Healthcare Military war-gaming

The same strategies used by the U.S. military can be tuned to help healthcare executives stay nimble and prepared for real threats.

Hospitals are facing attacks from every angle, whether it be their domain name system or the connected medical devices keeping their patients alive. Compounding this issue is the fact that few specific healthcare guidelines for training and readiness exist beyond compliance checklists. Even the 2017 report from the Health Care Industry Cybersecurity Task Force stated that the NIST frameworks do not offer enough guidance specific to the healthcare industry.

Read also:
Military War-Games: The New Healthcare Vulnerability Tests
Improving Cybersecurity in the Health Care Industry Public Health Emergency
How to use war games as a strategic tool in health care

Continue reading

Transformation Twenty-one Total Technology Next-Generation (T4NG): up to $22.3 billion over 10 years for Health IT


credits: NGConn

credits: NGConn

Northrop Grumman Corporation is part of a team that has been awarded a contract to provide information technology services for the Department of Veterans Affairs (VA). Northrop Grumman is in an exclusive partnership as a subcontractor to Liberty IT Solutions under the VA Transformation Twenty-one Total Technology Next-Generation (T4NG) contract. This multi-vendor indefinite-delivery, indefinite-quantity contract has a potential value of $22.3 billion over 10 years – a five-year base with a five-year option period. Continue reading

ISSMM-Delta Discussion Day at the Rome TorVergata University

ISSMM LogoAs part of the Academic Path of the II Level International Master ISSMM, whose contents and whose purposes are available online on the website ISSMM – University Tor Vergata (here), in addition to course lectures, the Governing Council has designed and organized various other events such as Conference, Seminars, Workshops, Study Days, taught by recognized High Professionalism and Experience Speakers and sometimes in synergy with Organizations / Research centers, public-private, civil-military institutions to pursue the objectives of Excellence of said Master. (see video)

International University Master – II level – ISSMM-Delta

Continue reading

Symantec annual CyberWar Games

CyberWar medicineThe scenario: A hospital is conducting a clinical trial of a new drug. The attacker does not want that drug to go to market. In order to thwart the drug’s success, the attacker must sabotage data being collected from patients in the trial so the FDA will not approve it.

There’s no better way to learn something than by doing. With this in mind, Symantec created CyberWar Games, an innovative approach to understanding the cyber threats our customers face every day by giving employees the opportunity to walk in the shoes of the attacker. CyberWar Games allows employees to better understand an attacker’s motives, tactics, techniques, and goals from the hacker’s point of view. Similarly, when a pilot goes through the process to obtain a pilot’s license, they don’t just read a few books, hop into a cockpit and fly the next red eye off of the runway. Instead, they’re trained in classes and spend hours upon hours in simulations before even touching the controls of a real plane. In the same fashion that pilots are trained, we are training our employees to become stronger experts in cyber security.

Last test was rough for County West General Hospital. Its IT staff noticed almost immediately that the kickoff off round of FDA testing for a new drug from Bromley Weyland Pharmaceuticals appeared to be compromised. Patients in the study saw their monitor readings run the gambit of extremes. Worse, patient data was being changed as the worried IT staff monitored the critical situation. Someone had hacked into the hospital network and early indications were it was an inside job. Fortunately, it was just a simulation at a fictional healthcare facility and the ten teams hacking into the live network were all Symantec employees who had won the right to be a part of the company’s three-day 2015 CyberWar Games held in Mountain View, CA.

Many businesses and government-related organizations enlist ethical hackers, or experts who systematically penetrate a computer system or network on behalf of its owners in order to discover its vulnerabilities.

Employees learn how an attacker can exploit networks, applications, products, and solutions, and why they might be motivated to do so. In this year’s simulation, maybe the attacker was a disgruntled employee of the pharmaceutical company conducting the clinical trial, or an employee of a rival company that would prefer its version of the drug go to market first.
This role-reversal changes the way employees think about emerging threats and cyber-criminal tactics.

“This is helping us provide quicker, more contextual input into attacks for our customers,” said Samir Kapuria, General Manager, Cyber Security Services at Symantec.

AAMI Supports Interoperability Efforts With Sponsorship of IHE

The Association for the Advancement of Medical Instrumentation (AAMI) has become a major new sponsor of the Integrating the Healthcare Enterprise (IHE) Patient Care Devices (PCD) domain, an initiative by healthcare professionals and industry to improve interoperability in healthcare.
“Interoperability and device integration is one of the biggest issues our members are facing now,” says AAMI President Mary Logan. “By participating in the IHE, we can help to shape interoperable products and solutions that will benefit our members.”
Promoted by the Obama administration, interoperability—the ability of medical systems, including devices, to work together and share information—and the growth of health information technology in general are increasingly bigger priorities for healthcare facilities.
“AAMI, as the foremost organization of point-of-care device manufacturers and users, is in the best position to educate these parties about the needs, processes, and benefits of interoperable communications,” says Manny Furst, the technical project manager for the IHE PCD.
Because the time it takes to bring regulated devices to market can be lengthy, AAMI can help the IHE “recruit manufacturers and users for PCD working groups to set priorities and speed the development of technical documents and frameworks,” Furst says.
In its role in the IHE, AAMI will educate vendors and their customers about forthcoming changes in the interoperability market, advocate certain solutions, and provide support for IHE committees and working groups.
AAMI’s participation in IHE can also help members comply with U.S. Food and Drug Administration requirements, including the new medical device data system rule, which is related to PCD’s efforts.
The IHE creates interoperability profiles, which are standards-based technical documents that make possible communication of physiologic and operations data from devices to the electronic medical record (EMR), including the interoperable communication of alarms and events. Plans include sending a variety of device data sent to CMMS systems as well.
Various groups called domains create the profiles—the technical requirements based upon existing standards. The PCD domain develops profiles where at least one is a patient-centric regulated device.
Engineers then gather at IHE “connectathons” to test the interoperability of the devices/systems and technical frameworks in prototype or marketed products.
The IHE-PCD is also sponsored by the Healthcare Information and Management Systems Society (HIMSS), which provides financial and administrative support for the IHE PCD, and the American College of Clinical Engineering (ACCE).
HIMSS is pleased to “welcome AAMI as a co-sponsor of the IHE PCD domain,” says Joyce Sensmeier, MS, vice president of informatics at HIMSS. “The leadership that AAMI brings to the discussion will help break through existing barriers to device interoperability that would not previously have been possible. We look forward to working with AAMI to explore new avenues for advancing interoperable solutions for patient care devices as they connect to electronic health record systems.”
Source: Association for the Advancement of Medical Instrumentation – Founded in 1967, the Association for the Advancement of Medical Instrumentation (AAMI) is a nonprofit organization representing a unique alliance of over 6,000 members from around the world united by one mission to increase the understanding and beneficial use of medical instrumentation through effective standards and educational programs, and publications.

NATO Coalition Warrior Interoperability Event Held In Poland For First Time

For the first time in its history, the NATO Coalition Warrior Interoperability exploration, experimentation and examination exercise (CWIX) was held at the Joint Forces Training Centre (JFTC) in Bydgoszcz, Poland from 30 May to 16 June 2011.
CWIX 2011 is the largest event JFTC has hosted to date and the intense coordination between the ACT CWIX Team, JFTC, the local NCSA team and Host Nation Poland led to a flawless execution.

During the execution period, about 900 participants representing seventeen NATO nations, three Partnership for Peace Nations, one contact nation, seven NATO Agencies and one Centre of Excellence (CoE) worked on improving the interoperability of NATO and National Command AND Control (C2) Systems. During peak days, about 650 people were present at JFTC to participate in or observe interoperability testing.
NATO CWIX 2011 attracted 104 C2 systems (an increase from 96 systems in 2010) and conducted 4316 tests over a two week period. The Coalition Information Assurance Team (CIAT) noted that there were more than 900 network hosts on the exercise network.

NATO CWIX broke ground in several areas this year. A few accomplishments in these areas are mentioned below:

  • Afghan Mission Network (AMN) related testing: One of the current AMN testing objectives is to make it possible for forces in Afghanistan to plan and do the targeting of missions without delays caused by manual transfer of data between systems. While further testing is still required, NATO CWIX successfully demonstrated that it is technically possible to exchange data between complex systems and disparate databases. The Joint Fires Focus Area significantly improved the capability to automate the one-way exchange of target data from USA systems to NATO systems. In addition to targeting, 23 AMN-related systems were tested for battle space management interoperability. All of the results will be forwarded to the appropriate working group in order to be certified and validated.
  • Cross Component Interactions: For the first time Cross Component interactions (e.g. Air Task Orders, Close Air Support etc.) were conducted to avoid the traditional Air/Land/Maritime stove piped focus.
  • Geospatial: NATO CWIX Geospatial testing continues to expand. The goal for this year was to have a single source location for all geospatial data using an enterprise service bus. This capability allows all users to access all geospatial data without having to query different national systems. This capability proved to be a big success and it showed that technically this can be done.
  • Logistics / Movement & Transportation (M&T) / Medical: For the first time, Logistics, M&T and Medical interoperability was tested at NATO CWIX from an Information/data exchange point of view. HQ SACT sponsored the involvement of NC3A developed logistics and medical prototype software tools and their availability acted as a hub around Nations and NATO could construct test cases for the exchange of data. At CIWC 2011 it was proven that automatic data transfer from 3 National Systems to the NATO Operational Logistic Chain Management prototype and then to the Joint Common Operational Picture was possible.

    NATO CWIX is crucial for NATO and Nations to test systems before deploying them in real operations and to get ready for NRF certification


Unified Military Medical Command could save $460m a year

The Defense Department could save as much as $460 million a year by consolidating its fragmented military health system into a single joint medical command, a new government report says.

That idea is No. 2 on a list of 34 recommendations for eliminating duplicative functions and saving money across the federal government, compiled by the Government Accountability Office in a report released Tuesday.

If the idea to streamline the military health system sounds familiar, that’s because it is: Since the 1940s, at least 15 studies have addressed the structure of the military health care system, and all but three favored a unified system or at least a stronger central authority to improve management and coordination among the services. The most recent study was done in 2005 by the GAO itself.

But calls for a joint medical command have never gone anywhere because whenever the proposal surfaces, the individual services put up strong resistance.

In its new report, the GAO said the basic concept remains sound and has gained new importance in light of the deepening federal budget crisis and the military medical system’s soaring costs, which have shot up from $19 billion a decade ago to more than $50 billion today.

The GAO noted that the military health system — serving 9.6 million beneficiaries through more than 130,000 military and government medical professionals, a large network of private health care providers, 59 military hospitals, and hundreds of clinics worldwide — has multiple, and often overlapping, layers of authority.

Those layers start with the Office of the Assistant Secretary of Defense for Health Affairs. Then the Army, Navy and Air Force each has its own medical headquarters and associated support functions, such as information technology, human capital management, financial activities, and contracting. Each branch also has its own surgeon general to oversee deployable medical forces and operate its own health care systems.

“The responsibilities and authorities for DoD’s military health system are distributed among several organizations … with no central command authority or single entity accountable for minimizing costs and achieving efficiencies,” the GAO said.

The GAO noted that in the wake of its 2005 report, the Pentagon formed a working group to examine “several reorganization alternatives.” A year later, the group outlined three possible options: establish a unified medical command similar to DoD’s unified transportation command; establish two separate commands — one to provide operational and deployable medicine and another to provide beneficiary care through military hospitals and contracted providers; or designate one of the military services to provide all health care services across the force.

The effort stalled “because of an inability to obtain a consensus among the services on which alternative to implement,” the new GAO report said.

Instead, top Pentagon personnel and health care officials opted for a different approach that involved “seven smaller-scale, incremental reorganization efforts” designed to minimize duplicative layers of command and control; reduce redundancies in personnel and expenses; and squeeze efficiencies from combining common service support functions within each service, such as finance, information management and technology, human capital management, support, and logistics.

But the concept left the existing command structures of the three services’ medical departments over all military treatment facilities essentially unchanged — and five years later, the DoD officials have made only fitful progress in implementing four of the seven incremental steps approved in 2006, and have offered no guidance on “how and when to accomplish the three remaining steps,” the GAO said.

Had DoD and the services chosen to move forward on one of the three other alternatives studied by the working group in 2006, the GAO report said, projected savings would have ranged from $281 million to $460 million annually, “depending on the alternative chosen and numbers of military, civilian, and contractor positions eliminated.”

A number of the other 33 recommendations in the report touched on other possible redundancies:

  • Urgent warfighter needs. The GAO said there are opportunities to consolidate and make more efficient the processes that the Pentagon has put in place to rapidly develop, modify and field new urgent capabilities for field forces in Iraq and Afghanistan, such as intelligence, surveillance, and reconnaissance technology, and systems to counter improvised explosive devices. GAO identified at least 31 entities that play a role in DoD’s urgent needs processes, which have consumed about $77 billion since 2005.
  • Counter-IED efforts. The Pentagon created the Joint Improvised Explosive Defeat Organization in 2006 to lead and coordinate all military counter-IED efforts. But the GAO said many of the organizations engaged in the counter-IED effort prior to JIEDDO’s creation have continued to develop, maintain, and expand their own IED-defeat capabilities. Some of these entities have operated independently “and may have developed duplicate capabilities,” the GAO said.
  • Intelligence, surveillance and reconnaissance. No single entity at the DoD level has responsibility, authority, and control over resources to meet joint priority requirements in the ISR realm that has been critical to counterinsurgency efforts in Iraq and Afghanistan, the GAO said. The ISR community has “extensive, structural fragmentation,” with numerous separate organizations sharing the same roles. Further clouding the picture is the fact that ISR funding comes from a variety of sources, some of which are classified.
  • Tactical wheeled vehicles. The Pentagon lacks a coherent, unified strategy for developing and purchasing tactical wheeled vehicles that transport people, weapons and cargo, the GAO said, noting that “DoD could save both acquisition and support costs through a departmentwide tactical wheeled vehicle strategy that considers costs and benefits of the Joint Light Tactical Vehicle compared to other tactical wheeled vehicle options.”
  • Prepositioned equipment. The Defense Department prepositions equipment and supplies worth billions of dollars, including major items such as combat vehicles, rations, medical supplies, and repair parts, at strategic locations around the world, both afloat and ashore to quickly support combat-ready forces. “Although the services are expected to operate in a joint environment, some prepositioning activities are fragmented among the services, with the potential for unnecessary duplication,” the GAO report said.
  • • Business systems. The Defense Department’s business systems, which cost $10 billion a year, have “little standardization, multiple systems performing the same tasks, the same data stored in multiple systems, and manual data entry into multiple systems,” the GAO said.
  • By Chuck Vinch – Staff writer

Data Security and Interoperability Are Key to Transforming U.S. Health Care System

The lack of common interoperability standards and inconsistent approaches to security, privacy and trust are perpetuating an antiquated U.S. health care delivery system that has been largely unable to benefit from the widespread adoption of IT, according to Verizon’s top security and health care executive.
The executive, Dr. Peter Tippett, vice president of security and industry solutions for Verizon, called for the development of “simple, common-sense approaches to data security and interoperability” to help expand access to quality care, control costs and improve patient outcomes. He spoke at the 2011 Health Information Management Systems Society annual conference.
In a “Views from the Top” address titled “Prescription for Health IT: What’s Holding Us Back,” Tippett said: “The U.S. health care system is the envy of many countries around the world. However, there is much that needs to be done to bring the industry into the 21st century. Working together to tackle acknowledged industrywide challenges, we can foster an environment of change and through the pragmatic use of IT create a stronger and more viable health care system.”
Tippett outlined four key areas that he said will serve as the foundation for the future transformation of the health care system. The areas are:

  • Built-in Security – The ability to share information in a secure and trusted manner is a vital cornerstone in health care. To be effective, security compliance programs should be intuitive, easy-to-use and uniform across the industry.
  • Support for Structured and Unstructured Data – Due to a lack of common standards for its use and storage, data often remains in separate files rather than being combined to provide a holistic patient view. By redoubling efforts to tackle this issue, health care data can be easily shared among providers to help reduce medical errors and enable informatics and analytics to help improve treatment plans and patient outcomes.
  • High-IQ Networks – Pervasive and interconnected IP and wireless networks are the essential platforms to connect providers to foster innovation. Secure, high-performance networks will serve as the underlying foundational platforms to help drive productivity and efficiency enhancements.
  • Simplification – The U.S. health care system is diverse, ranging from large urban providers with thousands of physicians to small rural practices. Solutions must be affordable, consistent and, ultimately, simple. Leveraging current systems and data is an important first step and is essential for promoting usability and driving benefits to provide a solid foundation for future enhancements.

source: Verizon Connected Healthcare Solutions