May 17, 2020

Four cloud trends to shape healthcare in 2019

Digital health
Digital health
Matt Ferrari, Chief Technology...
4 min
cloud technology
At the start of 2018, the healthcare industry found itself in the midst of a significant change including the adoption of the public cloud, multi-cloud...

At the start of 2018, the healthcare industry found itself in the midst of a significant change including the adoption of the public cloud, multi-cloud access, the widespread use of emerging technologies like machine learning and artificial intelligence and planning around increasingly complex regulatory frameworks including the enactment of the General Data Protection Regulation (GDPR) in May 2018. This called for the three major public clouds - Amazon, Google and Microsoft -  to consistently bring new solutions to the market (often behind a Business Associate Agreement and meeting HIPAA compliance frameworks) that evolved how healthcare does business.

Properly implemented and maintained, cloud-based solutions offer payers, providers, life sciences and Software as a Service (SaaS) healthcare organisations unprecedented opportunities to innovate and glean insights from massive data sets while still maintaining privacy, security, and compliance.

With advancements in technology and security over the last year, many healthcare organisations can harness the benefits of the cloud now more than ever before. The global healthcare cloud computing market was estimated at $20.2bn in 2017 and is predicted to grow to $35bn by 2022 according to a recent BCC Research report. As we see more development in technologies like telehealth, remote monitoring, and natural language processing APIs, cloud technology will continue to evolve to fit our new digital health landscape in four important ways in the coming year.

  1. Multi-cloud use will increase in 2019, especially for larger enterprises.

Larger enterprises are seeing distinct advantages of particular clouds, especially for Platform as a Service (PaaS) solutions. Healthcare organisations are gaining confidence that they can effectively partner with more than one cloud provider. Rather than thinking about multi-cloud as separate cloud providers for different applications, disaster recovery, or cloud provider diversity, 2019 will see a focus on a cohesive healthcare multi-cloud strategy around different public cloud services for the same application.

As cloud computing platforms increase their ability to store, secure, process and analyse, we will continue to see healthcare transformed by data. For example, Google has a strong history in big data, analytics, and machine learning, culminating in the launch of their Google Health API. As multi-cloud access increases, we can expect healthcare organisations to use Google Cloud’s expertise while also consuming services such as Amazon Simple Storage Service and Amazon Elastic Compute Cloud for computing and data storage to meet the unique needs of their business.

See also

  1. Pharmaceutical and life sciences companies will have another big year in cloud adoption.

If you look at the services that are being deployed by Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, a large percentage revolves around making data easier to consume, whether it be new database architectures, de-identification, classification, anonymisation or compliance-led initiatives. All of these services help break down critical barriers for pharmaceutical and life sciences organisations to put their data to work as they progress in analysing large and diverse sources of data, and work to speed their time to market. In 2019, as applications become more mobile and web-based, we will continue to see a strong cloud adoption across pharmaceutical and life science organisations on a global scale.

  1. The adoption of container and serverless technologies in healthcare will become mainstream.

While they are not new technologies, organisations will reprioritise containers and serverless services (think Kubernetes) as we see significant growth in artificial intelligence and machine learning in healthcare. Adoption of serverless technologies offers organisations a cost-effective way to launch applications without provisioning or managing any servers, further limiting vulnerabilities within the healthcare environment. As cloud computing platforms increase their ability to store, secure, process and analyse, we will continue to see healthcare transformed by data, and the ability to find meaning in it, and share it across silos with increasing interoperability.

  1. Complexity will increase in 2019, and with multi-cloud, there will be a need for greater attention to security, compliance, and privacy.  

The ‘seams’ or boundaries between environments are often the most vulnerable points and multi-cloud, while offering many advantages, can create new security complexities. The complexity itself will continue, shifting from simply understanding Infrastructure as a Service (IaaS) on one cloud provider to strategizing how SaaS and PaaS can work together.

In addition to the technology aspect, the challenges many organisations faced with GDPR compliance in 2018 will continue to bleed into the new year. A GDPR certification framework is still a long way from fruition and the principles of “state of the art” measures to protect data are open to interpretation, much like HIPAA was until HITRUST provided prescriptive guidance. Very few companies fully understand how to architect cloud solutions in a manner that complies with GDPR principles. Now that more healthcare organisations are becoming GDPR aware, we will see these organisations utilise Microsoft in some locations and AWS in others as they seek to leverage the cloud while keeping governance and privacy their highest priority.

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article