Presentation submitted by Doreen Mac-Ohams, Hannah Michel and Sandra Rudeloff.
Undergraduate and graduate students from leading universities around the world were tasked with creating a cybersecurity strategy for a U.S. health system that is inclusive of their supply chain, addresses the threat of gray market and counterfeit products and includes approaches to monetize the cyber hygiene capabilities.
For MHS: Tomorrow‘s Healthcare Today
Every day healthcare companies are offered new chances and potentials to leverage the tremendous amount of data they produce. In order to generate valuable insights and not only pure data, we want to set out on the path to a digital future with a technically advanced security culture. As digitalization and cyber security are deeply interconnected, our proposed solution consists of three interconnected pillars: The Semantic Web for Data Management, RFID for Data Generation and a Cyber Security Culture to enable the successful implementation of the previous mentioned technologies. With these three dimensions in place, MHS can realize its vision of delivering “Tomorrow‘s Healthcare Today”.
The “Semantic Web” links data in a secure and interactive matter. Data sources, such as the files which are part of a traditional patient record (e.g. lab values, prescribed medication, personal data etc.) are treated like an html file containing descriptive variables, where for example the hospital or the age of a specific patient are tags filled with the respective individual patient information. Thus, information gets searchable by tag. More importantly, this way of data storage helps to set up meaningful dashboards that allow a holistic and fact-based decision making. In contrast to existing relational databases, it gives us the unique opportunity to bridge many forms of biological and medical information across institutions and anonymously across patients and thus accelerate medical research tremendously. Next to the storage of the data, access control tools are used in order to holistically protect patient’s data. These characteristics and the broad applicability to various use cases leverages the potential of secure and collaborative use of data. It allows to generate a holistic data management enabling effective patient-centric care.
The utility of the Semantic Web strongly depends on the data input it receives. In order to provide high quality data on item level, RFID is implemented in four areas: Real Time Tracking, Patient Identification, Inventory & Sterilization Management and Medicine Authentication. By implementing RFID for these purposes, advancements are mainly achieved for the patient and MHS. The patient can expect a high- quality and quick anamnesis, a reduced time-to -treatment as well as reduced waiting time. Lastly, patient safety is increased for example through the reduction of counterfeit products. These factors lead to higher overall patient satisfaction. RFID allows MHS to optimize patient flow and thus increase patient throughput, finally leading to higher revenues. Meanwhile, they will be able to reduce costs associated to manual inventory counts or labor inefficiencies. Especially the interconnection of all these application areas and the analysis through the Semantic Web make RFID a valuable technology.
Our integrated End-to-End approach includes all stakeholders and levels of healthcare. With the goal of creating and implementing a cyber security culture enabling the most secure, transparent and innovative patient care, an overall culture framework to combine the pillars of holistic patient care, was developed. The frameworks focuses on protection, prevention and collaboration. In order to assure smooth integration and high quality standards of the previous mentioned technologies, the Cyber Expert Team consisting of IT, Cyber Security and healthcare specialists will be the focal point for the introduction, maintenance and measurement of the security culture for all employees and along the whole supply chain. The 4 pillar action plan will help to map all involved stakeholder, identify Risks, build cyber security capabilities, knowledge sharing and training to overcome these risks and preparation for major cyber incidents.
The described technologies and frameworks will be implemented over 4 years in an 8-step approach. This allows us to adapt to proven best practices and take every staff member on our journey to digital future with a technically advanced security culture. In order to fund the project, MHS has the possibility to cooperate with academic research institutions, Tec- and IT companies, healthcare-focused companies and companies offering result-based sponsoring.
Semantic Web and RFID as well as the interconnection of those two allow for continuous innovation. After the realization of the outlined plan, new application fields such as tattoo-like thin surface electronic devices can be implemented using the established infrastructure. Next to application areas, the geographical roll-out to other countries should be focused. In order to successfully transfer the project plan, it has to be adapted by the local cyber security team that has knowledge about the local culture and regulations.
The developed strategy aims for an outstanding level of cybersecurity based on three pillars: The Semantic Web, RFID and a Cyber Security Culture!