InnoHEALTH magazine - Volume 4 issue 2 - April to June 2019

VOLUME 4 ISSUE 2 APRIL-JUNE 2019 INR 100/-
on
Impact of
Cybersecurity
on Healthcare
Data Analytics to
Improve Quality
of Healthcare
Type 2 Diabetes: A
study in non-obese
and Lean Indians
Cognitive development:
Myths and Realities
Gallstones:The
Truth Underneath
World Health
Day: April 7
Cybersecurity:Trends,
Challenges,andThreats
in Healthcare

A Brief Review on InnoHEALTH
I ATTENDED the recent IC Club meeting and it was quite a
meaningful presentation especially from legal standpoint.
Thank you, Team InnovatioCuris.
Rabin Majumdar
Advocate, Supreme Court, New Delhi
INDEED, a wonderful presentation on webinar. I really
enjoyed it watching with my team. Thanks a lot.
Benita Saklani
Business Development Head
Liveon Biolabs Private Limited (LBPL)
New Delhi
I RECENTLY became a part of a webinar. It indeed was a
great and well-organized webinar. Thank you team
InnovatioCuris. I watched each question up to the last
question - answer discussion.
Avinash Bharti
Assistant Professor
CharotarUniversity of Science and Technology
Gujarat
I ENJOY reading your articles in InnoHEALTH magazine
and thought it would be a good idea to reach out to you
personally. We consider you an expert in the field, and we
believe we could offer you a piece of visual content that
might be engaging for your audience.
Nikola Djordjevic
Head of Content
MedAlertHelp
I HAVE just come across your highly insightful magazine
on healthcare – ‘InnoHealth Magazine’ – today. The publi-
cation contains a wealth of information coupled with high
production value.
Thomas Antony
Mumbai
Most liked article of the last Issue....
Testimonials from the InnoHEALTH Readers

It is a world of digital transformation with a large number of buzz
words such as Innovation, Blockchain, AI, etc., spoken around
within people on large. This is digital revolution where things change
very rapidly with newer concepts, issues, challenges and solutions.
One such major issue of digital world is Cybersecurity which relates
to Ransomware, bitcoin, etc. Taking the cue, in the current issue
of the magazine we intent to explore the trends, and challenges of
Cybersecurity and address its need in the healthcare sector.
In a recent healthcare conference, the people were unaware when I
spoke about how on October 21, 2013 the former US Vice President
Dick Cheney’s doctors disabled his pacemaker’s wireless capabilities
to thwart possible assassination attempts. To this, everyone had an
issue on the accountability. It remains unanswered that who would
be liable, the doctor, hospital, company which provided pacemaker
or the insurance company. Amidst all this, nobody was concerned
about the patient as none present there questioned it. Maybe we are
awaiting a major catastrophe to happen to put our minds to work. It
is our endeavor to equip the healthcare community to this aspect of
digital health.
Cybersecurity is major concern of patient safety and healthcare
infrastructure. The health records, data, hospital information system
and individual medical devices are all targets. The vulnerability
is in technology and lack of awareness of staff. There are many
examples to quote wherein hospitals have become victim of attacks.
A recent audit of a corporate hospital in Delhi by our team revealed
that 80% equipment is vulnerable to cyberattack, thus, risking the
patients. Healthcare providers are not sensitised to issue as required
hence this magazine is dedicated to Cybersecurity. We have named
it Cyber4Healthcare and even launched a training program in
healthcare domain to update knowledge of this extremely important
topic. There is an immediate necessity that we invest in staff and
equipment to make our systems robust enough to protect them from
cyber-attacks.
We at InnovatioCuris always strive to sensitise the healthcare
providers with new technologies and our next issue would focus
on IoMT or connected healthcare which is overtaking the segment
rapidly. However, we should always keep in mind that we are master
of technologies and not the other way around. Can humane touch
be replaced by technology? The trend nowadays is that we are
leaving human ingenuity behind and are being heavily dependent on
technology. There is a need to understand benefits and challenges
of newer devices, technology and thinking. Let us consider how we
can balance traditional to modern approach in today’s world and
get best of both world. Let our readers share their experiences by
writing for the magazine to benefit all.
Cyber4Healthcare:AnIssue
ofToday Tomorrow
Dr. VK Singh
Editor-in-Chief MD,
InnovatioCuris
vksingh@innovatiocuris.com

PERSONA
Indo-Danish Relationship
in Healthcare 6
Healthcare: Handle With Care 8
THEME
Cybersecurity: Trends, Challenges,
and Threats in Healthcare 12
Cybersecurity Business Evangelist 14
Cybersecurity: The Vulnerability of
Medical Institutions to CyberAttacks 20
TRENDS
Latest Innovations! 24
Is“Smart”Technology a
Saviour of Healthcare? 28
Data Analytics Will Increase
the Quality of Care! How? 30
MedicalIoT:FutureofConnectedHealth,
Are We Ready? 32
WELL-BEING
ASHAs Set Up a Role Model in the
Eradication Programme Against
Malaria in Odisha 36
Health and Wellness Coach Platform for
Industrial Workers 38
ISSUES
Cognitive Development: Before and After
Birth-Myths and the Realities 40
The Fertility Diet: Zero Stress Recipe 42
Gallstones: The Truth Underneath 44
Snakebite: A Public Health Problem You
Don’t Hear Of ! 45
RESEARCH
Can Millets Be the Answer to India’s
Nutritional Problems? 46
Non-Obese and Lean Indians Also
Prone to Type 2 Diabetes: A Study 50
Digital Diabetes Management Market52
NEWSCOPE
DiabetesandDigital:DiscussiononUnmet
Needs and How Digital Tools Can Help?54
Healthy Lives: Everyone, Everywhere 56
Book Reviews 58

Global Editorial Board
Dr. Shailja Dixit, Chief Medical Officer, Scientific
Commercialization,
Fellow of Health Innovation Technology Lab, USA
Ronald James Heslegrave, Chief of Research,
William Osler Health System, Canada
Dr. Chandy Abraham, CEO, Healthcare
Project, ITC Limited, India
Dr. Sharon Vasuthevan, Group Nursing Quality
Executive at Life Healthcare Group, South Africa
Dr. Kate Lazarenko, Founder and Director,
Health Industry Matters Pte. Ltd, Australia
Dr. Sarita Jaiswal, Ex-Research Officer at University
of Saskatchewan, Saskatoon, Canada
(currently in India)
Printed and Published by Sachin Gaur on behalf of
InnovatioCuris Private Limited
Printed at Lippe Scan Private Limited 89, DSIDC,
Phase-1, Okhla Industrial Area, Delhi 110020
Editor: Sachin Gaur
DCP Licensing number: F.2.(I-10) Press/2016
RNI: DELENG/2016/69964
© InnovatioCuris Private Limited
All rights reserved. Neither this publication nor any
part of it may be reproduced, stored
in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying,
recording, or otherwise, without the prior permission
from InnovatioCuris Private Limited.
Disclaimer:
Readers are requested to verify and make appropriate enquires to satisfy themselves about the veracity of the
advertisements before responding to any published in this magazine. Sachin Gaur, the Publisher, Printer and Editor of
this magazine, does not vouch for the authenticity of any advertisement or advertiser or for any the advertiser’s products
and/or services. In no event can the Publisher, Printer and Editor of this magazine/ company be held responsible/liable
in any manner whatsoever for any claims and / or damage for advertisements in this magazine. Authors will be solely
responsible for any issues arising due to copyright infringements and authenticity of the facts and figures mentioned in
their articles. InnoHEALTH magazine is not liable for any damages/copyright infringements.
Editor-in-Chief:
Dr. V K Singh
Executive Editor:
Sachin Gaur
Editors:
Alok Chaudhary
Dr. Brijender Singh Dhillon
Dr. Avantika Batish
Nimisha Singh Verma
Dr. Garima Singh
Dr. Jasmeet Kaur
Sr. Designers
Suraj Sharma, Ritu Versha
Circulation Manager
Mayank Kumar
Advisors
Amir Dan Rubin, Executive Vice
President, United Health Group, USA
Thumbay Moideen, Founder
President, THUMBAY Group, UAE
Tanya Spisbah, Director
Australia India Institute, Delhi

PERSONA
Q. What are the updates for 2019
regarding Indo-Danish relationship in
Healthcare?
The relationship between India and
Denmark is becoming better each
day. In December 2018, the Foreign
Ministers of both the countries met
in New Delhi and relaunched the
Indo-Danish Joint Commission,
which provides the framework for all
strategic sectors’ cooperation including
healthcare. This breakthrough
paved the way for the Danish Prime
Minister’s visit to India in January
this year. Among other things, he
participated in Vibrant Gujarat
spearheading a Danish business
delegation, where he also met with
Prime Minister Modi. The purpose of
these visits was to strengthen political
and economic ties between India and
Denmark, because both countries will
benefit tremendously from increased
interaction and business collaboration.
In this regard, healthcare is a key focus
area for 2019. This decision is based on
the success of two large projects in 2018;
one is focused on non-communicable
diseases and the other on attaining the
SDGs within healthcare. We were able to
develop concrete grounds for working in
a focused manner in this field and assist
Danish companies looking to gain
a footing in India. Several Danish
companies are already established in
the Indian market including Novo
Nordisk, Widex, Coloplast, Fertin,
Falck and many more are expressing
their interest.
Q. The Danish Health System is
incorporating changes for good in
recent past with new hospitals and
otherdeliverymechanisms,canyou
share your view-point on relevance
of them to India?
The Danish health system is a
publicly funded scheme, which
covers all Danish citizens. There is
a lot Denmark can contribute with
to India in terms of know-how and
sharingofbestpractices.Areaswhere
Indo-DanishRelationship
in Healthcare
Peter Taksøe-Jensen is the Danish Ambassador to India, Bhutan,
Maldives and Sri Lanka, Nepal since August 2015. Prior to
this, he served as the Ambassador to the United States from
2010–2015. He has worked in various areas of ministry which
include the Security Policy Department, Legal Service, and the
European Union Law Department and on various government
commissions. Taksøe-Jensen obtained his law degree from the
University of Copenhagen. Dr. Jasmeet Kaur interviews him on
his view point on the current scenario in healthcare.
PERSONATHEMETRENDSWELL-BEINGISSUESRESEARCHNEWSCOPE

Denmark can assist India include:
• Digitalization of some solutions to
address the challenges that exist in
current healthcare system. Denmark
is a leader when it comes to digital
workflows and working with
electronic health records. Like in
India,therearemultiplestakeholders
within the healthcare system
(doctors, patients, nurses, local and
state authorities, pharmacies, etc.)
that are bound to work together
but at the same time operate as
individual entities as well. Denmark
managed to achieve a high level of
efficiency by digitalizing processes
and thus, improve efficiency.
• Digitalization has helped Denmark
save both time and money. These
learnings can be adopted in India to
bring down costs in public as well as
private set-ups.
• Empowered its patients allowing them
to access all relevant information about
their health and well-being. I believe
that the Indian government’s launch
of Ayushman Bharat Scheme is also a
move in the similar direction and with
the similar intent of providing better
healthcare access to all. Therefore, I
see a great scope of collaboration and
partnershipbetweenthetwocountries.
• Other areas where Denmark has
done exceptionally well is use of Tele-
medicine for connecting patients in
remotelocationsandreducetimeatthe
hospitals.
• The Danish hospital system is
undergoing unprecedented expansion
and restructuring. Denmark has
spent years of research and gathered
expertise from all over the world to
develop 5 new national super hospitals
and renovating 11 existing hospitals.
India can leverage this knowledge
while it is at a stage where there are still
new hospitals getting on.
Q. What can India offer to Denmark,
your opinion?
One of the common areas of work
between Denmark and India is dealing
with NCDs. It is a global challenge.
Denmark is currently investing a lot
in developing solutions to address this
global multifaceted issue. Our research
environments,universitiesandcompanies
are trying to create products that could be
suitable not only for Denmark but across
the globe. One of the very specific things
Denmark could explore is:
• India has a lot of data available and
Denmark could collaborate with India
to develop solutions and therapies.
India being a bigger country with much
bigger amount of data; this can be utilized
to further make the Danish healthcare
sector more effective.
Furthermore, private players dominate
the Indian healthcare sector, which has
created different incentives and a quicker
implementation time. Both learnings from
private players and data from India can be
beneficial to the Danish healthcare sector.
Q. Any message for the readers of
InnoHEALTH Magazine that you want
to share?
Healthcare is a global challenge, and
we need global solutions to attain the
Sustainable Development Goals. Having
in mind that 17 percent of the world
population lives in India, it is safe to
say that if India fails, the world will not
succeed. Therefore, the strategic sector
cooperation between Denmark and India
is very important.
PERSONATHEMETRENDSWELL-BEINGISSUESNEWSCOPERESEARCH

Q. Given your important assignments
for the Government of India in the
past, share with us the big picture.
What are the trends you see in terms
of cyber crime and threats for 2019?
The world is getting more connected
and technology has seeped into every
aspect of our lives. On one hand,
these advancements make our lives
easier and on the other bring a lot of
vulnerabilities with them if security
isn’t strong enough to tackle cyber
criminals. Hackers today are well-
educated and have the capabilities
to develop new methods and tools
to exploit the vulnerabilities on the
computer systems and networks.
Few do it for their academic interest
and thrill and inform the person
concerned about the vulnerabilities
so that the same can be plugged.
They are known as white hat hackers.
While the others do it with malice
and self-gain and are known as Black
hat hackers.
To gain access to the computer systems,
the cyber criminals and hackers will
continue to deploy already existing
tools (called as exploits) with enhanced
Healthcare: HandleWith Care
Karnal Singh, a 1984 batch IPS officer and Engineer from Delhi College of
Engineering (DCE) and Indian Institute of Technology (IIT), has over 34 years
of experience in investigation of corruption, terrorism, money laundering,
and cyber-crime cases. He is a recipient of President’s medal for distinguished
service and Police medal for meritorious service.
Karnal Singh, the Former Director of Enforcement Directorate opens
up with the Sachin Gaur, Executive Editor, InnoHealth about his
opinion on trends of cybercrime and threats in 2019

capabilities. More advanced tools will
be also be developed in the coming
years. Some of the important ones are
enumerated below:
1. Chatbots:
There will be an extensive use of
machine learning techniques (Artificial
intelligence) in near future. A Chatbot
can be injected into the important
website (for example, a banking site).
Chatbot in the form of a man or
woman would pop up on the screen
and will start interacting with the user
(like what we see the google assistant
doing). Then it may misdirect the
customer to a nefarious link similar
to an actual banking site, thereby
fetching important information from
the customer and compromising his
banking information.
2. Bot and botnet:
The hackers have been successful in
remotely taking control of the hacked
computer systems. Such system is
known as bot. The hacker can remotely
misuse a machine (using computing
time or other resources) without the
actual user being aware of it.
If there are more than one compromised
device, then it is called botnet.
Botnets can be put to perform some
distributed function viz, crypto jacking
(mining bitcoins) or distributed denial
of service attack.
3. Discover and target organizations
outside the firewall:
Most of the commercial organizations
deploy firewalls, intrusion detection
systems and intrusion protection
systems; thereby making hacking
difficult. But they use third-party
software, which may be having
vulnerabilities. Hackers can attack
the third-party systems used by the
commercial websites.
4. Injection Attack:
Protective systems installed on
computers look for malicious files to
detect cyber-attack. The injection attack
is file less; the hacker directly inserts the
malicious code in the memory, thereby
compromising the machine, without
ever dropping a file onto the infected
system. One such example is British
Airways site hack in 2018, resulting in
identity theft of around 3,80,000 users.
5. Biometric Hacking:
Cybercriminals use brute force attack,
dictionary attack or social engineering,
etc., to crack the passwords. Many
people have shifted to biometrics.
The academic research suggests that a
number offinger print authentication
systems could be spoofed, even highly
sophisticated facial recognition system
have been proven vulnerable to more
advanced hacking efforts.
6. Application of
artificial intelligence:
Artificial intelligence techniques
will be used more and more to avoid
detection by the intrusion detection
tools. For example, Waterminer, a
cryptocurrency mining tool injected
as malware, stops mining when task
manager or antimalware scan is run.
7. Rouge AP(access point)
and Evil Twin:
Rouge AP is an access point installed
on the network without the knowledge
of the administrator, while the evil twin
is identical network.
The above-mentioned techniques
will be sharpened to attack numerous
utility services (some of which are
listed below) by the black hat hackers
for malicious purposes:
A. Internet of things(IoT):
Considerable number of smart gadgets
(such as TV, plugs, IP cameras,
smartphones, tablets, network video
recorders, heaters, refrigerators) are
used at homes and industries. When
these gadgets are connected to the
Internet, they are termed as Internet
of Things. The hackers will increase
their attacks on IoT using vulnerability
in cloud infrastructure and hardware
to threaten the users physically or
mentally.
B. Attack on identity platforms:
Identity platforms offer centralised
secure authentication of users, devices
and services across IT environment. It
could be database of banks, hospitals,
social media sites, etc. Identities of large
number of persons would be attempted
tobestolenforextortion,impersonation
or proving the inadequacy of the
commercial organization in securing
the important data (so as to blackmail).
C. Real world damages:
There will be more and more attacks
on services providing community
services viz, municipality, health sector,
electricity supply, water supply and
sewer systems.
Besides the cyber criminals, who would
use such hacking for ransom, terrorists
and even nations can use it against
public or adversaries.
D. Social media
content compromise:
There will be increased use of Botnets
to compromise the social media to
influence the public opinion.
Q. Being a healthcare publication,
our readers would be interested in
healthcare specific cyber threats.
What is your opinion on the health
sector threats?
The health sector offers life critical
services. It maintains the identity and
clinical records of a large number of
patients. The following factors make
the health sector more vulnerable as
compared to the other sectors.
• IoT (Internet of Things) devices are
used extensively for the treatment of
the patients viz. smart continuous
glucose monitoring, connected
inhalers for asthma, apple watch
Identity platforms offer centralised
secure authentication of users, devices
and services across IT environment. It
could be database of banks, hospitals,
social media sites, etc.

app that monitors depression, etc.
• The doctors and patients can
connect external storage devices
and even mobile phones to the
hospital database system.
• Third-party software and hardware
are deployed which makes it
vulnerable to supply chain
poisoning.
• Most of the services provided by
the hospital are connected through
the Internet or the cloud services.
Clinical data is of immense use for the
cybercriminals and cyber terrorists.
They can use vulnerabilities in
cybersecurity in the following ways:
1. Identity theft: Medical identity
record is very useful for the cyber
criminals as it can be used to
impersonate people in the digital
world and gain access to financial
systems as well as to commit fraud
by claiming treatment or insurance
at the cost of insurance agencies and
the patients. Therefore, this data is
sold at a higher rate in the dark net
as compared to identity records of
other sectors.
2. The clinical records of the
patients may sometimes contain
their psychological disorders or
conditions, or a person may be
suffering from concealed diseases
(sexually transmitted disease etc).
The hacker may make use of such
information by blackmailing or
harassing the patients. It would
cause hardship to the patients and
would put the reputation of the
healthcare service provider/hospital
at stake which failed to protect
the patients’ identity and clinical
records.
3. Ransomware attacks on hospitals
will be on rise. The information of
the patients is mostly time critical.
If the cybercriminal denies the
access of data to hospital even for
a short span of time, it may lead to
lack of timely treatment to critical
patients and therefore, hospital
administration is not in a position
to delay the ransom payment.
4. Prescription change: In India,
majority of renowned hospitals
in metro cities are computerized.
Doctors give online prescriptions
whichimmediatelybecomeavailable
to the concerned medical staff, such
as a nurse who administers the
drug to patient. Cybercriminal scan
tamper the prescription which may
harm or even cause death of the
patient. They can cause obstruction
in oxygen supply line or failure
of electricity. They would be able
to change medical records of the
patients, which will lead to wrong
diagnosis and treatment. Not only
cybercriminals but the terrorists
can adopt the above techniques and
threaten the nations or can even
cause large scale fatalities.
Therefore, it becomes extremely
important to adequately secure the
health sector databases.
Q.Healthsectorhasseenmajorattacks
of ransomware; part of the equation
is 'money aka cryptocurrency' in
organised crime. How do we handle
this?
Being proactive about cybersecurity
is perhaps the best approach to
tackle cyber-attacks. Health sector
should form cybersecurity forum for
cybersecurity policy formulations
and mutually evaluate hospitals’
preparedness against the cyber-
attacksby ensuring adherence to the
cybersecurity policies. Additionally,
each hospital network should have
a dedicated team of IT security
professionals to guide the management
and proactively check for any cyber
invasion. The IT team should ensure
that the latest patches for all the
devices and software are installed
and there is protection from supply
chain poisoning. The system should
be equipped with features firewalls,
Intrusion Detection System, Intrusion
Protection system and processes
analytical tools among others.
The block chain techniques can also be
explored for data management and the
patient databases should be encrypted
so that the are of no use to the hacker.
Further, the hospitals must take data
backup with fast recovery plan. Regular
penetration testing of the system
should be done to eliminate potential
vulnerabilities.
Hospitals should invest in training
IT staff in cybersecurity policies and
cybersecurity technologies. Regular
analysis should be done of employees’
computer usage pattern so that any
compromised user is effectively
detected and timely removed from
using the system.There should also be
a secure access control preferably using
biometric features.
Q. Today security has become a hot
topic and world over we see that
regulation is leading change and
innovation! What is your vision for
India in the regard? What regulations
will make health sector more secure?
Or we don't need regulation?
The cybercriminals attempt to hack the
computer resources of the hospitals
by exploiting the vulnerabilities in the
computer systems. They manipulate
the stored information, steal the same
or hold it for ransom. The hospital
databases work on the trust reposed by
patients in the hospital administration
that their data will be guarded with
privacy.
Cybercriminals can be prosecuted
under various provisions of the
Indian Information Technology Act,
2000(ITA). The IT Act creates civil
liabilities for the offences under the
Act vide Sections 43 to 45, wherein
any amount of compensation can be
given to victims; it also creates criminal
liabilities vide Sections 65 to 74 of the
Act. Cybercriminals are liable to both
civil and criminal liabilities.
Hospital administration is responsible
for protecting the data and failure to
protect can result into civil liability under
Section 43A of the IT Act. However, this
section can be invoked if the breached
data results into wrongful loss to victim
or wrongful gain to cybercriminal.
Victim has to prove that there was
wrongful loss to him/her. The offences
by the intermediaries are criminalised
under Section 67C of the IT Act.
However, the same gets diluted by the

provisions contained in Section 79 of the
IT Act. Hence, the IT act doesn’t provide
absolute data security laws.
The Government of India appointed
Justice BN Srikrishna Committee for
effective data protection laws in India.
The committee submitted the Draft Data
Protection Bill, 2018 to the government
in July 2018. It will be introduced in
parliamentaftertheforthcomingelections
in India. The Government of India is
also planning to introduce “The Digital
Information Security in Healthcare Bill”
in the parliament to secure the healthcare
data of patients in India.
Q. As the cyber incidents keep rising
and legal regime catches up, what
is your opinion on our abilities in
investigating cybercrime? As you
know attribution and audit trail are
not the easiest in cyber world, any
advice for stakeholders, so that they
are not wrongly prosecuted or get
justice on time?
As per the Section 78 of the IT Act, 2000,
a police officer of the rank of Inspector
and above is authorised to investigate
the offences under the IT Act. This is
to ensure the quality of investigation.
However, all Inspectors in police are
not trained in cybercrime investigation.
Further, complexities of computer
technology, tools and methodology
used by cyber criminals make it difficult
even for a trained person to keep pace
with the development in this field.
Police organizations don’t employ
external cyber experts to aid in
investigation. Each police officer
investigating the case seeks help from
other expert police officers or cyber
experts of his/her choice. Therefore,
institutional help is lagging.
There is also dearth of cyber experts in
forensic science laboratories, resulting
into delays of months and years in
getting reports from them which can
compromise the further evidence
leading from forensic analysis of seized
electronic material. During my tenure
in the Enforcement directorate, I found
this delay to be of 1 to 3 years, therefore,
I initiated six in-house cyber forensic
labs. This led to the cyber forensic
analysis done at a quicker pace also
improving the quality of investigation.
The next hurdle is the global spread of
evidences into other jurisdictions. Letter
rogatory (letter of request) is sent to
each foreign jurisdiction for getting the
evidences located in that jurisdiction.
The process is slow and it may take 3
to 4 years in getting reply. If that reply
further requires evidences from another
foreign jurisdiction then another 3-4
years are gone. Therefore, the entire
investigation is time-consuming.
The investigation become further
complicated if Tor or onion routing is
employed by cyber criminals. Finding
the cybercriminal in this scenario
becomes more difficult.
The IP address (internet protocol) and
the time of its use, identify uniquely
the source of attack. However the
cybercriminal may commit cyber-
attack through Bot or botnet. In that
case, the IP address will lead the
investigation officer to slave machine,
even though user of this machine
would have no knowledge of misuse
of his computer resources. If the
investigating officer doesn’t go into
depth of log analysis of such system,
then the innocent people might have to
face false prosecution. The stakeholders
should ensure all logs are maintained
and stored by his computer system
so that audit trail can lead to actual
perpetrator of cyber-attack.

L
ikewise, the global trends, the
growth of Internet in India
is incredibly fast-paced, with
an estimated addition of 10
million active users each month. Along
withtheincreaseinnumberofusers,the
adoption rate of going digital by various
stakeholders in our society is also
growing exponentially. Unfortunately,
this also increases our vulnerability to
potential hacks or security breaches
that come from individual hackers to
organized groups to even attacks from
nation states. Cybersecurity, thus,
entails protection of our cyberspace,
and all the critical infrastructures
like banking and finance, defense,
healthcare, manufacturing, nuclear
reactors and commercial facilities
from being target to any sort of attack,
damage, misuse or act of espionage.
The healthcare industry is particularly
vulnerable to cyber threats not least
because of the minimal amount of
investment they put in cybersecurity
measures. Hospitals, insurance
companies, pharmacies, developers/
owners of healthcare websites,
manufacturers of medical devices, or
handsets, or third-party vendors to
which sensitive patient data gets shared;
all represent a leaky pipeline through
which hackers can enter a system and
cause extensive damage. The types of
attacks can include access to patient’s
medical history, prescriptions, financial
and personal details or using the
Internet of Medical Things to disrupt
implanted medical devices or devices
like drug infusion pumps. Healthy
cybersecurity practices have, therefore,
never been more important than
today when a ransomware attack like
WannaCry has the potential to literally
shut down a country’s (UK) National
Health Service.
WHERE INDIA STANDS TODAY?
According to the International
Telecommunication Union (ITU),
a UN telecommunications agency,
India ranked 23rd amongst 165
nations on the Global Cybersecurity
Index (GCI) in 2017. GCI ranks
nations for their commitment towards
cybersecurity using various measures
- legal, technical, organizational,
capacity building, and cooperation.
With the rapid rise in cyber threats,
Cybersecurity: Trends, Challenges,
and Threats in Healthcare
Written by DR. URVASHI (RAHEJA) BHATTACHARYYA
THEME

India’s growing investment in
protecting its data is absolutely a
positive development. Nevertheless,
a quick look at the current statuson
cybersecurity and data protection laws
in India highlights the gap we must
fill in as we move towards complete
digitizing of various infrastructures in
the 21st century.
For instance, it was last in 2000
when the legal provisions related to
cybersecurity were formulated in the
Information Technology Act (ITA),
when the nature of threats revolved
only around viral or malware attacks.
The ITA was later amended in 2008
and now deals with cybercrimes such
as hacking, tampering, data or identity
theft, cheating, phishing, etc. Sections
43 and 63–74 provide provisions for
civil and criminal prosecution in case
of different cyber offences. The ITA
requires entities holding private data
of users to maintain specified security
standards and provides provisions to
users for airing grievances in case of
data breach.
India established its first cybersecurity
policy - the National Cyber Security
Policy (NCSP), in 2013, after much
mayhem caused by Edward Snowden’s
allegations of NSA snooping on India.
The policy designated CERT-In (Indian
Computer Emergency Response Team),
a national nodal agency to respond to
and analyze incidents of cybersecurity
breaches. CERT-In provides alerts
of cybersecurity incidents, conducts
emergency measures for handling
such incidents, coordinates necessary
responseactivitiesandissuesguidelines,
etc., regarding cybersecurity measures.
In case of data breach, an organization
holding confidential user data must
report to CERT-In promptly.
HEALTHCARE SPECIFIC
PROVISIONS
While the above-mentioned
regulations provide a general legal
cybersecurity framework for all the
organizations, no separate provisions
are in place viz a viz the healthcare
sector. India decided to fill-in this gap
last year when the Ministry of Health
and Family Affair, the Government of
India proposed the Digital Information
Security in Healthcare Act (DISHA)
and placed it in public domain on 21
March 2018 for comments by various
stakeholders. DISHA aims to ensure
reliability, data privacy, confidentiality,
and security of digital health data. The
act, applicable to entire India except
for Jammu and Kashmir, establishes
eHealth Authorities and Health
Information Exchanges at the state and
national levels while also outlining the
guidelines on standardizing/ regulating
the processes related to collection,
storing, transmission and use of digital
health data (DHD) in India.
Accordingly, DHD means any
electronic record of health-related
information
• concerning physical or mental
health of a person
• on any health service provided to an
individual
• on donation of any body part of any
bodily substance
• derived from testing or examination
of a body part or bodily substance
• collected during providing health
services
• relating to details of the clinical
establishment accessed by a person
DISHA also specifies the rights of the
owner of digital health data, outlines
the purposes for which DHD can be
collected and explicitly mentions all
clinical establishments holding DHD to
be duty-bound in maintaining privacy
and confidentiality of the patient’s data.
Importantly, DISHA touches upon what
constitutes a breach of digital health
data, compensation in the event of one
happening and what punishments an
individual or a company might face if
convicted of a cybercrime.
MARCHING AHEAD
The breach of data far more often in the
healthcare sector compared to other
sectorshighlightsthevalueofinformation
stored in digital health records. It is,
therefore, important that cybersecurity
takes precedence for all the healthcare
providers. Proactive measures include
identifying likely targets, securing and
updating systems in a timely manner,
constant monitoring for malwares or
security breaches and reinforcing good
user behavior among the employees.
Similarly, the response to data breach
incidents needs to be swift to minimize
the extent of damage when a cybercrime
occurs. Like the adage, ‘prevention is
better than cure’, the healthcare providers
also have a necessary task ahead of
themselves to up their security measures
in accordance with the current legal
framework, before a patient’s data or
trust gets compromised.
Dr. Urvashi (Raheja) Bhatta-
charyya is a Senior Research Ana-
lyst at StudyMode. She indulges in
machine-learning methods dur-
ing office hours and enjoys writing
about healthcare and education in
her free time.

Cybersecurity
Business Evangelist
H
ealthcare data breaches
have risen nearly
every year from 2010
through 2019 and the
security risks jeopardize hundreds
of millions of patients records.
Although physical theft used to be
the data breach method of choice,
now hacking has become the most
prevalent method. This partly
stems from more information being
stored electronically and network
servers becoming a more attractive
hacking target.
However, much like the rest of the
world, healthcare organizations
are shifting work to cloud services
in order to improve accessibility
and patient care. The migration
of these workloads and moving
valuable information such as PHI
(personal health information)
and PII (personally identifiable
information) to the cloud has also
led to cybercriminals taking a
particular interest in the industry.
Having shifted workloads to the
cloud, healthcare organizations have
highly connected systems that run
the risk of being deeply affected even
if the attack takes place on smaller,
partial systems. In other words, a
cyberattack in one place could bring
down the entire system. In May
2017, the WannaCry ransomware
attack forced multiple hospitals
across the United Kingdom to turn
away ambulances transporting
patients and cancel surgeries that
were within minutes of starting.
Even basic processes like admitting
patients and printing wrist bands
were compromised.
The number of ransomware and
other malware attacks is rising
incredibly fast in the healthcare
industry, putting human lives as
well as critical data at risk.One of
the key aspects making healthcare
organizations a top target is the
value of their data. Commonly, a
single stolen credit card number
yields an average $2,000 profit
and quickly becomes worthless.
Healthcare data, however, such as
Asorganizationsseektoprotecttheir
patientinformationfromthesegrowing
threats,demandforhealthinformatics
professionalswhoarefamiliarwiththe
currentstateofcybersecurityinhealthcare
isontherise.
Written by KRIS SEEBURN

PHI or PII, is extremely valuable
on the black market.
A single PHI file, for example, can
yield a profit of up to $20,000. This
is mainly because it can take weeks
or months for a healthcare data
breach to be discovered, enabling
cybercriminals to extract much
more valuable data. Moreover,
because healthcare data can contain
dates of birth and Social Security
numbers, it is much more difficult
or even impossible to change, so
thieves can take advantage of it for
a longer period of time.
Data breaches cost the healthcare
industry approximately $5.6 billion
every year, according to Becker’s
Hospital Review. The Breach
Barometer Report: Year in Review
additionally found that there was
an average of at least one health
data breach per day in 2016, attacks
that affected more than 27 million
patient records.
The continued underinvestment
in cybersecurity has left many so
exposed that they are unable to
even detect cyberattacks when
they occur. While attackers may
compromise an organization within
a matter of seconds or minutes, it
often takes many more weeks – if
not months – before the breach is
detected, damage is contained and
defensive resources are deployed
to prevent the same attack from
happening again.
As organizations seek to protect
their patient information from
these growing threats, demand for
health informatics professionals
who are familiar with the current
state of cybersecurity in healthcare
is on the rise.
“So, What is Wrong With
the Picture?”
The base question to ask is “Who
would be interested in hacking
patient data?” It is precisely this
attitude together with the rate
at which healthcare refreshes
its technology that exposes
healthcare organizations to a high
risk of cyber-attack. The fact that
makes the industry appealing
to hackers: ransom for money;
denial of service for malice and
money; stealing confidential data;
compromising data; identity theft
and compromising devices. The
scale of disruption and impact
to busy healthcare settings
already operating at capacity
caused by a cyber-attack needs
no explanation. The reality
covers the four main domains:
• Leadership: Ownership of the
issue
• Culture/Staff responsibility/
awareness: Training and
awareness of cybersecurity and
its related implications
• Policies and procedures:
Understanding of business
continuity processes and
incident response procedures
• General cybersecurity
knowledge: Use of fundamental
security processes that are
currently followed within
the organization to mitigate
security breaches, e.g., use of
USB, on- and off-boarding
processes, password policies,
organizational asset register,
and so on.
The Challenges
The newest cyber vulnerabilities
are not necessarily an organization’s
biggest cyber threat. Consequently,
many common threats continue
to be problematic in healthcare,
including:
• Malware and ransomware:
Cyber criminals use malware
and ransomware to shut down

individual devices, servers or
even entire networks. In some
cases, a ransom is then demanded
to rectify the encryption.
• Cloud threats: An increasing
amount of protected health
information is being stored
on the cloud. Without proper
encryption, this can be a weak
spot for the security of health
care organizations.
• Misleading websites: Clever cyber
criminals have created websites
with addresses that are similar
to reputable sites. Some simply
substitute .com for .gov, giving the
unwary user the illusion that the
websites are the same.
• Phishing attacks: This strategy
sends out mass amounts of
emails from seemingly reputable
sources to obtain sensitive
information from the users.
• Encryption blind spots: While
encryption is critical for
protecting the health data, it can
also create blind spots where
hackers can hide from the tools
meant to detect breaches.
• Employee error: Employees can
leave healthcare organizations
susceptible to attack through
weak passwords, unencrypted
devices and other failures of
compliance.
Another growing threat in
healthcare security is found in
medical devices. As pacemakers and
other equipment become connected
to the internet, they face the same
vulnerabilities as other computer
systems.
How are Hackers Achieving this,
You Would Ask?
Hackers usually access information
in one of two ways. They can try
‘social hacking’, which means tricking
a human being into giving over
sensitive information or security
credentials which in turn allows
access to sensitive information. This
could happen by tricking either
someone who works directly for the
provider, or an outside contractor.
An unsophisticated example could
be, ‘Hi, I am an IT provider for your
company, and I need to carry out
some maintenance, could you please
provide these sensitive details for me?’.
The second way is brute force:
directly attacking a security system.
Once Hackers Get Access to The
Data, What Do They Do with It?
In some cases, hackers access
sensitive data, extract it, and lock
it off. They can then sell it back to
the company. If the company does
not have backups, buying it back is
probably the only viable option. The
alternative is for them to lose all
records of their patients which they
will never be able to replace.
Another possibility, is hackers
stealing data and selling it to the
Anothergrowingthreatinhealthcare
securityisfoundinmedicaldevices.
Aspacemakersandotherequipment
becomeconnectedtotheinternet,they
facethesamevulnerabilitiesasother
computersystems.

public. The information may be
sold to criminal groups on the
dark web who wish to use sensitive
information for blackmail or fraud
purposes.
What Can the Healthcare
Industry Do to Mitigate Cyber
Threats?
The industry must realize that
cybersecurity is human-centric.
Gaining insight into the users'
behavior, for example, or the flow of
data in and out of the organization
improves risk response.
Additionally, the industry should
be aware that cybersecurity isn't
just the responsibility of the IT
department: everyone should
be aware of the risks, from
management down to brand-new
contract staff.
Healthcare security professionals
need to understand the threats
they face and the regulations they
must comply with, and they must
be provided with best practices
for strengthening cybersecurity
defenses. This means implementing
comprehensive security awareness
training that educates all people on
current threats, red flags to look for
in an email message or web link,
how to avoid infection, and what
to do in case of an active exploit.
And since the threat landscape is
constantly changing, training should
be repeated and updated regularly.
Furthermore, implementing the
right cybersecurity measures, such
data loss prevention, user behavior
analytics, and endpoint security
technologies, will further protect
an organization's infrastructure
and patient data from ransomware
attacks. By creating a system that
guards the human point — where
people interact with critical business
data and intellectual property — and
takes into account the intersection
of users, data, and networks, the
healthcare industry can improve its
cyber threat protection.
In Simple Terms: How Do We
Improve Cybersecurity?
Due to the significant financial
impact of data breaches in health
care, health informatics and other
professionals need to play an
important role in ensuring that
medical organizations remain
secure. Individual healthcare
organizations can improve their
cybersecurity by implementing the
following practices:
• Establish a security culture:
Ongoing cybersecurity training
Anotherpossibility,ishackersstealing
dataandsellingittothepublic.The
informationmaybesoldtocriminal
groupsonthedarkwebwhowishto
usesensitiveinformationforblackmail
orfraudpurposes.

and education emphasize
that every member of the
organization is responsible for
protecting patient data, creating
a culture of security.
• Protect mobile devices: An
increasing number of health
care providers are using mobile
devices at work. Encryption
and other protective measures
are critical to ensure that any
information on these devices is
secure.
• Maintain good computer
habits: New employee on-
boarding should include training
on best practices for computer
use, including software and
operating system maintenance.
• Use a firewall: Anything
connected to the internet should
have a firewall.
• Install and maintain anti-virus
software: Simply installing
anti-virus software is not
enough. Continuous updates are
essential for ensuring health care
systems receive the best possible
protection at any given time.
• Plan for the unexpected:
Files should be backed up
regularly for quick and easy data
restoration. Organizations must
consider storing this backed-up
information away from the main
system if possible.
• Control access to protected
health information: Access to
protected information should be
granted to only those who need
to view or use the data.
• Use strong passwords and
change them regularly: The
Verizon report found that 63
percent of confirmed data
breaches involved taking
advantage of passwords that
were the default, weak or stolen.
Healthcare employees should
not only use strong passwords,
but ensure they are changed
regularly.
• Limit network access: Any
software, applications and
other additions to existing
systems should not be installed
by staff without prior consent
from the proper organizational
authorities.
• Control physical access: Data
can also be breached when
physical devices are stolen.
Computers and other electronics
that contain protected
information should be kept in
locked rooms in secure areas.
Alertsoralarmsshouldbedesignedto
detecteventsequenceswithpotentially
negativeconsequences.Statistical
andanomalydetectionmethodsare
particularlygoodforthesepurposes,as
arerule-baseddetectionmechanisms.

How to Defend Against the
Growing Threat?
Deterrence, prevention, detection
and response all have their place.
Prevention is preferable to
detection and reaction. But without
data collection, an organization
cannot successfully detect or react
to anything.
Alerts or alarms should be designed
to detect event sequences with
potentially negative consequences.
Statistical and anomaly detection
methods are particularly good for
these purposes, as are rule-based
detection mechanisms.
Security information and event
management or log management tools
can augment data collection efforts.
In addition to deploying
technology tools to help defend
against and detect intrusions, it's
important to formally define roles
and responsibilities for incident
response. Organizations need to
document procedures that specify
what the response team should do
if there's an incident and test those
procedures periodically.
It's not just one technology, it is
multiple technologies in order to
repel these highly sophisticated
and organized attacks. That
includes deploying SIEM, as well as
multifactor authentication to enter
critical systems.
The Internet is increasingly a swamp.
It's no longer sufficient to just look
at standard security logs. You need
integrated security information event
management that brings together
network logs, users log, application
logs and server logs, and looks for non-
obvious associations.
In Conclusion
To improve cybersecurity in health
care, organizations need to hire
informatics professionals who not
only collect, manage and leverage
data, but protect it as well. In
addition, health data professionals
need to on a continuous basis develop
new strategies and best practices to
ensure the safety of sensitive health
data, protecting both the patient
and organization from financial loss
and other forms of harm.We know
that reaching 100% security against
cyberattacks is not realistic but, with
a few steps, healthcare organizations
can make sure that it's too complex
or unprofitable for threat actors to
attack them, which will result in
them moving on to another target.
It'snotjustonetechnology,itismultiple
technologiesinordertorepelthese
highlysophisticatedandorganized
attacks.ThatincludesdeployingSIEM,
aswellasmultifactorauthentication to
entercriticalsystems.
Kris Seeburn is an enterprise
trainer and a member of
Advisory Board of The New
Security Foundation, Member
of The American College of
Forensic Examiners Institute
of Forensics Science

M
cAfee’s researchers
were able to modify
the vital sign data in
real-time providing false
information to medical personnel by
switching the heartbeat records from
80 beats a second to zero within five
seconds. You would have woken up
to news that Medstar patient records’
database was subject to ransom ware
cyberattack and was asked to pay
bitcoins. Unfortunately, the hospital did
not have backup of medical records and
in some cases, they had to turn away the
patients. These incidents, unfortunately,
are not stray incidents.
There are various technologies
converging and a rapid increase in
machine-to-machine communications.
It is predicted that by 2025, most
hospitals will have the ability to network
connect more than 90% of their devices.
However,manyhospitalsareyettomake
their data security systems extremely
robust. Data privacy and data security
are the two important pillars that need
urgent consideration. Just as financial
data is loved by the cyber criminals, so is
health data becoming a gold-mine with
the cyber offenders. Specially so when
the hospitals are run on legacy systems
and there is no dedicated framework or
surveillance on their own data.
Personally, identifiable data is an
indicator of an individual, such as
name, an identification number,
location data, an online identifier or
to one or more factors specific to the
physical, physiological, genetic, mental,
economic, cultural or social identity of
that natural person.
Several cyberattacks on medical
institutions are initiated to extract
the electronic health records (EHRs)
of patients. These EHRs may contain
their personal health information,
medical history, diagnosis codes,
billing information, etc., which can
be exploited by the cyber offenders in
various manners, for instance to get
ransom from the medical institutions
or to create fake IDs to buy medical
Cybersecurity: The Vulnerability
of Medical Institutions to
CyberAttacks
Written by MANAS INGLE AND SHARDA BALAJI

equipment(s) or medication which
can be resold or exclusively sold on
prescription.
Take this example. On 12 May 2017,
a global ransomware attack, known
as WannaCry affected more than
200,000 computers in at least 100
countries. The ransomware attack also
affected 80 out of 236 trusts (medical
institutions under NHS) and further
603 primary care and other National
Health Service (“NHS”) organisations
were infected with the ransomware
virus including 595 general
practitioners. The trusts which were
affected with WannaCry ransomware
faced issues like patient appointments
being cancelled, computers being
locked out, diversion of patients
from accidents and emergency
departments, etc.
As reported in the investigation
report on the WannaCry ransomware
attack on NHS, published by the
National Audit Office (“NAO”, an
independent parliamentary body
in the United Kingdom), all NHS
organisations infected with the
WannaCry virus had unpatched or
unsupported Windows operating
systems. NHS Digital (a national
provider of information, data and IT
systems for commissioners, analysts
and clinicians in health and social
care in England) informed the NAO
that the ransomware spread via the
internet, including through the N3
network (the broadband network
connecting all NHS sites in England),
though there were no instances of the
ransomware spreading via NHSmail
(the NHS email system).
In India, as reported by multiple news
agencies, last year in the month of June,
the Mahatma Gandhi Memorial (a
trust-run hospital) hospital, Mumbai
(MGM Hospital) was affected by a
similar cyber-attack where the hospital
administrators found their systems
locked and noticed an encrypted
message by the attackers demanding
ransom in Bitcoins to unlock it. It was
reported that the MGM Hospital had
lost 15 days’ data related to billing and
patients’ history, though the hospital
didn’t face any financial loss.
Once these cyber offenders have access
to the EHRs, they hold the systems of
the medical institutions hostage for
ransom, by encrypting all the systems
completely inaccessible and unusable
for the victimised medical institutions.
The vulnerability to such cyberattacks
may account to various reasons, such as
outdated digital infrastructure, medical
personnel unaware or untrained about
cyberattacks. Cyber offenders may
gain access to medical institutions’
systems through various ways and
sometimes as simple as (a) using a
USB drive; (b) exploiting vulnerable
or expired software, (c) stealing
medical personnel’s mobile devices,
(d) hacking email or (e) phishing, etc.
It is time that our healthcare providers
upgrade their technologies, networks,
and understanding on this subject.
Regulatory bodies across the world
have suggested / adopted guidelines
and standards to ensure necessary
cybersecurity processes and controls
which help the medical institutions to
mitigate cyber risks and vulnerabilities.
In this article, we will be primarily
focusing on various safeguards and
standards put in place by the European
Union and India to deal with such
cyberattacks.
SCENARIO IN EUROPE
As a part of the EU cybersecurity
strategy, the European Commission
adopted the EU Network and
Information Security Directive (“NIS
Directive”) on 6 July 2016 and it came
into force in August 2016. As the NIS
Directive is an EU directive, every
member state had to adopt a national
legislation which would transpose
the NIS Directive by 9 May 2018
and identify operators of essential
services under the transposed law by 9
November 2018.
The NIS Directive has three major parts
to it (a) national capabilities, (b) cross-
border collaborations and (c) national
supervision of the critical sectors
including health.
(a) National Capabilities: The NIS
Directive mandates every member state
of the EU to have certain cybersecurity
capabilities, e.g., it is a mandate for
every member state to have a national
Computer Security Incident Response
Team (“CSIRT”).
(b) Cross Border Collaborations: The
NISDirectiveencouragescollaborations
between EU member states like the EU
CSIRT network, the NIS cooperation
group, ENISA etc.
(c) National Supervision of Critical
Sectors: As per the NIS Directive,
every member state shall supervise the
cybersecurity of critical market sectors
in their respective country including
health sector.

Further, as a part of the NIS Directive
the NIS cooperation group through
ENISA has developed guidelines
regarding (a) identification criteria of
cyberattacks, (b) incident notification,
(c) security requirements for Digital
Signal Processors (DSPs), (d) mapping
of operators of essential services (OES)
security requirements for specific
sectors including health and (e) audit
and self-assessment frameworks for
OESs and DSPs.
With a view to prescribe certain
standards of safety and quality,
three recognised EU standards
organisationsnamely(a)theEuropean
Committee for Standardisation
(CEN), (b) the European Committee
for Electro-technical Standardization
(CENELEC) and, (c) the European
Telecommunications Standards
Institute (ETSI) were set up. By
setting common standards across
EU, CEN, ETSI and CENELEC
ensure protection of consumers,
facilitate cross-border trade,
ensure interoperability of goods/
products, encourage innovation and
technological development, and
include environmental protection
and enable businesses to grow.
The General Data Protection
Regulations (“GDPR”) specifically
define ‘data concerning health’, ‘genetic
data’ and ‘biometric data’ and regards
them as ‘special category of data’. This
means that parties who are processing
special category of data shall comply
with additional higher safeguards and
process it legitimately. Recital 53 of
the GDPR states that special categories
of personal data which merit higher
protection should be processed for
health-related purposes only.
THE INDIAN SCENARIO
Personal medical/health information
in India is regarded as sensitive
personal information as per the
Information Technology (Reasonable
Security Practices and Procedures
and Sensitive Personal data or
Information) Rules, 2011 (“Rules”).
The Indian legislature took an important
step for addressing issues relating to
cybersecurity when it amended the
Information Technology Act, 2000 in
2008, through which they established an
Indian Computer Emergency Response
Team (CERT), a national agency for
incident response. CERT is primarily
responsible for handling cybersecurity
incidents occurring in India and
analysing information related to cyber-
crimes, but among other things CERT
is also indulged in issuing guidelines,
advisories, vulnerability notes and white
papers relating to information security
practices, procedures, prevention,
response and reporting of cyber incident.
CERT-India has been entrusted
with performing the following main
functions (a) collecting, analysing and
disseminating of information on cyber
incidents, (b) forecasting and giving
alerts on cybersecurity incidents, (c)
laying down emergency measures for
handling cyber security incidents, (d)
coordinating cyber incident response
activities, (e) issuing guidelines,
advisories, vulnerability notes and white
papers relating to information security
practices, procedures, prevention,
response and reporting of cyber
incidents, and (f) performing any other
functions relating to cybersecurity as
may be prescribed.
CERT-India in the last five years or
so has focused on making various
institutions who are highly dependent
on cyber/digital networks, i.e. are
‘cyber resilient’. Being cyber resilient
allows these institutions to effectively
anticipate the various threats and figure
out the mechanisms of dealing with the
cyberattacks. Anticipate, withstand,
contain and recover are the 4 main
contours of being cyber resilient .
• Anticipate: Maintain a state of
informed preparedness to forestall
compromises of mission/ business
functions from adversary attacks
• Withstand: Continue essential
mission/business functions despite
successful execution of an attack by an
adversary
• Contain: Localize containment of
crisis and isolate trusted systems from
untrusted systems to continue essential
business operations in the event of
cyberattacks
• Recover: Restore mission/business
functions to the maximum extent
possible subsequent to successful
TheGeneralDataProtectionRegulations
(“GDPR”)specificallydefine‘data
concerninghealth’,‘geneticdata’and
‘biometricdata’andregardsthemas
‘specialcategoryofdata’.

execution of an attack by an adversary
• Evolve: To change missions/business
functions and/or the supporting cyber
capabilities, to minimize adverse
impacts from actual or predicted
adversary attacks
To strengthen the framework and
ensure that reasonable security
practices and procedures are followed,
the Department of Information
Technology introduced certain rules.
The rules require each and every
corporate body including medical
institutions who collect sensitive
personal information to have security
measures as documented in their
security policy/programme which is
considered to be a reasonable security
practice, keeping in mind the nature
of their business and considering
the fact that they are collecting
sensitive personal information.
One such international standard as
recommended under the Rules is the
IS/ISO/IEC 27001.
Taking a step further, the Ministry of
Health and Welfare has introduced
a draft bill for Digital Information
Security in Healthcare Act (“DISHA”).
One of the key purposes of DISHA
is to ensure reliability, data privacy,
confidentiality and security of digital
health data. DISHA prescribes that the
storage of digital health data so collected
would be held in trust for the owner
and the holder of such data would be
considered as the custodian of data,
thereby making such holder responsible
to protect privacy, confidentiality and
security of data.
To bring it all together:
Majority of the cyberattacks reported
worldwide are caused due to reasons
which sometimes are trivial and perhaps
ignored more often, such as outdated
Windows operating system patch, lack
of proper antivirus or reasons such as
phishing, lack of awareness among the
people about cybersecurity, etc.
The EU, through GDPR has made data
security an integral part of law and
India is taking strong steps to set up a
robust data protection and data security
law. Various regulations, programmes,
codes, standards, etc., discussed in this
article are some key indicate steps that
can be implemented.
Law is just one part to solve the issue.
The real question is who is responsible
for safety of our personal data,
commercial data, data assets, etc.? We
secure our houses with a lock, burglar
alarms, video cams because the house
owner wants to protect it. Similarly,
individuals, organizations, healthcare
personnel, hospitals and other
institutions who collect health data for
multiple reasons should be aware of
various cyber-threats and must take
steps to safeguard their networks and
systems from such threats.
CERT is also indulged in issuing
guidelines, advisories, vulnerability notes
and white papers relating to information
security practices, procedures, prevention,
response and reporting of cyber incident.
Sharda Balaji is the founding
partner of NovoJuris Legal,
and along with being a quali-
fied lawyer is also a company
secretary and has been at the
core of evolution of technol-
ogy and IT laws in India.
Manas Ingle is a legal asso-
ciate at NovoJuris Legal and
works as a technology lawyer,
where he deals with various
legal projects relating to data
protection, AI, IoT, health-
tech, med-tech etc.

NOVIOSENSE....THE DEVICETHAT CAN
BE KEPT INTHE EYESTO MONITOR SUGAR LEVELS
LATEST INNOVATIONS!
IEEE spectrum has discovered
a recent study that seems
promising for the Dutch startup
Noviosense’s own wearable
glucose monitor that measures
tears by sitting in one’s lower
eyelid. The result was close to 95%
accuracy to the levels of glucose as
recorded in blood.Therefore, the
newly developed glucose monitor
can be placed in the lower eyelid
to measure glucose level in tears.
It works by tapping into basal tears
or a continuous stream of tears
that do not require stimulation.
The spring coil can rest in the
eyelid for long periods and will
not be displaced even if users’ rub
their eyes.
Though the innovation seems to be
anothermilestoneinthemanagement
of diabetes which presently is painful,
inconvenient or sometimes tedious
but the study had a drawback. The
sample size consisted of only six
people. Noviosense will need to
conduct more tests to further prove
the device’s validity and reliability.
SOURCE: timesofindia.
indiatimes.com
T
he US Patent and Trademark
office has recently granted
a patent to the Cupertino,
California-based technology
company that would help the Apple
watch to monitor the ultraviolet
light exposure or in other words
use a UV light sensor to detect if
a user is outdoors and how much
he/she has been exposed to the
harmful ultraviolet radiation.
The system provides the
information regarding the total
exposure to UV light either via a
text message or an alert including
guidance on preventive measures
if the levels are excessively high.
The data from the sensors is first
fed into an analyser. The analyser
compiles the total exposure time
and amount of UV light the user
has been exposed to and then alert
the user.
Furthermore, the patent suggests
that the UV index value and the total
amount of exposure to the UV rays
would be combined to determine
if the user stands at a risk of skin
damage and guiding the users for
appropriate preventive measures
to minimise the damage.
Additionally, the smartwatch
would also feature an ambient light
sensor and an infrared light sensor
that would be used to determine
the amount and state of light the
user is getting exposed to.
The new feature would add various
health benefits associated with
the new Apple watch series 4
which can help prevent sunburns,
premature skin ageing and even
skin cancer by keeping a track on
the UV rays exposure time.
The new Apple watch also has
a feature named ‘Fall Detection’
that will alert emergency contact
numbers in one’s mobile phone in
case the user meets with a hard
fall.
The new watch also has an electric
heart sensor to send across low
heart rate notifications and faster
heart rate reading. The watch will
also immediately notify the user
about the user’s abrupt heart rate
for when one’s temper is going
haywire requiring the user to
cool down the mind. The electric
heart sensor is capable of taking
an electrocardiogram using the
ECG app which by now should be
available in the US as it was already
approved by the FDA in 2018.
SOURCE: www.sciencenews.org
APPLE WATCH CAN SOON PREVENT SKIN CANCER,
PREMATURE SKIN AGEING AND SUNBURNS
TRENDS

According to a recent research
published in the Food Analytical
Methods Journal, IIT Hyderabad
has developed a sensor-chip based
detector system to detect adulteration
in milk. This helps to measure
the pH levels of milk through an
indicator paper that changes colour
due to acidity of the milk. Currently,
methods like chromatography and
spectroscopy are used to detect
milk adulteration, which are quite
expensive, so the researchers at IIT
used a relatively cost-effective process
called ‘electrospinning’ to produce
halochromicpaper-likematerialmade
of nano- sized nylon fibres and loaded
it with a combination of three dyes.
They have also developed algorithms
thatcanbeincorporatedonthemobile
phones to accurately detect the colour
change. The algorithm captured the
colours of the sensor strips after
dipping in milk using the mobile
phone camera and the data was
then transformed into pH ranges. On
testing with milk spiked with various
combinations of contaminants, they
found near-perfect classification with
accuracy of 99.71%.
In order to get comprehensive milk
quality check systems that can be
incorporated in mobile phones or
any other hand aids the team now
aims to study the effects of mobile
phone cameras and lighting on
detection efficiency and hopes to
develop sensors for other physical
properties like conductivity and
refractive index and integrate
them with the pH detection unit.
SOURCE: www.timesnownews.com
SENSORSTO DETECT MILK ADULTERATION......
A
recent study conducted
on three people, two men
and a woman with paralysis
below the neck reveals how they
were able to use unmodified
computer tablets to text friends,
stream music and browse the
internet using an electrode array
system called BrainGate2. This is
a type of device that eavesdrop
on neural activity of those who
are paralysed and helps them to
perform the above said activities.
The results of this study show that
neural signals can be harnessed to
directly allow movement and were
published in the November 2018
issue of PLOS One.
The three people involved in
the study had electrode grids
implanted over part of their
motor cortex, an area of the brain
that helps control movement
which picked up neural activity
indicating that the participants
wanted to move the cursor. Those
patterns were then sent to a
virtual mouse that was wirelessly
paired to the tablet. These three
people used nothing more than
their intentions to move the cursor
to perform seven common digital
tasks including web browsing,
sending e-mails. One participant
looked up orchid care, ordered
groceries online and even played
a digital piano. The system even
allowed two participants to chat
with each other in real-time.
The USP of this study is that
the researchers used tablets
with standard settings and no
modifications, shortcuts, or
alterations of features to make
typingornavigationeasieralthough
a few basic tweaks could make
the system even more accessible to
the users.
The findings could have a major
impact on the lives of those who
are affected by some neurologic
disease, injury or limb loss.
The results of this study
demonstrate how communication,
mobility and independence can
be partially restored to those with
otherwise limited control over
their environment. There is also
no dire need to use expensive or
specialised equipment for such
cases making it readily available to
more such candidates.
SOURCE: www.dailymail.co.uk
BRAIN IMPLANTS LET PARALYZED PEOPLE USE
TABLETSTO SENDTEXTS AND STREAM MUSIC

R
esearchers at MIT and the
European Space Agency
have developed a smart
toilet called “ FITLOO “ which
screens human waste such as
urine to detect diseases like
cancer and diabetes. This is a
high-technology toilet that has
sensors to track changes in one’s
glucose levels to detect signs of
diseases along with the warning
signs of cancer. On detection, it
sends the data gathered directly
to the users’ smartphones to
monitor health. It is also based
on automated sample testing
technology used by astronauts
aboard the International Space
Station to monitor their health.
Experts at the European Space
Agency and MIT have teamed
up with sanitation specialists to
create the FitLoo. The high-tech
lavatory will screen urine for the
presence of extra proteins and
glucose, gathering data through
sensors located inside the bowl.
These will detect fluctuations in
levels of these substances and
presence of other markers that
might be an early warning sign
of cancer or diabetes. The data
gathered could then be beamed
on the users’ smartphone or even
directly to general practitioners
so that they can keep a close eye
on their patients.
Smart toilets are already present
in countries like Japan with
a focus on greater comfort
and hygiene with additional
features like warm-water
washing, air drying and heated
seats. Companies like Toto and
Matsushita have released Wi-Fi-
connected toilets that measure
body mass index, biochemical
makeup (sugar, protein), flow
rate and temperature of urine.
In a similar direction of work, the
scientists at Stanford University
have also developed a colour-
changing paper test that can
detect diseases or spot signs of
a urinary tract infection with the
help of a smartphone camera.
All these works are the space of
preventive healthcare and the
idea is that people will connect
their phone to the toilet and get
information about their health.
If anything is of concern, they
would seek their doctor’s help
for more detailed tests and retain
their good health in time.
Researchers also state that by
putting these sensors in public
toilets would allow health officials
to track and gather data on
prediction of spread of diseases in
communities, giving an important
early warning of outbreaks.
SOURCE: www.inshorts.com
FITLOO: MIT’S SMARTTOILET
DETECTS CANCER, DIABETESTHROUGH URINE
T
he UK-based Med Tech Startup Test Card
has created a postcard- sized urine test
that can be done at home and is very much
similar to a pregnancy test, which is analysed by an
accompanying app to provide immediate results.
The postcard has an embedded, pull-out urine
test. The urine test has no electronic component
involved in its usage. The postcard test is likely to
be launched in the UK in April 2019. In the near
future, TestCard also plans to screen diabetes
products in India.
SOURCE: wwwnewsshorts.in
TESTCARD: A CARD-SIZED URINETEST AT HOME

R
esearchersattheDepartment
of Electronics and Electrical
Communications, IIT
Kharagpur have recently developed
a decision support system to
diagnose cancerous tumours and
other diseased tissues in human
lungs. While one system can
refer to CT scan images to detect
lung nodules and test them for
the possibility of malignancy,
the second software can detect
interstitial lung disease patterns in
chest HRCT images. The team has
successfully tested both software
systems at AIIMS, New Delhi with
a success rate higher than 80%.
The advantages of these newly
developed systems include
their use of non-invasive and
comparatively affordable methods
of image analysis that would
aid the radiologists to identify
malignancies by reading growth
in the lung nodules. The system
can also identify interstitial
disease patterns in HRCT images
showing the lung tissue texture.
Another added benefit is that
the reference point is India-
centric, i.e. the medical image
scan database used for reference
is taken from the Indian patient
population. Data has been taken
from PGIMER Chandigarh; mainly
biopsy cases and foreign database
such as LIDC-IDRI and MedGIFT
ILD have been used.
The malignancy detecting tool
detects a lung nodule, segment
the nodule and provides a way
to modify segmentation, retrieve
similar nodules from the database
with their report assess the
chances of malignancy of the
nodule in question based on the
retrieval results. The ILD tool
is developed by incorporating
feedback from expert radiologists
to make it easy to use for non-tech
savvy clinicians. The software has
important modules like automatic
segmentation of lung boundary,
retrieval of similar segments from
the database with their report
and assess the probability of
the pathological segment to be a
particular ILD category based on
the data retrieved. The mapping
of disease is performed by doctors
based on the ILD pattern and
clinical inputs.
At present, the lung nodule
detection rate and classification
rate is 86% and 87%, respectively.
The success rate for ILD
classification is 84%. The
researchers are working to further
improve to conduct clinical trials
on bigger sample sizes. The report
has been published in more than
13 International Journals and
19 International Conferences in
various stages of its development.
SOURCE: www.inshorts.com
IIT KHARAGPUR DEVELOPS DIAGNOSTICTOOLS FOR
INTERSTITIAL LUNG DISEASES AND LUNG CANCER
A
n American biotechnology
Startup, Iota Biosciences
founded in 2017 by Carmena
and Michel Maharbiz has recently
raised 15 million dollars for its in-
body sensor which is smaller than
sand grain.
The University of California in a
microelectrode research developed
the sensors called ‘neural dust’
which then transfers the data
wirelessly from inside the body.
The Co-CEOs hold exclusive
rights to neural dust technology
which offers revolutionary
therapeutic applications for
various chronic health conditions
from inflammation to motor
disorders and eventually cognitive
impairment.
The advantage of this small-sized
sensor is that it uses ultrasound
avoiding any danger that is associated
with wire and battery-provided
implants. Since they are smaller and
can be implanted deeper into the
human body than traditional ones
available, neural dust can interfere
directly with specific nerve clusters
allowing more precise diagnostics
and treatments. Iota’s devices can
concurrently record information
and stimulate nerves giving
near instantaneous closed-loop
therapies that could better treat
diseases from the inside out.
SOURCE: TimesNow
IOTABIOSCIENCECREATESBODY
SENSORSMALLERTHANSANDGRAIN
S
cientistsatUniversityofCalifornia
have created a wireless device
called ‘WAND’ which works like
a pacemaker for the brain and may
aid in the treatment of disorders like
epilepsy and Parkinson’s disease.
Wand is a neurostimulator that can
monitor and stimulate the brain
with electric current. This device is
autonomous and can simultaneously
stimulate and record electrical signals
in the brain.
Compiled by:
Dr. Avantika Batish, working
as the Director Strategy and
Healthcare at International
Health Emergency Learning
and Preparedness. She is also a
guest faculty for MBA (HR) and
MBA Healthcare Management
at various B-Schools and is a
soft skills trainer.
WAND...
PACEMAKER
FORTHE BRAIN

Is“Smart”Technology a
Saviour of Healthcare?
T
he healthcare industry is
continuously sprouting with
the exponential evolution of
technology such as artificial
intelligence (AI), virtual reality (VR),
and robotics, etc. These new areas
of smart technology are expected to
pose unswerving influence on the
healthcare industry during the next
couple of years.
Smart Health Technology is equipped
to automatically obtain, store and
compute health information from
technically advanced sensors and offer
personalized advice or automated
actions from the collected data. This
technology can interact and engage
with data via Virtual or Augmented
Reality to provide even more real-
time experience for both, physicians
and patients.
With the dissatisfaction among junior
doctors reaching unprecedented
levels (a staggering 80% feel
excessively stressed) and the number
of doctors progressing to specialty
training dwindling to its lowest rate
in the history of the National Health
Service (NHS); these changes have
never been more needed. In the event
of NHS staff struggling to cope up
with the growing demand for patient
care, owing to the UK’s rising aging
population, technology is seen as an
enabler which will further propel
healthcare professionals to work
smarter, and not harder.
There are numerous opportunities
for healthcare stakeholders/
manufacturers to innovate Smart
Health Technology solutions,
which are expected to streamline
the precise medical care approach,
e.g., telemedicine. However, there
are also certain restraints in the
regular healthcare system pertaining
to infrastructure and adequate
competencies to integrate Smart
Health Technologies. Moreover,
manufacturers and service providers
need to ensurethe data security and
adhere to global standards. Few of
the latest applications of Smart Health
Technology are Smart Apps, Smart
Pills, Smart Syringes, Intelligent
Fabrics, and Smart Wearable Devices.
SMART APPS
The global smartphone users’ count
is expected to surpass 2.5 billion by
2019. This exponential base of users is
expected to influence the fate of health
and fitness apps, which have already
increased by more than 30% since 2016
(as on current date). It is estimated that
almost 75% of current active mobile
users run their health and fitness apps
at least twice a week. With increased
awareness among the mass population,
people are leveraging technology to take
better control of their health conditions
such as asthma, infertility, obesity, and
diabetes, etc. Moreover, the plethora of
user data churned out from these apps
is helping the market researchers access
unparalleled volume of data forfurther
in-depth and precise insights.
SMART PILLS
The smart pill technology includes a
wireless capsule, a receiver, and the
Written by VICTOR MUKHERJEE

software, which investigates and
categorizes the gathered information
from the patient who consumes the
pill. It is an emerging technology,
which is witnessing an upsurge in
demand and is expected to show
significantpotentialinthediagnostics
domain in the future. The technology
is used to detect gastrointestinal (GI)
conditions and offers the physicians
with information relating to several
parameters such as pH, temperature
and GI tract pressure.
For instance, the first digital pill
-Abilify MyCite (approved in
November 2017 by the US Food and
Drug Administration) is used to
track patients’ medication data. This
is a venture between Tokyo-based
Otsuka and California-based Proteus
Digital Health (digital medicine
service provider).The other key players
operatinginthesmartpilltechnologies
market include Novartis AG, Given
Imaging Ltd., Philips Healthcare,
Smartpill Inc., Olympus Medical
Technology, Medtronic, Pentax
Medical Co., Siemens Healthineers,
Stryker Corp., GE Healthcare, and
Boston Scientific Corp.
SMART WEARABLES
Smart wearable medical devices
are small electronic products
(consisting of sensors) which have
computational competence. These
devices are entrenched into items,
which are attached to different body
parts of the user. They can resemble
watches, eyeglasses, clothing, contact
lenses, shoes, or even jewellery.
Few of the latest smart health
monitoring wearables in the global
market include:
• Apple Watch Series 4 (healthcare
app)
• Pebble Health (health monitoring
app)
• Zephyr BioPatch (wireless
monitoring device)
• Muse headband (brain-sensing
monitoring headband)
• AliveCor Heart Monitor
(smartphone-based ECG device)
• Garmin Forerunner 935 (GPS-
enabled heart rate monitoring
device)
Precisely, the Apple Watch Series
4 is embedded with an ability to
automatically inform hospital
service providers, if a user becomes
immobile for a stipulated period of
time. This deviceassists people to
become healthier, simultaneously
storing real-time data which can be
analysed by healthcare professionals
via remote patient monitoring,
ensuring more precise and perceptive
data for better healthcare practices.
Moreover, AI can continuously
monitor healthcare data and transfer
the same to hospitals when necessary.
CONCLUSION
Upcoming healthcare technologies
such as Smart Healthcare and AI
are gradually renovating healthcare
practices and areset to experience
further innovations in the recent
future. A significant number of
healthcare experts are unquestionably
banking on smart healthcare as a
growing number of patients are keen
to use these technologies and apps
to improve their lifestyles. However,
it is impossible to contemplate every
research aspect of smart healthcare,
considering its broad facets. Hence,
as a result of the emergence of Smart
Technology, healthcare stakeholders
now should focus on imperative
subjects such as security and privacy,
ethics, training, biomarkers, genetics
and personalized medicines, robotic-
enhanced environments, human-
computer interaction, and so on. The
future is endless and exponential!
PERSONATHEMETRENDSISSUESNEWSCOPERESEARCHWELL-BEING
Victor Mukherjee is currently
working as an Assistant Manager
– Healthcare Practice, Infoholic
Research

A
ccording to the Merriam-
Webster dictionary, an
analysis is a detailed
examination of anything
complex in order to understand its
nature or to determine its essential
features: a thorough study. Data
analytics is a method of analyzing,
manipulating, and processing of
complex data in a more defined and
logical way. In brief, it can be defined as
a method of logical analysis. In data
analytics method,complex data are
drilled down at various levels in order
toarriveorconcludeinameaningfulway.
Itismostlyusedtomakeorganizational
decisions, implement any new
processes, changing the existing
processes, etc.
The healthcare industry generates
and collects a huge amount of
complex data daily. Using data
analytics technique, these large
set of data can be broken down
in a meaningful way to know the
trends and make more accurate
decisions for many major quality
outcome projects. Through
analyzing trends and forecasting
the data, the healthcare providers
will know whether implementing
or changing any project would
have a positive or negative impact
on an organization. For example, if
an organization wants to increase
the overall mental health of their
patient population, the provider
should first know what percentage
of patients are not undergoing
their depression screening
during annual health checkup,
says Thamarai. To identify the
percentage of patients who did not
have their depression screening
done, the data analyst will collect
data from the organization’s
database for a year. Once the
organization identifies the base
population, the experts look at
the data and analyze the gap by
drilling down the data to find why
a depression screening was not
done. Finally, using the same data
analytics method, an organization
can decide whether this quality
projectneeded to be implemented
after performing management level
decision such resource needed
and financial status. According
to Thamarai, however, though
data analytics aids and helps the
leaders to decide, it is utmost
important to include clinical folk’s
knowledge as there might be
something beyond this analysis.
In the above example, the patients
who did not have depression
screening may voluntary avoid
(needed to be excluded from the
base population) or there is no
such information captured in the
medical record altogether. In these
scenarios, the doctors will come
with ideas to close the gaps such
as using a phrase or a flag in the
medical record for the patients who
voluntarily declined the screening.
Hence, a combination of Small and
medium enterprises (SMEs) and
data analytics team is required to
obtain a positive outcome for any
healthcare quality project.
“Can this data analytics method be
feasible in the Indian Healthcare
System?”. Major Indian healthcare
organizations still use surveys and
administrative medical records
data to analyze the quality of care.
These resources of data are less
reliable and collecting this type of
data is always a challenge for the
healthcare organizations because
of lack of Electronic Health Records
(EHR), says Thamarai. Though EHR
implementation is slow in India, it is
predicted to grow in years to come
because of many government-initiated
policies such as ‘The Digital India
Healthcare Policy’, increase in EHR
implementation in Major hospitals like
AIIMS, etc.
Data Analytics Will Increase the
Quality of Care! How?
Written by DR. THAMARAISELVI SUNDARARAJAN

I
nnovatioCuris Foundation of
Healthcare Excellence (ICFHE)
and IIT-Delhi jointly hosted a
panel discussion on Medical IoT:
Future of connected health, as an
emerging development area. Below is a
journalistic account of discussions and
decisions made during the Innovators’
club meeting held on Saturday, 2 March
2019.
DrVKSingh,InnovatioCurisisworking
towards healthcare disruptions in India
to help reducethe healthcare delivery
cost. Since the medical space is growing
rapidly from 20 million market to 70
million by 2025, describing a business
opportunity for the younger ones and
existing players of Internet of Medical
Things (IoMT), insisted on mastering
the technology instead of technology
mastering us!
Our inaugural speaker Dr Partha Dey
of IBM emphasized the importance of
rapidly growing medical space in next 5
to 7 years (million to billion to trillion)
and that the numbers are promising.
The question “Is there anything we
can do to get our pie of the share from
that increasing number?” Connecting
internally (institution/hospitals) and
with the outer world, there are two
aspects. He went on to highlight a
concern that connected health should
be targeting illness rather than wellness.
Illness market would have a better
opportunity and that's a fact of life.
Integration of many devices also causes a
problem in the implementation of IoT in
healthcare. The reasons can be many.One
of them is that the medical stakeholders
do not have any consensus regarding
the consent, generation, storage and
transmission of data. But IoT changes
the way!
The need to change the way of delivering
care/service should be our priority. A
paradigm shift in the way of offering
services through connected health
services and emphasizing that privacy
and security concerns are of utmost
importance when it comes to connected
health. Responsibility and accountability
after acquiring data is very important.
The question is how to analyze the data
and get actionable insight. Analytics
and IoT should be considered together
for actionable insight. The challenge
of interoperability has turned up
with increase in number of devices
being used.
Trends and Opportunities
of Medical IoT
IoT or Internet of Things is not new, but
it has been gaining traction at a very high
pace. Since the inception of the word IoT,
there has been an ongoing conversation
about how it might change healthcare,
improve patient safety, affordability and
accessibility for patients.
Healthcare in India has a huge
potential in terms of IoMT or medical
IoT solutions. There will always be
challenges and opportunities in this
sector. Connected health is contributing
towards the growth in space of IoT, but
is lagging behind many other connected
sectors.
One of the key challenges is developing
the algorithm for medical devices such
as CT scans and X-rays. Application
of artificial intelligence and machine
learning in healthcare should be
Medical IoT: Future of Connected
Health, AreWe Ready?
The reasons can be many. One of them is
that the medical stakeholders do not have
any consensus regarding the consent,
generation, storage and transmission of
data. But IoT changes the way!
Written by SHIVANK KHANDELWAL

cautiously done because in case of a
CT scan, if we miss a module it has life
risk and hence should be used carefully
and should be a well validated clinical
algorithm.
Since the infant mortality rate in India
is twice the rest of the world, and that is
certainly alarming as the bottom of the
pyramid is affected; there is a company
which focuses on the mortality rate of
low weight birth babies. They have come
up with developing a bracelet which
diagnoses hypothermia in low birth
weight babies. This was a very simple and
innovative device, but then they analyzed
the intermissions they can work on and
came up with baby cradle. The main
challenges to develop and design such
a product is to cope with the cost factor
and the startups definitely need funds to
develop such a technology.
The goal of connected health is not just
early identification of health issues, but
also effective patient care and safety.
Today IoT platforms support integration
of medical devices and wearables. The
need for security is as important as when
it comes to IoT and accessing healthcare
data and strengthening advocacy for
connected health.
Things change very rapidly and in very
small time, and IoT is taking shape
with it. But who will fund the cost of
development/ Can government help the
industry in making such policies?
Business Models of Successful
IOMT in India and Challenges
The IoT healthcare business strategy is
not yet robust because it involves a set of
elements with new requirements such as
new operational processes and policies,
new infrastructure systems, distributed
target customers and transformed
organizational structures. Therefore,
there is a need for a new business
model. The IoT technology opens a new
dimension of business opportunities
for healthcare companies and the IoT
platform becomes a key artifact in this
transformation. Early movers who are
taking a proactive approach to establish
their IoT healthcare ecosystem will tap
into new business models. In this part of
the business model, the panel discussed
the basis of pricing and the way of
charging for a product or service. Beside
this, the panel also discussed the ways of
revenue generation.
While there are many benefits of the
Internet of things in healthcare, it isn't
without its challenges. As with any new
technology in healthcare, hospital and
IT executives are concerned about data
security and IoT device management.
What are the potential barriers to IoT
adoption and how healthcare IT can
overcome those obstacles?
AI and IoT change the way healthcare
is delivered and we obviously are on
the cusp of a revolution. This definitely
poses a fair amount of concerns but
also huge possibilities. The panel also
discussed how Modicare is 100th the cost
per person when compared to Obama
care. So clearly, there must be more
innovations coming from IoT and AI;
they are going to help us reduce the cost.
In the past, how people tried to use the
data for the benefit of both patients
and providers, starting from patient
side faced huge failures, as nobody was
willing to pay. And that's where the
thinking came from that; how do we
really make this work? How do we really
turn this data into a business model?
And that's where they pivoted the model,
working with providers and using their
data sets. But then the question comes
up, “Why the providers would share
their data?”. Thus, the first pitching that

started was to use the provider’s data for
their patient care. And it didn't work
well. The whole narrative was, “What's in
it for providers?”.Therefore, the business
model turned out to be, as we kept on
talking to people, we realized that the
data is going to be useful for provider’s
revenue success, and then the same
datasets will help the patients. A solution
that they projected is to help retain the
provider with patients’ data, grow their
revenues and help in patient care.
The MedTech certainly seems more
complex. Where they are trying to come
out with a dermatology solution and oral
healthsolutionforseriousdiseaseswhere
a cell phone image taken from an off the
shelf mobile phone camera is sent to an
AI backend and it gives a diagnosis and
possible treatment options for a variety
of skin diseases, particularly oral cancer.
Such cases are very prevalent. What the
panelist found is a landscape extremely
complex in terms of the business model
because when someone comes out with
something like this, then figuring out
who would it be paying is difficult. And
suddenly the AI and IoT thing comes up
and say that it can perform this diagnosis
at par the level and in certain cases better
than certain trained specialists. This does
not support their case.
One of the panelists shared her thoughts
on important factors to concentrate and
realize why health care has not moved
digitally as compared to other industries
like banking, insurance and how a lot
of digital interventions can happen
in healthcare. There are a whole lot of
opportunities.
The main thing to focus on is What is
the problem? What is the solution? And
who's going to pay you? Because that's
where the panelists believe that lots of
startups have a scope.
Customer is one, the doctor being
another and hospital, the other
spectrum. So how to manage this change
and address the change management. If
you give a thought on what to overcome,
it gives you a kind of value that you try
and achieve success and how do we
overcome the quality assurance issues,
change issues, challenges that one sees
in terms of adoption. Let's say for the
doctors, it took a hundred years to the
doctor to adopt stethoscope. Today, it's
widely accepted. IoMT is something
that is obviously very innovative, very
useful. But then not every doctor will
accept it right away. How does one
plan to overcome that barrier? So, they
might just want one to focus on change
management issues.
There are three components of the IT
embedment in a hospital. One is the
business side of it, which gets adopted
immediately. There's just no resistance
to it. The second side is the paramedical
side of it; it has pathology, radiology
and other such things. They take a little
time but they come on board. Learning
curve is much shorter over there. The
third one is the clinical side, which is
the most difficult, as in a hospital system
there are doctors who are most resistant
to changes and the reason being their
upbringing and learning of clinical
practices in a certain way.
The question arises “How does one
change their practices?” The changed
management is already happening at the
college level. The medical students who
are coming out now are more hands-on
and are accepting the new technological
changes. We will have to wait a little
while, but they will accept it. When we
talk about a change in the managements,

the problem that arises is not specific to
India only. In the USA, George Bush had
said that he wanted EMR to be adopted
by everyone within next ten years.
Surprisingly, he didn't even get 15%
conversion in those ten years.
As many of the players in the Medical
IoT ecosystem are coming out with
innovations. The academic institutions
can be helpful in their independent
evaluation. There is a gap in case of
independent evaluations; sometimes the
system works and sometimes it doesn't.
One can observe the lifecycle of the
product and the support system together.
If one wants to make a difference,
collaboration is the key.
Another issue which keeps boggling is
that the tech industries feel they have
oversimplified the solutions. While the
business of medicine is not that simple
andit'sanever-evolvingdynamicsubject.
There's a need to understand the system.
Each hospital has its own dynamics. The
clinician has to be on-board in every
case, otherwise the products will not
succeed. The doctors come across the
instruments, which fail to get them the
right values, same thing as also shared by
our methodological counterparts. The
need of the hour is to standardize these
results. Only then can we really come
in terms with IoT. Otherwise they will
tend to have a short life cycle and attain
failures at the end effect.
It is important to secure the data and
look over the cost implications of data
security issues in connected health
work moving forward. There is a need
for appropriate interventions at the
transition level of doctors and patients,
as well as the importance of advocacy
and awareness‐raising at community
level about connected health. There is
also a need for financial support for
encouraging the tech enthusiasts of the
country to address health issues in India
with connected health solutions.
One needs to understand customer
value as well. How do we speak the right
language in terms of what would appeal
to that particular user or customer or
doctor or hospital for that matter only
then we will see more IoMT adoption
happening. Yes, there is a need to
understand the regulatory framework.
Startupsneedstoadoptaleanstructurein
collaboration with the medical partners
and come up with innovative solutions.
India has a fantastic opportunity, but
clearly it does need elements to come
together and work together.
Shivank Khandelwal is currently
heading Digital marketing team
of MixOrg

InnoHEALTH magazine - Volume 4 issue 2 - April to June 2019

InnoHEALTH magazine - Volume 4 issue 2 - April to June 2019

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

InnoHEALTH magazine - Volume 4 issue 2 - April to June 2019