May 17, 2020

3 Health Care IT Vendors You Should Be Watching in 2015

Health IT
Health IT
2 min
The year 2014 was big for health tech with new innovations, adaptions and technologies.
While news of Ebola and security breaches overpowered the airwaves, 2014 was also a big year for health care IT developments. From greater interoperabil...

While news of Ebola and security breaches overpowered the airwaves, 2014 was also a big year for health care IT developments. From greater interoperability to the adoption of business intelligence tools for predictive analytics, tech was at the forefront of the industry.

The following IT vendors are the ones that deserve all eyes during the new year.

1. Cerner

Based out of Missouri, Cerner gained a lot of momentum in 2014 as a growing number of physician practices and hospitals adopted its electronic health record (EHR) systems and ancillary technologies.

[READ MORE] Top 5 Digital Health Trend Takeaways from CES 2015

Last year, Cerner acquired Siemens AG’s EHR unit for $1.3 billion and now has “the biggest U.S. market share of any EHR vendor” with 1,132 acute care hospitals, according to Health IT Exchange.

Additionally, Cerner is increasing its focus on predictive analytics, recently launching HealtheIntent – a multipurpose, cloud-based programmable platform that allows health care systems to aggregate, transform and reconcile data.

2. athenahealth

athenahealth is entering all fields of health care markets, from medical billing to EHRs and business intelligence. Even medical apps are being created by the group.

Just this week, athenahealth announced that it will acquire RazorInsights, a provider of cloud-based EHR and financial solutions for rural, critical access and community hospitals. The goal is to extend a presence into the 50-bed-and-under inpatient care environment, which reportedly accounts for approximately one-third of the U.S. hospital market.

[READ MORE] TOP 10: Health Tech Dangers to Watch Out For in 2015

Financial analysts offered a cautious outlook, however, with the Wall Street reporting the company expects sales of $900 million to $925 million and earnings of $1.20 to $1.30 a share. Thomson Reuters analysts also polled a revenue of $924 million and per-share earnings of $1.25 in 2015.

3. Accenture

Accenture was hired as the global vendor to fix the signature website of the Affordable Care Act – – after its initial catastrophic launch. By the end of 2014, due to its impressive work, Accenture landed a multi-year, $563-million contract to continue its work on the site.

It only took two years for the firm to overcome criticism from ethical lapses and earn this prominent victory. It will be interesting to see what will come from it and if more opportunities will arise.  

Follow us on Twitter (@HealthcareGlbl) and like us on Facebook!

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

3 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks according to the latest research from McAfee. 

For those still unfamiliar with Peloton, it is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use a wi fi connection to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

“Behind the scenes is a standard Android tablet, and this hi-tech approach to the exercise bikes has not gone unnoticed. Viral marketing mishaps aside, Peloton has garnered attention recently regarding surrounding the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at Android devices, and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain remote access to the bike’s tablet, including the camera, microphone and personal data. 

To the user there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk of  being hacked.  

The flaw was found in the Android Verified Boot (AVB) process, leaving Peloton open to attackers. 

They were able to bypass the Android Verified Boot process, which normally verifies all code and data within the system before booting. Researchers were able to get the device to boot bypassing this step. 

This can lead to an Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of any access they achieved on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton even as auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and subsequently released a fix for it. 

The patched image no longer allows for the “boot” command to work on a user build, mitigating this vulnerability entirely. Further conversations between McAfee and  Peloton confirmed that this vulnerability is also present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security, Adrian Stone, commented on the research: “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article