May 17, 2020

Healthcare predictions: 2019

Big Data
John Danaher, MD, President, C...
4 min
Healthcare predictions:
As 2018 witnessed unexpected mergers and partnerships, robust digital health innovations and continued policy shifts in the healthcare sector, at Elsevi...

As 2018 witnessed unexpected mergers and partnerships, robust digital health innovations and continued policy shifts in the healthcare sector, at Elsevier, we think 2019 will bring about significant changes in health IT infrastructure with patient data at the center of it all.

  • Analytics will be the mainstay as health systems strive to optimize in-house clinical data.

Given that the #1 funding category in 2018 is data analytics, we anticipate that 2019 will usher in a variety of advanced analytics demonstrations. Many will be novel in the output generated but the uncertainty of real-world clinical value will continue. So, a demonstration of the computational capabilities will be most significant, since that opens the door to a range of possibilities. Additionally, there will be a shift in emphasis on “big data” to “small data” analytics as healthcare systems focus to leverage existing data to improve clinical and operational processes.

  • AI will start moving beyond the hype with practical use cases, primarily in radiology.

The most substantial real-world AI applications will be in image processing through early stage machine learning for areas like radiology and dermatological lesions. Secondary spin-offs could be self-monitoring / telemedicine apps for dermatology and tele-radiology.

  • The role of CDS tools will take on expanded significance to improve physician engagement.

Hospital EHR deployments outside the US will increasingly follow in its footsteps by including evidence-based clinician decision support tools linked to CPOE (computerized physician order entry) and care management.

IDNs or integrated delivery networks will increasingly implement pathways, including treatment selection and care coordination, to reduce unwarranted variation of care.

Boundaries between patient-led, home-based self-care and physician-led outpatient care increasingly blur, so these personal health logs will merge with primary care decision support tools in new and uniquely challenging ways.

See also

  • Real world evidence approaches will gain traction.

Through data liquidity and third-party app integration with EHRs, there will be a refinement of clinical evidence based on clinical data captured through care delivery.

  • Personal health data stores will finally take off.

Patients as consumers will take control of and store their personal health and clinical data in applications of their choice in the cloud. Since May, GDPR requires data controllers to turn over data to consumers and patients on demand and in usable electronic formats. Apple has made notable inroads with HealthKit, and Microsoft has revived Health Vault. Even in privacy conservative Germany, a large group of insurers, hospital chains and industry partners are finally cooperating (e.g. Vivy). For patients in Denmark and Estonia, this has already been in play with online access to health records through the national health systems.

  • The cost of gene sequencing will continue to taper, and next-gen will prove value for AI. 

This is an older prediction expected by many to be imminent. After years of exponential decline, the cost of high-quality whole genome sequencing has stalled. There are barriers to broad adoption and economies of scale because many consumers still have privacy concerns and are hesitant to disclose "pre-existing conditions". On the other hand, clinicians don’t have the tools to interpret complex results (this is an issue, considering that an estimated 10% of the human population has some form of a rare disease).

There will be an increase in next generation sequencing (NGS) and more AI applications will take place in genomics related to oncology, with refined genetic variants and subtypes leading to more precision medicine in treatment options.

  • Research data networks will scale.

Patient data from routine clinical practice (EHRs, radiology images, genomics) and personal health devices will increasingly drive medical research. Precision medicine requires ever larger data sets and increasingly specific genomes (e.g. in the case of breast cancers). The difficulty lies in hospitals being reticent about sharing this data, since patient privacy is paramount.

However, the solution could be found in IoT technology; allowing sophisticated distributed analytics on site so that the data never leaves the virtual walls of the hospital. Microsoft Azure, Kubernetes, and Open Stack are the most likely candidates for this, with AWS staking a claim as well.

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article