May 17, 2020

Is fintech the answer to the healthcare’s flatlining finances?

Finance
healthcare services
NHS
Neil Everatt, CEO, Selenity
5 min
It’s no secret that the pressures on the National Health Service are greater than they ever have been. Increasing demand and budget restraints have co...

It’s no secret that the pressures on the National Health Service are greater than they ever have been. Increasing demand and budget restraints have contributed to NHS Improvement, the health service’s financial regulator, reporting a deficit of £960m for 2017-18. However, it’s clear that the NHS is committed to lowering costs and maximising efficiency with initiatives such as the ‘Five Year Forward View’ aiming to make around £400mn in savings by reducing and streamlining back-office costs by 2020. 

In fact, harnessing the potential of technology has become an increasing area of interest and in his first speech as health secretary, Matt Hancock reinforced the pledge to boost technological innovation in the NHS. He called for the adoption of a culture which is ‘always looking for the best possible technology and embracing it’ and pledging £487mn to digital transformation projects across the entire healthcare organisation.

Up-to-date technology is a vital component of streamlining processes. With NHS administration staff facing outdated IT systems and needless paper filing, investment in back-office functions not only increases efficiency – but also provides staff with better resources which allow them to do their jobs and focus on delivering patient care.

Mobilising the workforce  

Although the NHS is often at the forefront of pioneering treatments and innovative clinical care, much of the administration which takes place in the back-offices of the NHS is simply out of sync with today’s business world. It’s not uncommon to still see many organisations either using entirely paper-based processes or Excel spreadsheets as makeshift HR expense forms. There’s a real need for better processes and technology to be simplified and automated to enable greater sustainability to be delivered throughout the entire healthcare system.

With many NHS staff already seen as ‘mobile workers’ travelling between different sites and outpatient clinics, it’s important that the technology available supports the requirements of the job but also contributes to a work-life balance. For instance, our research shows that logging an expense claim through a mobile app is 25 per cent faster when compared to logging it on a computer.

Adopting mobile technology for back-office functions such as HR and expenses would provide greater efficiency to NHS staff. Take community nurses for example, who often have to travel between sites and clinics, but at the end of the day need to return to the office in order to log expense claims such as mileage. In this instance, a mobile app would not only save time but also the cost of an unnecessary journey in to the office.

For many NHS Trusts there is clearly significant potential to release resources by driving greater efficiency from their back-office functions and further investing in frontline services. One of the mechanisms in place to do just this, is the Quality, Innovation, Productivity and Prevention programme, or QIPP which is an umbrella term developed by the Department of Health to drive quality improvement throughout the NHS. But how do health boards make the most of the new technologies they implement and what is the best starting point for digital transformation projects?

See also

Keeping expenses in check

When looking to drive digital transformation across an organisation there’s no better place to start than the HR department. It has a fundamental part to play in getting existing employees to adopt a digital mindset and in hiring future employees that will support this new culture.

There are various organisations in the NHS who are already exploiting the data from expense claims. Analysing the data, allows financial directors to identify common expense claims and put in necessary steps to reduce the need for such claims.

For example, one particular Trust had been paying for two shuttle buses to take staff between sites. The hospital was surprised to see that there were still numerous expense claims of employees taking their cars for the same journey as the shuttle bus. Using that data, they were able to work with the employees to understand why – the frequency of the shuttle buses was the issue. With the problem solved they saw an almost overnight reduction in the number of those claims, bringing the overall cost of claims right down.

Similarly, NHS organisations such as Livewell Southwest have also used expense data to recognise areas of high usage. For instance, they identified that it would be more cost effective to provide six pool cars for their two community-based teams, rather than staff submitting mileage claims. Making this simple change resulted in annual savings of £19,000, as well as reducing the overall man hours required to process the previous mileage claims.

It’s important for NHS Trusts to recognise the power that expense data holds and the opportunity it presents to gain a holistic view of expenditure. Not only does it help to reduce costs but also ensure policy compliance. For instance, identifying the top 10 claimants, can help to identify any irregularities in expenses claims, as can analysing data from employees at similar levels. Whilst it’s not common practice, there is always risk that employees will try to take advantage of the expenses process.

Factoring in the cost of change

For Trust’s looking to update their expenses technology it’s important that they look beyond investing for the short term, with tactical fixes. Rather they should think strategically, invest for the future and ensure that the workforce has the best tools for the job. Not only does this help to attract and retain staff but as mentioned, simple systems and processes can also contribute to a more efficient work-life balance.

Equally, when considering moving from one system to another it’s important to calculate the cost of changing supplier. What is the cost of implementing the new software? How long will it take to train employees? If the software is free, are there any hidden costs? All of these factors need to be considered as short-term savings don’t always add up in the long run.

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

cyberattack
fitness
Cybersecurity
verification
3 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks according to the latest research from McAfee. 

For those still unfamiliar with Peloton, it is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use a wi fi connection to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

“Behind the scenes is a standard Android tablet, and this hi-tech approach to the exercise bikes has not gone unnoticed. Viral marketing mishaps aside, Peloton has garnered attention recently regarding surrounding the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at Android devices, and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain remote access to the bike’s tablet, including the camera, microphone and personal data. 

To the user there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk of  being hacked.  

The flaw was found in the Android Verified Boot (AVB) process, leaving Peloton open to attackers. 

They were able to bypass the Android Verified Boot process, which normally verifies all code and data within the system before booting. Researchers were able to get the device to boot bypassing this step. 

This can lead to an Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of any access they achieved on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton even as auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and subsequently released a fix for it. 

The patched image no longer allows for the “boot” command to work on a user build, mitigating this vulnerability entirely. Further conversations between McAfee and  Peloton confirmed that this vulnerability is also present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security, Adrian Stone, commented on the research: “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article