Cyber Security for Energy Sources

Energy runs our world.  Light switches enable 24-hour productivity.  Devices and machines of all types enable consumer, commercial and government activity.  Of course, communication (other than face-to-face) is also reliant on energy.

In 2021 Colonial Pipeline demonstrated US vulnerability to hacking networks, paying over $4 million (75K in Bitcoin) to a Russia-based organization after shutting down operations ... to regain access to data (the US government later recovered about half of that ransom).

How can the United States government... and, indeed, multinational corporations with a global footprint... address this risk?  While guaranteeing security against all future attacks isn't possible, we believe a cloud-based "3-Domain Architecture" can improve security of data, computing and energy systems.

Recent comments suggest "zero trust" has fallen from the talking point attention it once had.  That said, development processes, secure behaviors (that help avert "social engineering" attacks) and examination of supply chains (security testing of those components prior to final ship -- of product -- to customers) remain key to maintaining maximum security and avoiding loss to ransomware or other cyber attack.

Cyber vulnerability in Healthcare

                      

Have we done what we can do to prevent malware attacks on our health systems?  Connecticut Attorney General William Tong was notified recently of a summer 2023 attack that may have affected 109,728 people in that state .. a breach confirmed on only 3 hospitals.

“As you are aware, on August 1, 2023, Prospect Medical learned of a data security incident that disrupted the operations of some of its Information Technology (“IT”) systems. Prospect Medical immediately took steps to secure its systems, contain the incident, and notify law enforcement. Additionally, a third-party forensic firm was engaged to conduct an investigation.”

Data stolen included "patients’ names, addresses, dates of birth, diagnoses, lab results, medications, insurance, and financial data."

Would Joel Vengko suggest that Hartford Health is immune to any such attacks?

According to a March 2023 article in LRV Health, "Joel Vengco started his thesis during the third year of <his> MD-PhD program ... the beginning of the end of his time in medical school, <transforming> his career path ... <to> using data to transform the healthcare industry." Dr. Vengko is focused on innovation, but he isn't ignoring cyber security.

Fierce Healthcare reported in December 2023 that "As of mid-December, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) had received 541 notices of data breaches affecting more than 500 individuals during 2023. Among these were incidents that compromised the information of millions, or even tens of millions, of individuals, as was the case with this summer’s high-profile breach at HCA Healthcare."

So Marty Paslick, CIO of HCA, would have to admit that "attacks forced healthcare providers to adjust their workflows or interrupt services due to lockups of their computer systems."  The Fierce article goes on to quote Mike Hamilton, CIO at Critical Insight, to the effect that  the risk of attack is obviously “escalating, and that the tactics are changing....” 

"Beyond the threat to patients’ lives, these incidents can have a lasting impact on the financial health of a provider organization."  Proactive work is essential... inspiring eWISE focus to help... specifically in the domain of obsolete devices (which pose a large vulnerability unique to the healthcare industry).

Protecting Health Data

A single hospital has  tens-of-thousands of devices.  The scope of that management challenge is truly daunting... even for organizations with a fairly standard array of devices, tracking "visitors" and staying up to date on patches for devices that practitioners WANT on the network is overwhelming.  Let's get the obsolete devices OFF THE NETWORK... and  the data that you can't easily place in your EHR can be stored securely  in  the cloud... ready for  "fine grained" access when your  employees, health partners and payor partners need it.

"Fine Grained" means only those authorized access can get to that data.  We won't reinvent your Identity Management System(s)... instead we will  leverage  what you have!  "How?"  you ask.  Send me an email (informally at pete.godston@gmail.com) or give me a  call (826-200-0056) and we will walk you thru the 3-Domain Architecture implementation for your strategic  cloud  choice (yes, we can support AWS, Azure and Google Cloud, with consideration to  Oracle  Cloud in the event you are a Cerner customer today).

Thanks for reading!  Hope to talk with you soon!

What a year..

Personally, the most trying.. coping with this "pandemic," including being there for teenage daughters... but more substantially the loss of my father ... then within a week lost my long-standing companion, Cocoa, a Labrador Retriever (the last two completely unrelated to this pandemic furor). 

Professionally, found myself marveling at the collective unwillingness (inability?) of many sectors to welcome intellectual honesty around cloud capability.  I walked away from the enticing option of "check-box" certification (I have a Harvard MBA, for God's sake!) exams in favor of implementing the tech (just because your staff or new hire has a certification doesn't mean they can efficiently implement a solution appropriate for your environment)... yet in spite of very loud public whining about a scarcity of cloud implementation skills, no one I didn't have a personal relationship with five years ago was willing to meet to review findings.

True, I'm not on any Gartner matrix.  But doesn't everyone agree Gartner is a pay-to-play domain?  Are we really okay with a model that favors India's Brahmin class over our own innovation (no, not just me... spent some time with a few engineering innovators who finally concluded "my baby is ugly" and left a brilliant solution to keep customers happy in another domain.

eWISE AgileHealth©

The IT landscape at mid-to-large health organizations is dominated by electronic health record systems (EHR), a market led by Cerner, EPIC and Meditech.  Innovative applications to support health care (addressing COVID, other CRISPR DNA therapies/research and so much more) are available on Amazon Web Services (AWS), Azure and Google Cloud platforms.  The eWISE AgileHealth© approach enables secure access to data, appropriate integration of new data and enables integration to the millions of health devices (and providing vendors) that are modern health care.  Are you ready to visit the 3-Domain Architecture?

Christmas 2018

 

Spending a few days with my favorite person in the world, daughter Annika.  Danish pancakes for din-din Christmas day and for breakfast two days later.  Steak, peas and baked potatoes the day after Christmas.  Lots of Nintendo Switch, video blog from Danny Gonzalez... and a few other activities.  Cocoa says, "woof."

Russia/Ukraine Update

Watch for the Third Edition of my book,Navies, Petrol and Chocolate, due in February 2021 (on Amazon in paperback and ebook).

Fearing a move of Russian troops to the Ukraine border,  western forces have exercised in Estonia.  Russia's 2018 exercise happened in the East... The Russian seizure of three Ukraine cargo vessels vicinity the Kerch Strait in late November 2018 was an unhappy display (seized sailors and ships weren't returned for many months).  Russian naval exercises happened in 2020... what's next?