Predictive analytics & IoT in Healthcare

A Computerized Tomography (CT) scanner uses ionizing radiation in small doses to produce a diagnostic image – a cross sectional image of the human body. Increase the radiation dose above the minimum required level and you risk causing cancer in the patient. How do you find that right balance of minimum dose and optimal diagnostic image?

Consider how one CT scanner maker GE achieves this balance – Each GE CT scanner is connected to a web based tool called GE Dosewatch™ which gives hospitals a web-based radiation dose monitoring system that tracks a patient’s exposure to radiation from imaging devices. This means clinicians can reduce the cumulative radiation dose produced by a series of imaging procedures, while still delivering the image quality needed to diagnose and treat cancer. DoseWatch uses GE Predix™ (GE’s software platform for the industrial internet) which in turn bundles Pivotal software. Gazzang provides encryption and key management for the Pivotal app that is embedded within GE Predix.  You may wonder how secure wireless communications is achieved for such a solution? GE partners with AT&T and Verizon who aim to deliver a global SIM for secure machine-to-machine communications.

Meanwhile GE’s competitors namely Siemens and Toshiba are not sitting idle.  While GE partners with Pivotal, Siemens partners with Teradata and is deploying Teradata Unified Data Architecture (data warehouse appliance, discovery platform, Hadoop appliance) for a big data lake. Siemens also partners with SAP to use the HANA Cloud Platform (HCP) as the basis of its own cloud to derive insights from IoT machine data. Siemens has its own deviceWISE IOT Cloud software which appears to be their answer to GE’s Predix. Siemens has also invested in CyberFlow Analytics to secure the IoT.   Not to be outdone Toshiba has partnered with Microsoft so consumers with sensor-enabled Toshiba devices can access predictive analytics over Microsoft Azure IoT cloud infrastructure.  This intersection of healthcare, IoT, big data and predictive analytics is just a scratch on the surface of what is to come in the years ahead.

 

Cyber-security for IoT in Healthcare

Cisco Systems predicts that 50 billion devices will be connected to the internet by the year 2020.  While the actual number is debatable it is a fact that today billions of devices are generating a cacophony of sensor data.  In the field of consumer healthcare, consider the Fitbit which monitors heart rates and sleep patterns.  It collects PIA information – names, email addresses, phone numbers, payment account info, height, weight and other biometric information and sends out location data 24×7 using Bluetooth technology.  Since most of the user data is sent over HTTP protocols, it is susceptible to hacking as explained here.  Fitbit relies on 3^rd parties to protect this consumer data and since the data it collects is not officially termed as Personal Health Information (PHI), it is not bound by government regulations like HIPAA.  The same is true for products like NikeFuel.

Assume you are looking at the other end of the spectrum, an invalid patient confined to his/her home and using a programmable thermostat like NEST.  It has been proven that NEST can be hacked.  In principle a cyber-attacker could subject the patient to extremes of heat and cold using their own home’s heating/cooling system!   Granted you need physical access to the NEST device – but this can be easily obtained by contractors, painters, cleaning crew!

Consider devices like insulin pumps and continuous glucose monitors.  These can be hacked by cyber-attackers who could potentially release an excess dose of insulin causing a severe drop in blood sugar levels resulting in the patient being rendered unconscious.

Security concerns are not limited to wearable devices and devices implanted in the patient’s body as a cardiac defibrillator at a place of work could be hacked to deliver excessively high levels of shock resulting in death.

Why is healthcare more susceptible to cyber-attack?  One reason is that unlike credit card hacks which can be spotted almost instantaneously by sophisticated fraud detection algorithms used by the major credit card vendors like Visa, Amex and Mastercard, health care related hacks could go undetected for a long time.  This gives the cyber criminals the luxury of doing harm or selling patient information on the black market without having to watch their backs.

What are healthcare companies doing to address this?  GE acquired Wurldtech to enhance cybersecurity for its devices deploying sensors.  While Wurldtech has focused on protecting Supervisory Control & Data Acquisition (SCADA) systems – which are IT systems used to manage power plants and refineries, the same technology could be re-purposed to protect GE wearable devices from cyber-attacks.   GE’s competitor Siemens has invested in cyber-security startups like CyActive and CounterTack.  Outside healthcare GE has a range of businesses whose products rely on sensors for their reliable operation:  air craft engines, gas turbines, locomotives. Hence GE purchased a 10% stake in Platform-as-a-Service (PaaS) vendor Pivotal and developed its own Predix software (essentially an operating system for industrial equipment) and plans to run Predix over Pivotal’ data lake. The goal is to derive insights which can predict and prevent problems before they occur.  While the big vendors like GE and Siemens are taking the right measures, the plethora of emerging wearable device makers must follow their lead or risk putting them and us at considerable risk in the years to come.