Cloud-based office solutions under increasing attack – Beazley Breach Insights

Beazley breach insights – April 2018 Cloud based office solutions under increasing attack

Specialist insurer Beazley has reported that the number of business email compromises is accelerating, particularly for those organizations using Office 365, the popular cloud-based solution for Office applications and other Microsoft productivity services. These hack and malware breaches accounted for 13% of incidents reported to its Beazley Breach Response (BBR) Services team during the first quarter 2018. The three sectors most affected were financial services, healthcare and professional services.

In BBR Services’ experience, these incidents are usually caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey. After clicking on the link, the employee is redirected to a legitimate-looking website and asked for email credentials. The hacker then harvests those credentials and logs into the mailbox undetected.

In general, email compromises are on the rise because they are relatively easy to carry out and threat actors are able to use the email accounts for a variety of purposes. Once in the mailbox, the attacker may run searches to steal personally identifiable information. The attacker may also steal bank information to send emails requesting fraudulent wire transfers. Additionally, attackers frequently search the inbox to determine what HR and benefits self-service portal the employer uses, and then requests a password reset for the user in that system. Once in the self-service portal, the attacker redirects the employee’s paycheck to one of their accounts. Finally, the attacker often sends spam emails to all of the user’s contacts in an attempt to get others to give up their credentials as well.

Katherine Keefe, global head of Beazley Breach Response Services, said: “The number of compromised email accounts is accelerating but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organizations to secure their lines of defense.”

A large majority of breaches that the BBR Services team has worked on have involved Office 365. The default settings on Office 365 do not typically include the logging necessary to rule out a compromise of all emails in an inbox. Fortunately, BBR Services has identified several forensic partners that have created a tool to gain access to additional logs through Microsoft. With this additional insight, the number of affected individuals often drops, along with forensic and notification costs. Organizations can protect themselves against these attacks by doing the following:

  • Require two-factor authentication for access to Office 365.
  • Microsoft provides a tool called Secure Score that can be used by anyone who has administrative privileges for an Office 365 subscription. It assists not just in analyzing, but also with implementing best practices regarding their Office 365 security.
  • Enforce strong password policies. Educate employees about the risks of recycling passwords for different applications.
  • Alert employees who have access to accounts payable systems or wire transfer payments about these types of scams.
  • Train all employees to beware of phishing attempts.
  • If you use cloud-based platforms, investigate what logging is available and make sure it is enabled. For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration. In Office 365, you must turn on audit logging in the Security & Compliance Center.
  • Work with your cloud provider’s technical team to determine what activities are logged and ensure you have the visibility you need, for the monitoring period you need.
Higher Education Incidents, Q4 2017

The top two causes of data breaches reported to BBR Services in Q1 2018 were hack or malware (42%) and accidental disclosure (20%), consistent with incidents reported in Q4 2017. Social engineering and disclosure by insiders were the next highest cause of incident, each at 9%.

Higher Education Incidents, Q1 2018

Hacking and malware incidents were up from Q4 2017 to 47% of the total number of incidents for higher education establishments. Also compared to Q4 2017, accidental disclosure recorded a 5 percentage point drop to 20% while social engineering plateaued at 9%.

Financial Services Incidents, Q1 2018

Over half (55%) of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to the 53% recorded in Q4 2017. The number of social engineering incidents, which accounted for one in five breaches (20%) in Q4 2017, almost halved to 12% of the total in the quarter.

Healthcare Incidents, Q1 2018

Accidental disclosure (29%) and hacking or malware (29%) endured as the most frequent causes of data breach in the healthcare sector in Q1 2018, at a combined 58% of the total. A slight reduction in the number of breaches caused by insiders from 19% in Q4 2017 to 15% in Q1 2018 is to be welcomed.

Professional Services Incidents, Q1 2018

There were two striking features of data breaches reported by professional services firms to BBR Services between Q4 2017 and Q1 2018: the number of breaches due to the loss of portable devices and due to accidental disclosure both doubled, while the number of social engineering incidents almost halved.

 

Source: Beazley breach insights – April 2018

Advertisements

Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

Digitizing core systems and processes may not get the same attention—or levels of investment—as customer-focused transformation. However, smart CIOs are leading the charge to re-engineer how back-office work gets done, harnessing emerging technologies and building the foundation for a more dynamic enterprise ecosystem

It’s no surprise that the first wave of digital transformation focused on the most visible customer-facing functions, but IT leaders are now turning their attention to reinventing heart-of-the-business operations.

For many in the business and tech worlds, the word digital conjures thoughts of the marketing, sales, and customer experience initiatives that have dominated business mindshare—and investments—to date. It only makes sense given the imperative for organizations to improve engagement with their key constituents, be they customers, patients, citizens, or business partners.

However, savvy CIOs quickly realized that any effort to transform their customer-facing systems and processes would be limited without equally effective and integrated back-office operations. That digital interconnectedness is required to make key data and intelligence residing in the core—related to pricing, product availability, logistics, quality, financials, and more—available to customercentric operations.

Tying together enterprise functions and the core is a start, but it only scratches the surface of the digital transformation opportunity. Over the next 18 to 24 months, CIOs, CFOs, and supply chain leaders will begin developing new digital capabilities in their core systems—and not simply new point solutions or shiny digital add-ons. They will begin constructing a new core in which automation, analytics, real-time analysis and reporting, and interconnections are baked into systems and processes, fundamentally changing how work gets done.

More Meaningful Change

Efforts to digitize core business processes are hardly new. Over the last two decades, companies have invested in ERP implementations, large-scale custom systems, and business process outsourcing to transform their core operations. Some of these investments delivered tangible benefits, such as standardized workflows and automated tasks. Others created unintended side effects, such as subpar user experiences, rigid operating procedures, or even stagnation because needed changes were too costly or difficult to implement.¹

This time, it’s different. In the coming months, CXOs will target core business areas such as finance and supply networks for meaningful change. Rather than focusing on discrete tasks or individual tools, they will broadly explore digital technologies capable of supporting global ecosystems, platform economies, complex operational networks, and new modern workplaces.

Individual emerging technologies will still have a role to play as essential enablers. Blockchain’s distributed ledger, for example, has promising implications for trade finance, supply chain validation processes, and other areas. Yet blockchain alone is only one component in a more dynamic, interconnected core stack. As companies begin their core transformations, it will be critical to understand how individual innovations can work in concert with existing capabilities to drive business value.

The Future of Digital Finance

New core principles can be applied to all heart-of-the-business functions and processes. However, focusing on a couple of areas with long histories of technology-enabled transformation, such as the finance function, can help to illustrate the changes ahead.

For finance organizations, the digital revolution presents both significant opportunities and nagging challenges. Exploding volumes of structured and unstructured data contain insights that could transform business and operating models. By harnessing digital technologies and enhancing existing analytics capabilities, finance could become the enterprise’s go-to source for strategic advice. At present, however, many finance organizations struggle with the data they have, lacking the technologies and skill sets to capitalize on this opportunity.²

Nonetheless, forward-thinking CFOs and CIOs are charting a course toward a digital future built on interconnected and automated systems, unified data sets, and real-time analysis and reporting. Though the specifics of the digital finance organizations will vary by company, they will share the following characteristics³:

Agile and efficient. New product integration and upgrades are faster and more effective thanks to the utilization of public, private, or hybrid clouds.

Increasingly automated and intelligent. Robotic process automation (RPA) enables increased efficiencies and lowers operating costs. Cognitive computing capabilities simulate human intelligence, grinding through mountains of data to automate insights and reporting in real time.

More detailed and accessible insight. Predictive algorithms and visualization technologies enable more seamless oversight, planning, and decision-making by planners and analysts. Advanced analytics illuminates connections and trends buried within data for more detailed, accurate, and efficient reporting.

Built for big data. Next-generation technical architectures can handle massive data sets without sacrificing availability, timeliness, or the quality of books and records.

Dynamic Digital Supply Networks

The digital revolution is driving profound change in every core function, but perhaps none more so than the supply chain. The traditional supply chain was built to support a linear progression of planning, sourcing, manufacturing, and delivering goods. Supply chain systems enabled large numbers of transactions for each of these functions and their dependencies.

With the rapid digitization of the enterprise, this model is giving way to a more fluid system in which data flows through and around the nodes of the supply chain—dynamically and in real time. This interconnected ecosystem economy calls for more efficient and predictive digital supply networks (DSNs) with the following characteristics:4

Always-on agility and transparency. Integrating traditional data sets with data from sensors and location technologies provides visibility into all aspects of the network. DSNs can dynamically track material flows, synchronize schedules, balance supply with demand, drive efficiencies, and rapidly respond to changing conditions or disruptions.

Connected community. Multiple stakeholders—suppliers, partners, customers—can communicate and share data directly.

Intelligent optimization. By connecting humans, machines, and analytics, DSNs create a closed loop of learning, which supports on-the-spot human-machine decision-making and solving challenges such as commodity volatility, demand forecasting, and supplier-specific issues.

Holistic decision-making. More transparent supply chain processes result in improved visibility, performance optimization, goal setting, and fact-based decision-making.

Where to Begin

Creating a new core is neither a marathon nor a sprint—rather, it’s a series of sprints toward a long-term goal. As you begin exploring digital possibilities, the following steps can help you get off to a good start.

Study the masters. If you haven’t already, create a small cross-functional team to help you understand digital transformation possibilities. Chances are, peers in other parts of the company are already leading digital initiatives. Talk to your colleagues and learn from their successes—and their failures.

Map the journey. Make a transformation plan for your function, focusing first on applications that have proven clear winners in other organizations. This can serve as a master blueprint, but remember to execute it one step at a time. Things are changing fast in the digital world.

Be realistic. Before committing to bold visions of digital grandeur, consider the hardest part of the equation: Where do your people, organizational structure, processes, and technology fit in this brave new world? Many established assets can serve as building blocks for the new core, but make sure any modernization needs are well understood before provisioning budget and locking down milestones.

Start cleaning data. Data is the lifeblood of the digital core—and a potential source of trouble in any new core initiative. The data needed for use cases may be siloed and rife with misspellings, duplicate records, and inaccuracies. Consider creating a cognitive data steward to automate the tedious process of resolving data issues.

*****

Many boardrooms may lack the appetite to fund expansive—and expensive—transformations, particularly when the focus is back-office operations. Nonetheless, as digital’s disruptive march across the enterprise continues, digitizing the core presents a host of potentially valuable opportunities to redefine heart-of-the-business work and establish a better foundation for customer-facing innovation and growth.

—by Bill Briggs, chief technology officer, Deloitte Consulting LLP; Steven Ehrenhalt, principal, Deloitte & Touche LLP; Doug Gish, leader, Deloitte Consulting LLP; Adam Mussomeli, principal, Deloitte Consulting LLP; Anton Sher, principal, Deloitte Consulting LLP; Vivek Katyal, principal, Deloitte Advisory; and Arun Perinkolam, principal, Deloitte & Touche LLP

Source: Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

The rise of the exponential professional – Deloitte

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future. Posted by …

The rise of the exponential professional

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future.

Posted by Darryl Wagner and Caroline Bennet on March 1, 2018.

AI. Automation. Machine Learning. Natural Language Processing & Generation. New technology is rapidly disrupting and transforming the nature of work and the identity of professions by enabling humans and machines to work together, side by side. A new breed of professional is rising to navigate this shifting landscape by embracing technology, leaving behind traditional tasks, and applying a uniquely human skill set to focus on higher-value, strategic roles. Enter the exponential professional.


The professional of today might assume that automation only affects nonprofessional workforce segments. Certified professionals such as lawyers, doctors, actuaries, and accountants may feel especially immune to these effects. However, exponential technologies are ushering in sweeping changes for professionals across all levels and industries.

For example:

  • Cognitive computing – Machines will analyze data sets, identify and apply new algorithms to process data, make decisions, and flag exceptions.
  • Process automation – Push a button and maintaining process will become a thing of the past
  • Image processing – Assessing hazards and risks such as determining if properties are made of stone or glass
  • Natural Language Generation – machines writing intelligent memos and communicating findings
  • Virtual reality can give professionals a better understanding of their colleague’s jobs. A call center representative could virtually follow people or processes, transforming their scripts into experience

Getting beyond fear
Professionals’ first reaction to realizing that technology can replace human tasks in their workplace may be fear—the fear of job insecurity coupled with anxiety over their place in the workforce. A look back at a major revolution of the past, the computer revolution, may help alleviate such concerns. During the computer revolution, bank usage of ATM’s exploded. However, instead of reducing the headcount of employed bank tellers, banks used the new technology to open more branches, which led to more jobs. From 1970 to 2010, the number of bank tellers in the United States increased from just under 300,000 to around 600,000.1 This widespread rollout also enabled tellers to take on more complex customer requests, such as new product inquiries.

While technology reduces the need for certain roles, it is often a catalyst for growth in other areas. Upon reviewing UK census data, Deloitte UK discovered that technological advances between 1992 and 2014 caused decreased agriculture and manufacturing employment that were offset by rapid growth in the health care, creative, technology, and business services sectors. The net change was a 23 percent increase in jobs.2 Additionally, there are countless other examples of jobs created in the last decade that are a direct product of technology revolution: mobile app developer, rideshare driver, social/digital media marketer, social media manager, data scientist, chief sustainability officer, drone operator, blogger. While each of these is new and different, each has roots in “old world” jobs with transferable skills: software developer, taxi driver, print marketer, publicist, actuary, environmental activist, pilot, freelance writer. Research suggests this pace of change is set to accelerate with nearly 65 percent of children entering primary school today predicted to end up working in completely new job types that do not yet exist.3 As such, the professional of today should recognize that just like the introduction of computers, the introduction of exponential technologies expands the frontier of opportunities for the business professional.

Just as robots changed the look and feel of a factory, new technologies and the digital revolution will impact the future of the workplace for many professions. For example, augmented and virtual reality will upend learning in the workplace by enabling learners to experience near real-world scenarios in the safety and methodical manner of a simulation.4 This is already being applied in the training of mining personnel where virtual environments can be used to build experience without the need to navigate hazardous environments.5

Similarly, finance professionals can harness cognitive data analytics technologies to automatically prepare and cleanse data, evaluate or identify drivers of results, and document findings. This will enable these professionals to focus their attention on higher cognitive activities.6 By replacing manual processes with machines, talented business professionals can focus on processing exceptions, interpreting and communicating results, and driving forward-looking strategic actions. Integrating machines with people and process can improve the quality of basic data processing, but can also significantly shift the strategic output capacity of any process by focusing talent on more strategic objectives.

A changing workforce
Technological advances are combining with generational changes that will disrupt how companies source talent—and even the very definition of an employee. Traditionally, companies have employed legions of full time, “on balance sheet” staff with set benefits and salaries. However, many companies have turned to alternative talent sources, such as crowdsourcing, to solve problems and create new ideas. A recent study by Harvard and Princeton economists showed that 94 percent of net job growth from 2005 to 2015 was in “alternative work,” or independent contractors and freelancers.7 As technology advances, more and more professionals are expected to join the gig economy, where they may negotiate short-term contracts, work for multiple employers, and diversify their project portfolio. The move to the gig economy is only partially driven by technology. The cofactor to technology is a Millennial mind-set shift toward the workplace. Millennials value work-life balance, flexible hours, ability to work from home, sense of meaning, and a variety of experiences.8 These values are often likely to be satisfied in an alternative work arrangement.

Anticipated implications
So, what are the anticipated implications for the professional of today? First, many tasks traditionally performed by humans will be performed automatically. This means that professionals can adjust their focus toward augmenting process with tasks that require uniquely human skill. Second, alternative work arrangements will bring about changes to companies’ organizational structures, operating model, and how professionals interact with their employers. Third, industry views on professionalism will need to evolve.9 Standards for how professionals leverage, trust, rely on, and interact with automated processes will need to be defined. This includes adapting employee training, which traditionally focused on creating technically sound individuals, and rethinking professional standards.

Let’s look at an exponential professional in action: an exponential actuary…

  • Uses Natural Language Processing to autogenerate reports before breakfast
  • Helps save hundreds of hours a year by relying on bots to automatically generate and QA data and perform analysis
  • Focuses efforts on high-value activities such as designing analysis and interpreting results

 

Exponential technologies are beginning to transform the workplace by efficiently and economically automating many human tasks and facilitating alternative work arrangements. These changes enable the rise of a new adaptive, innovative, and strategic professional—the exponential professional—assisted by and working with technology to create unprecedented value.

Next up: In the second post in this three-part series, we’ll discuss the expectations and responsibilities of the exponential professional.

Darryl Wagner is a principal in Deloitte Consulting LLP and the Global Actuarial, Rewards & Analytics Leader and US ARA Insurance Services Leader.

Caroline Bennet is the National Leader of Deloitte Actuaries & Consultants, the Insurance Leader for Deloitte Australia, and Leader of FSI Consulting, and is a member of the Global Deloitte Actuarial, Rewards and Analytics Executive Team.

Contributors: James Dunseth, Trent Segers, Wes Budrose, Nate Pohle, Ajay Parshotam, Mehul Dave, and Corey Carriker


1 http://www.aei.org/publication/what-atms-bank-tellers-rise-robots-and-jobs/

2https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/about-deloitte/deloitte-uk-technology-and-people.pdf

3 http://reports.weforum.org/future-of-jobs-2016/chapter-1-the-future-of-jobs-and-skills/#hide/fn-1

4https://www2.deloitte.com/content/dam/Deloitte/us/Documents/human-capital/us-cons-hc-welcome-to-virtual-reality.pdf

5 http://www.miningmagazine.com/future-of-mining/future-of-mining-investment/immersive-virtuality-enters-mining/

6 http://reports.weforum.org/future-of-jobs-2016/skills-stability/

7 From Deloitte Review, Issue 21. Navigating the Future of Work [Page 36]

8https://www2.deloitte.com/content/dam/Deloitte/global/Documents/About-Deloitte/gx-millenial-survey-2016-exec-summary.pdf

9 https://analytics-blog.deloitte.com/2017/05/19/who-determines-ethics-in-a-machine-run-world/

 

Source: The rise of the exponential professional – HR Times – The HR Blog

CrowdCrypto Newsletter – Issue #12

Another great summary of Crypto news from Robin Sosnow (@RobinSosnowEsq). 

🇺🇸 USA Regulatory Spotlight: 

Cryptocurrency Spotlight:

Global Spotlight:

Events Spotlight: 

EQUITY CROWDFUNDING NEWS
Equity Crowdfunding Spotlight:

Source: CrowdCrypto Newsletter – Issue #12

Mastering Data Sovereignty – CIO Journal

Amid ongoing concerns over data privacy, ownership, and governance, technology leaders are playing a critical role in making data broadly available throughout the enterprise, while also ensuring compliance with an array of differing data regulations around the globe.

CIOs can take advantage of a holistic data management approach and new cognitive capabilities to increase data accessibility and control.

As data grows in complexity and importance, IT leaders are entering a new era of data management. There is increasing demand to make data freely accessible, understandable, and actionable across business units, departments, and geographies to enable digital transformation efforts. At the same time, many global companies are under pressure to comply with varying country-specific rules about what data may be shared within or beyond geographic borders.

The good news is that CIOs can take advantage of new data management techniques and tools to strike the right balance between accessibility and control. Now is an opportune time for IT leaders, working in partnership with their business peers, to develop an “enterprise data sovereignty” road map to facilitate understanding of data relationships, guide data storage, and manage data rights. And by employing new cognitive capabilities, they can automate aspects of data management, redesign data architecture, and elevate data stewardship.

A holistic approach to data architecture and management can help improve the performance of this business-critical asset, helping to foster innovation and growth. It can also serve as a platform for helping organizations comply with existing and expected national data sovereignty rules around the world.

Data Wants to Be Free

There is no question that the ability to strategically manage ever-growing stores of data will be a competitive advantage in the digital age. In many companies, data collection, access, and management remain siloed by department, business unit, or geography. However, as companies seek to digitally transform, data must be more freely accessible throughout organizations for companies to realize their full potential.

Historically, few companies have been able to master data management—even when much of that data was structured and stored in tables or basic systems. As data has grown in volume and variety, those challenges have multiplied. With many organizations doubling their data every two years, short-term strategies for data computing and storage can quickly become obsolete. New data management architectures and strategies are likely needed to accommodate the big data explosion.

That’s where enterprise data sovereignty comes in: It’s a way for IT and business leaders to develop a holistic data management strategy for the organization, with the goal of making data available, consistent, and controlled throughout the company. CIOs who take this approach know where data is stored; who has access to it; and how or whether it moves beyond business unit, geographic, or company boundaries.

Over the next 18 to 24 months, more companies will likely begin modernizing their data management in this way, working to increase data discipline and availability. Viewing data through the lens of enterprise data sovereignty can help companies solve challenges related to architecture, global regulatory compliance, and data ownership.

Whose Data Is It Anyway?

One of the first issues IT and business leaders confront in developing an enterprise data sovereignty plan is data ownership. In the past, IT owned the systems and, therefore, the data. That’s not necessarily the case anymore.

Going forward, the question of data ownership will be answered differently in different companies. There will be no one-size-fits-all approach. Many organizations will employ a data steward focused primarily on data quality and uniformity. Some organizations are hiring chief data officers, but their focus is less on managing data than on illuminating and curating the insights the data yields. In many companies, there may be no de facto owner at all. In any case, the most important decisions may concern not who owns the data, but rather what principles govern data management and access and how those rules are operationalized.

Organizations that are beginning to master enterprise data sovereignty share some common success factors. First, they bring together key stakeholders to determine goals for data quality, uniformity, collection, storage, and aggregation. They also have a data management function, owned and led by the business, that enforces decisions about management, governance, and consumption. This hybrid approach—having some level of centralization to enforce decisions made by a cross-functional stakeholder group—is typically the most effective way to operationalize enterprise data sovereignty.

Data Architectures for the Future

Creating a modern data architecture is challenging for most organizations. Even for those with a track record of success, traditional master data management, data quality, and data governance processes may fail to keep pace with data flowing in from new places in different formats.

IT leaders who want to build a platform for enterprise data sovereignty consider not only how and where data is stored, but also the sourcing and provisioning of authoritative data, metadata management, master data management, information access and delivery, data security, and data-archiving capabilities.

Thankfully, today’s IT leaders can take advantage of advanced components to build their data management architectures. The following new cognitive capabilities can help organizations better manage data across its life cycle—from consumption to analysis:

  • Ingestion and signal-processing hubs can make sense of structured and unstructured data from public, social, private, and device sources.
  • Cognitive data stewards can help users understand new compliance requirements and augment human data stewards.
  • Data integrity and compliance engines work to enhance data quality and fill data gaps to help ensure data quality and integrity.
  • Dynamic data fabrics understand the interconnectivity of data and can maintain metadata and linkages as data moves through different systems.
  • Enterprise intelligent layers employ machine learning to illuminate deep data insights and help increase confidence in real-time analytics.

Maintaining Global Compliance

National data sovereignty rules, such as the much-anticipated General Data Protection Regulation in the European Union, are also an issue. While the cost of compliance with various regulatory requirements will be substantial, the price of noncompliance is likely to be even higher.

Taking an enterprise data sovereignty approach can help companies deal with the thorny issue of maintaining compliance with regulatory and privacy requirements that differ dramatically by nation. CIOs can also deploy technology solutions for global regulatory compliance. A sophisticated rules engine deployed directly into cloud servers can apply myriad rules to data dynamically to determine which stakeholders in specific jurisdictions are allowed access to what data. IT leaders can also segregate data into logical cloud instances by legal jurisdiction and deploy controls to limit cloud access to those data stores to users in each locale.

At a business level, it can also be valuable to shift the focus from managing and sharing data to managing and sharing insights. Insights, after all, can be transferred freely throughout a global organization even when data cannot.

Where to Begin

The Holy Grail for IT leaders is an enterprise data sovereignty strategy that can handle growing volumes of data in an agile, efficient, and controlled manner. The distance between today’s data management reality and that end state can seem daunting, but there are some actions IT leaders can take to move in the right direction:

  • Pay down data debt. Smart IT leaders can confront the extent of their existing data sprawl in order to understand the magnitude of the issues to be addressed.
  • Begin at the beginning. Many of a company’s data problems can be traced upstream to the information supply chain, where CIOs can focus their efforts to link, merge, route, and cleanse data.
  • Use metadata—and lots of it. Adding metadata to raw data at the point of ingestion is among the best ways to enhance data context.
  • Employ a cognitive data steward. Leveraging advanced AI technologies to assist human data stewards can free data professionals to focus on the bigger data sovereignty picture.

*****

The enterprise data landscape is only becoming more complex, with new and increasingly unstructured data coming online every day and a dynamic global regulatory environment. That’s why forward-looking IT leaders are beginning their data modernizations efforts today.

—by Bill Briggs, principal and chief technology officer; Juan Tello, principal; and Ashish Verma, managing director, Deloitte Consulting LLP

 

Source: Mastering Data Sovereignty – CIO Journal – WSJ

Flex Expands Digital Health Capabilities, Launches BrightInsight Connected Health Solution on Google Cloud Platform

Advanced medical-grade managed services solution analyzes connected medical device data and therapies, delivering real-time insights within a regulatory-compliant environment

SAN JOSE, Calif., March 1, 2018 /PRNewswire/ — Flex (FLEX), the Sketch-to-Scale™ solutions provider that designs and builds intelligent products for a connected world, has expanded its service offerings for the healthcare industry with a new digital health offering. BrightInsight is a secure, managed services solution built on Google Cloud Platform that can aggregate data and deliver real-time insights to optimize the value of connected drug, device or combination products. The company made the announcement ahead of the annual Healthcare Information and Management Systems Society (HIMSS) conference, taking place March 5-9 in Las Vegas, Nevada.

The  McKinsey Global Institute estimates that applying big-data strategies to better inform healthcare-related decision making could generate up to $100 billion in value annually across the U.S. healthcare system. Medical devices today collect massive amounts of data, which creates enormous potential for a rapid feedback loop that can help improve patient care and enhance drug therapy delivery and management. In order to make an impact, the data needs to be aggregated from a myriad of apps and stand-alone devices, as well as analyzed to provide actionable insights. BrightInsight solves these challenges and helps patients and health care professionals, from physicians to medical device and pharmaceutical manufacturers, to better understand medical device usage and medication adherence, and streamline the product development and certification process.

“We saw the need for a secure cloud platform designed to support highly-regulated connected drug delivery and medical devices, going beyond simple connectivity to deliver real-time intelligence and actionable insights,” said Kal Patel, MD, senior vice president of Digital Health for Flex. “With our 20 years of experience operating in global regulated medical environments, and having deployed more than 75 regulated hardware and software medical products, Flex can combine our cross-industry capabilities to simplify our customers’ digital transformation.”

Flex is partnering with Google Cloud to deliver insights through customizable analytics dashboards fueled by Google Cloud’s advanced machine learning and artificial intelligence (AI) capabilities. Google Cloud Platform enables BrightInsight to securely store, analyze and gain insights from health information, without pharmaceutical and medical technology customers having to manage the underlying infrastructure. Advanced use cases for BrightInsight may include controlling connected devices, drug dosing, decision support, personalized patient interventions, trend analysis and AI-driven insights.

“Google Cloud is committed to leveraging our deep engineering expertise to accelerate innovation in digital healthcare,” said Gregory Moore, MD, PhD, vice president, Healthcare, Google Cloud. “With a partner like Flex, we will enable our customers to develop innovative solutions and leverage machine learning-based analytics that can turn new data sets from wearables, medical devices, therapies and apps into actionable information for patients and providers.”

BrightInsight is designed to support CE-marked and FDA-regulated Class I, II and III medical devices, combination products and Software as a Medical Device requirements, enabling automated interventions. Deployed as a managed service, the BrightInsight platform allows pharmaceutical and medical technology companies to accelerate their time to market, reduce the cost of implementation and maintenance across multiple products, and scale for global markets.

BrightInsight features foundational capabilities for rapid development and a modular platform architecture to support customization and worldwide implementation. It is built from the ground up to securely manage highly regulated medical device data and personal health information, and Flex has put the people, technology and processes in place to monitor security and threat prevention to meet global compliance standards.

BrightInsight eliminates regulatory bottlenecks that can lead to costly delays by offering turnkey regulatory design control and file management of master files with the FDA. This service enables pharmaceutical and medical technology companies to focus on their drug, device or combination product submissions without the burden of documenting the software platform.

Source: Flex Expands Digital Health Capabilities, Launches BrightInsight Connected Health Solution on Google Cloud Platform

Uber is driving patients to their doctors in a big grab for medical transit market – The Verge

Big money, and bigger pitfalls, await the ride-hailing giant

Uber announced the launch of a new digital tool meant to book rides for patients who need assistance getting to and from their appointments. A health care provider can book a ride for patients and caregivers immediately, within a few hours, or with 30 days’ notice. The company is positioning itself as a cheaper and more reliable option than most non-emergency medical transportation.

Uber Health is available in two versions: as an online dashboard and as an API for software developers to integrate ride-hailing capabilities into their own health care tools. The service doesn’t require an Uber account; notifications can arrive via SMS text message. The company plans to expand the service so that people with landlines will be able to get trip details that way — or via a mobile phone that isn’t a smartphone. Uber says the billing is simple and easy to manage. It’s also compliant with our most important medical privacy law. Today’s announcement includes over 100 health care providers all across the US.

The non-medical-emergency medical transportation market is worth more than $3 billion, according to the Transit Cooperative Research Program, a federally funded independent research entity. A lot of that money is for people who can’t drive — either because of age or poverty — and so Medicare and Medicaid providers foot the bill. Uber has clearly become interested in the industry. In 2016, Uber partnered with Boston-based company Circulation to provide rides for patients to more than 700 participating health facilities in 25 states. And last January, the company hired a veteran lobbyist in Washington, DC, to pursue the ride-hailing company’s agenda on policies related to health care and medical records privacy. It’s not the only ride-share company looking for a piece of this market: Lyft also teamed up with Circulation and with insurer CareMore Health Systems.

“If there are people who are missing their appointments because they’re using an unreliable bus service to get to and from their healthcare provider, this is a great solution for them,” Chris Weber, general manager of Uber Health, told The Verge. “The types of individuals this is valuable for really is limitless.”

An average of 3.6 million Americans miss their health care appointments every year because of unreliable transportation, according to JAMA Internal Medicine. Missed appointments can trigger a chain reaction of increased emergency room visits, extended hospital readmissions, and higher costs distributed across the industry. Experts estimate the impact of these missed appointments is $150 billion every year.

Uber Health is compliant with the US’s health care rules on data privacy, known as the Health Insurance Portability and Accountability Act, or HIPAA. “We built this service from the ground-up in a fully HIPAA-compliant technology stack,” Weber said. “It was architected from Day One. Everything we built from a technology perspective was built to fit within the constraints and best practices of HIPAA.”

And while being HIPAA-compliant is a good thing, it doesn’t necessarily get rid of all the risk. “Even if a platform is HIPAA-compliant, providers risk potential imposition of stiff penalties for data breaches, and business associate agreements should be implemented between providers and ridesharing companies,” legal consultants from Carlton Fields wrote in a 2016 note entitled “Offering Ridesharing Services to Patients: Uber Risky?”

Uber was hit by a cyberattack in 2016, exposing the personal information of 57 million riders and drivers. Later, the company was accused of trying to cover it up.

Uber also doesn’t have the best track record when it comes to wheelchair accessibility. The company was sued by disability advocates last year, accused of denying equal access to people who use wheelchairs and violating Title 3 of the Americans with Disabilities Act. Weber said, “It’s definitely something we’re focused on making a better, more reliable experience, but as of now this is really focused on reaching out to the existing driver network.”

Even as the ride-hailing company tightens its grip on all forms of transportation, don’t expect this to lead to Uber-branded ambulances in the near future. “Not on our road map,” Weber said.

Source: Uber is driving patients to their doctors in a big grab for medical transit market – The Verge

Nine Big Workplace Changes Enabled By Ubiquitous Voice-Powered Technology

How can Alexa help your bottom line?

Over the last several years, voice-activated technology has gained mass adoption in the consumer world. It’s not uncommon to hear people dictating notes, reminders and appointments to their smartphones, asking their car’s GPS for directions or controlling their home’s systems and ambiance through a console like the Amazon Echo or Google Home.

Stocksnap.io

Smart speaker

The natural progression of this useful technology is for it to be integrated into the workplace. Although many employees already use voice controls for their daily work, it’s only a matter of time before enterprise software and hardware become equipped with voice activation. As we look toward the age of the ubiquitous smart office, members of Forbes Technology Council shared their thoughts on how companies will use voice to empower and improve their workforce.

1. The Rise Of The Smart Office

Voice activation is increasingly running the smart home and driving the future of IoT. These consumer innovations will be mimicked in commercial spaces, where resource needs are higher and more complex. Companies can conveniently optimize energy and comfort at the office with a quick command — just like individuals use personal assistant devices to adjust lighting and thermostats at home. – James McPhailZen Ecosystems

2. Better Reporting

Amazon is one of the first companies to make a serious attempt to get voice activation into the workplace with Alexa for Business. First adopters are using Alexa for meetings and to set up conference calls. I’m looking forward to being able to trigger custom workflows that integrate voice control with my calendar or task list and to get real-time voice reports for important business metrics. – Vik PatelNexcess

3. Supercharged Data Analysis 

Voice-activated tech, utilizing advanced AI like natural language processing (NLP), will eventually integrate with enterprise systems and leverage their wealth of data. With this foundation, these solutions will be able to instantly analyze records, create reports, and search intranets in addition to completing basic recording and automation duties. The search queries excite me most. – Adam Rogers, UltimateSoftware.com

Source: Nine Big Workplace Changes Enabled By Ubiquitous Voice-Powered Technology

Alphabet studies how deep learning could predict heart disease risk | Healthcare Dive

Researchers at Google parent Alphabet’s research arm used an algorithm to speed assessments of patient cardiovascular risk factors using eye scans.

  • Researchers at Alphabet and its research arm Verily Life Sciences have found a way to predict a person’s cardiovascular risk factors using eye scans and deep learning, according to a study published this week in Nature Biomedical Engineering.
  • By analyzing scans of the retinal fundus, the tissue at the back of a patient’s eye, the company’s software can tease out data such as blood pressure, age and whether an individual smokes — all potential risk factors for having a major cardiac event.
  • The algorithm could speed assessments of patients’ cardiovascular risk, but more testing is required before it can be used in a clinical setting.

Dive Insight:

“Using deep learning algorithms trained on data from 284,335 patients, we were able to predict CV risk factors from retinal images with surprisingly high accuracy for patients from two independent data sets of 12,026 and 999 patients,” Dr. Lily Peng, product manager of the Google Brain Team and a co-author of the study, wrote in the Google Research Blog.

“For example, our algorithm could distinguish the retinal images of a smoker from that of a non-smoker 71% of the time, compared to a ~50% (i.e. random) accuracy by human experts,” she said.

The results also show “strong gender differences” in the fundus images that could help guide research on the differences in male and female eyes, as well as how cardiovascular disease or risk factors affect retinal health, according to the study.

Last year, Verily began recruiting 10,000 volunteers to help build a comprehensive database of biometric data. The company is also working with French drugmaker Sanofi to develop tools for diabetes management and with 3M on solutions for population health.

This latest study could have implications for treating patients. Cardiology has been trending toward population health and tools such as this new algorithm could help identify and inform care paths for patients.

Recommended Reading:

Source: Alphabet studies how deep learning could predict heart disease risk | Healthcare Dive

Practice Fusion wants to start charging doctors, sources say

Practice Fusion is scrapping free software model after agreeing to sell to Allscripts

Practice Fusion is planning to start charging doctors to use its software, sources say. The change comes weeks after Practice Fusion agreed to a disappointing $100 million sale to Allscripts. Practice Fusion has struggled to build a growing business model based on ads

After more than a decade in the market with a free product, Practice Fusion has plans to start charging doctors.

Six weeks after Practice Fusion agreed to sell itself to Allscripts for a fraction of its prior valuation, the medical software company is scrapping the business model that propelled it to unicorn status.

Practice Fusion gained traction by offering free electronic health records software to doctors — as an alternative to the expensive systems from big vendors — and the company made money by serving relevant pharmaceutical ads to its users.

But Practice Fusion recently started notifying customers that, beginning this summer, the service will convert to subscription payments and cost $100 per physician per month, according to two sources familiar with the matter who asked not to be named because the change hasn’t been made public.

It’s a massive shift for a company whose founder and ex-CEO preached about the virtues of a free product and promised that it would never cost money for users. Ryan Howard, who was ousted in 2015 after the company missed financial targets, told Medgaget two years earlier that “Practice Fusion will always be free.”

The product proved to be a particular favorite among small physician groups, like primary care doctors and dermatologists, and the company said that its user base has grown to 100,000 health-care professionals. One industry publication called it the “poster child” of free platforms.

In a statement to CNBC, a Practice Fusion spokesperson said that as part of its mission the company has “been offering some features and services to our customers at no cost while other solutions and services offered do involve reasonable prices,” and that a change is on the way next month.

“We have a product announcement upcoming in early March, and we look forward to sharing it further with you and all of our stakeholders very soon,” the company said.

Practice Fusion has had a rough start to 2018. In January, the company said it was being acquired by Allscripts for $100 million. That’s about one-fifteenth its expected valuation in 2016, when it reportedly hired J.P. Morgan to explore an IPO.

Soon after the acquisition was announced, CNBC reported that top executives pulled in millions of dollars as part of a pre-arranged deal, while common shareholders were wiped out.

‘Evaluate their options’

During its growth years, Practice Fusion benefited from legislation passed in 2009 that incentivized the medical community to move from paper to digital records.

The market exploded with dozens of medical records vendors, but most charged subscription fees for the service and additional expenses to upgrade. Epic and Cerner have captured the top end of the market, which includes academic teaching hospitals, while Practice Fusion and a handful of others compete for the smaller physician groups.

Industry experts including Ken Comee, CEO of rival CareCloud, said the change could be a boon for other vendors that target independent practices.

“Maintaining the customer base could be a challenge because they’re charging for something that was once free,” Comee told CNBC. “It might encourage doctors to evaluate their options.”

Source: Practice Fusion wants to start charging doctors, sources say