process those inputs. These two act as the causes for the result the system provides. Algorithms underpin every decision a computer system makes, regardless of the kind of system it is. The unique feature in this regard, of modern machine intelligence systems, such as those based on neural networks and the deep learning method, is that humans cannot audit them. It is for this reason that we can get surprising results us humans could not arrive at without working with machine intelligence, and it is important to understand that surprising results may also be negative results. In many cases, adverse results in the healthcare context arise from causes that were set years or even decades before, and as of today, it is virtually impossible to establish true causality in such cases. This means that it would be almost impossible to know if a given machine intelligence solution is contributing positively in the long term or just driving shortterm efficiency. This will hold true at least for the next 100 years, or as long as it takes to understand causality in results that take decades to mature.

When in the 1980’s game theory-based principles were widely introduced in the western healthcare context, nobody predicted the consequences. For example, while nurses and doctors were incentivized to meet certain productivity quotas such as the number of days spent in the ICU, mortality rates of patients skyrocketed as a result of ICU beds being more available. In effect, a quota scheme is an example of a simple algorithm and can be used to highlight the danger that comes with introducing machine intelligence into healthcare.

This applies in particular in countries with universal healthcare and poorly performing national economy. Under such conditions, humans that make the decisions about the use of machine intelligence in the national healthcare system, are under tremendous stress. Not only their decisions affect individual patients’ lives but also have the potential for changing the destiny of an entire nation. It is very hard to see how under such conditions, non-experts, being bombarded with endless hype by self-proclaimed machine intelligence experts, would be able to make the right decisions.

In fact, government officials, healthcare professionals, nor computer and data scientists, are formally trained in morality and often lack even the most basic understanding of ontology, epistemology, and formal logic. The three legs of the stool on which rational decisions sit. As a result, as we have seen through examples in financial markets, online advertising, and other early embracers of algorithmic decision making, we end up with so-called greedy algorithms that optimize towards a given end ruthlessly without caring about anything else.

Unlike healthcare professionals, these algorithms are not afraid of losing their livelihood and reputation as a result of making the wrong decision that ends up hurting people.

While a healthcare facility or a professional working in one, could be sued for damages, in the case of machine intelligence systems, liabilities in the healthcare context have so far not been defined.

Security in Healthcare Systems

In the light of the recent events regarding ransomware, and the rapid growth in its popularity as a cybercrime tool, it does not seem too far-fetched that in the near-future entire hospitals will be targeted and held for ransom. Indeed many hospitals had already become victims of ransomware as a consequence of passive global or national attacks. In the recent WannaCrypt ransomware attack individual medical devices were rendered temporarily useless after being infected.

Siemens released multiple warnings about its healthcare devices being possibly vulnerable to WannaCrypt. Beau Woods, deputy director of Cyber Statecraft Initiative at the Atlantic Council said that it was likely that many important medical devices such as MRIs and other crucial computer-aided systems were rendered temporarily useless by the attack.

These examples show how healthcare organizations and their technology partners are currently incapable of securing important systems. Whereas in the human operated healthcare apparatus, the devastation is so easy to create, in a highly automated machine intelligence based healthcare apparatus, the problem would be significantly amplified.

Here too, regarding security and healthcare systems, we have to seriously consider the implications of the machine intelligence ideas that are adopted today, regarding the threat landscape over the next few decades.

For example, current cryptographic methods are all based on so-called key exchange cryptography. Any sudden improvement in computation power, for instance in the form of quantum computing becoming practical, will lead to an immediate collapse of the key exchange based security paradigm. In a machine intelligence dominated healthcare apparatus, collapse of the key exchange based security paradigm has the potential for leading to the greatest human travesty in the history of the world. In the absence of serious discussion about such longer-term threats, it will not be possible to make the right decisions regarding decision-making automation and wider adoption of machine intelligence based expert systems in healthcare.

The Importance of Human Touch

Sometime in the distant future, we may be able to completely automate certain key aspects of healthcare, such as triage management. Even then it is of significant importance to not lose sight of the essence of healthcare; taking care of people. Taking care of people is one part taking care of their physical body, and one part taking care of their feelings.

In a completely machine intelligence and robotics based triage management approach it would be hard for patients to feel that they are being taken care of in the way they feel when an actual doctor is treating them.

On the other hand, in a very short period of time, the doctors would lose their ability to deal with the basic day-to-day taking care of patients that still today keep them overworked.

Because algorithms don’t feel anything, for example, empathy, it is also likely that as specialist doctors increasingly get their inputs from those algorithms, they become further distanced from the human aspect that some argue is necessary for healing practice. In this light, perhaps it’s more reasonable for the allopathic medicine to seek intelligence from its eastern counterparts such as TCM, TTM, and Ayurveda, as opposed to seeking it from machines. Machines that ultimate base their decisions on the combination of the information they are receiving and the algorithms that process the information. Both the information and the algorithms being a product of, and therefore limited by, the people who produce them.

Combining the instruments and other marvels of the western symptomatic healthcare approach with the more holistic but in some cases inferior Eastern practices, have the potential for driving significant change within the healthcare system as we know it today.

In terms of specific machine intelligence implementations, as the point-of-view presented in this article clearly shows, the focus should be on long-term macro effects of such implementations, as opposed to focusing on short-term and micro context.

Perhaps in a future world where the western and eastern medicinal practices are better integrated and institutionalized into a new era of taking care of patients, we will be better equipped to handle the challenges that come with machine intelligence focused healthcare.

Want to write for InnoHEALTH? send us your article at magazine@innovatiocuris.com

Read all the issues of InnoHEALTH magazine:
InnoHEALTH Volume 1 Issue 1 (July to September 2016) – https://goo.gl/iWAwN2
InnoHEALTH Volume 1 Issue 2 (October to December 2016) – https://goo.gl/4GGMJz
InnoHEALTH Volume 2 Issue 1 (January to March 2017) – https://goo.gl/DEyKnw
InnoHEALTH Volume 2 Issue 2 (April to June 2017) – https://goo.gl/Nv3eev
InnoHEALTH Volume 2 Issue 3 (July to September 2017) – https://goo.gl/MCVjd6
InnoHEALTH Volume 2 Issue 4 (October to December 2017) – http://amzn.to/2B2UMLw

Connect with InnovatioCuris on:
Facebook: https://www.facebook.com/innovatiocuris
Twitter: https://twitter.com/innovatiocuris
LinkedIn: https://www.linkedin.com/groups/7043791
Stay updated about IC, visit: www.innovatiocuris.com

The post TIME TO TAKE SOME INTELLIGENT DECISIONS appeared first on InnoHEALTH magazine.