Tag Archives: ‘Risk

CIOs should plan for a spike in healthcare cyberattacks

Healthcare organizations face a growing risk of healthcare cyberattacks during the coronavirus pandemic.

The federal government is relaxing regulations so that providers can treat patients from home and use consumer-grade technologies like Skype and FaceTime. The measures are aimed at keeping providers and patients at home as much as possible to slow the spread of COVID-19. But there is also a downside to making healthcare more accessible: The measures are creating more points of entry into healthcare systems for cyberattackers.

Before the coronavirus outbreak, the healthcare industry was already one of the most likely industries to be attacked. The industry pays the highest cost to detect, respond to and deal with the fallout of a data breach, averaging just under $6.5 million per breach, said Caleb Barlow, president and CEO of healthcare cybersecurity firm CynergisTek.

Caleb BarlowCaleb Barlow

Now in the midst of a pandemic, the healthcare industry is more vulnerable than ever, and cyber criminals are likely laying the groundwork for major healthcare cyberattacks.

“If you put yourself in the mindset of an attacker right now, now is actually not the time to detonate your attack,” Barlow said. “Now is the time to get on a system, to move laterally and to elevate your credentials, and that’s likely exactly what they’re doing. There are a lot of indicators of that. We’ve seen a significant rise in COVID-19-focused phishing, both that is targeting individuals as well as institutions.”

There is not going to be a plea to bad guys of, ‘Please not right now.’ It just doesn’t work that way. It is coming. Get prepared, you have a few weeks. It is that simple.
Caleb BarlowPresident and CEO, CynergisTek

Healthcare systems and even the U.S. Department of Health and Human Services are seeing phishing and other similar attacks right now, but Barlow warns that healthcare CIOs and CISOs need to prepare for the more insidious healthcare cyberattacks that are coming, including ransomware.

“We have to realize that these attackers are highly motivated,” Barlow said. “Many of them, particularly with things like ransomware, are nation-state actors. These are how nation-states fund their activities. There is not going to be a plea to bad guys of, ‘Please not right now.’ It just doesn’t work that way. It is coming. Get prepared, you have a few weeks. It is that simple.”

Cyberthreats seen on the front lines

Anahi Santiago, CISO at the Delaware-based ChristianaCare health system, said there has been a rapid increase in social engineering attacks — including phishing, where bad actors appear as a trusted source and trick healthcare employees into revealing their credentials — that are testing healthcare systems during the coronavirus crisis.

Anahi SantiagoAnahi Santiago

Although the ChristianaCare health system has security tools to prevent phishing attacks on the organization, Santiago said home computers may not have the same protections. Additionally, Santiago said threat actors are setting up websites using legitimate coronavirus outbreak global maps to trick people into visiting those sites and, unbeknownst to them, downloading malware. While the healthcare system’s security tools block malicious websites, clinicians may not have the same types of protection at home.

CynergisTek’s Barlow said the “threat landscape has increased dramatically,” as regulations have been relaxed to enable physicians to work and treat patients remotely. That increased threat landscape includes a physician’s home network, which gives bad actors more opportunity to gain access to a healthcare institution.

As cyberattackers capitalize on this opportunity, Barlow said it’s important for health systems’ security teams to mobilize and for healthcare CIOs and CISOs to have a plan in place in case their healthcare system is breached.

Santiago echoed Barlow’s call on security teams, saying awareness and ensuring the cybersecurity posture remains intact are key to preventing these kinds of attacks.

“We have been working very closely with our external affairs folks to communicate to the organization so that our caregivers have awareness, not only around potential phishing and social engineering attacks that might come through the organization, but also to be aware at home,” she said. “We’re doing a lot of enablement for the organization, but also making sure that we’re thinking about our caregivers and their families and making sure we’re giving them the tools to be able to go home and continue to protect themselves.”

Aaron MiriAaron Miri

Aaron Miri, CIO at the University of Texas at Austin Dell Medical School and UT Health Austin, said he has heard of academic medical institutions and healthcare systems being under constant attack and is remaining vigilant.

“During any situation, even if it’s a Friday afternoon at 5 o’clock, you can expect to see bad actors try to capitalize,” he said. “It is an unfortunate way of the world and it’s reality, so we are always keeping watch.”

Preparing for cyberattacks

Barlow said there are a few steps healthcare security teams can take to make sure providers working at home are doing so securely.

First, he said it’s key to make sure clinicians have proper virtual private networks (VPNs) in place and that they’re set up properly. A VPN creates a safe connection between a device that could be on a less secure network and the healthcare system network.

Second, he said security teams should make sure those computers have proper protection, often referred to as endpoint security. Endpoint security ensures devices meet certain security criteria before being allowed to connect to a hospital’s network.

The next step is getting a plan in place so that when a healthcare system is breached or hit with ransomware, it will know how to respond, he said. The plan should include how to manage a breach in light of the pandemic, when leaders of the organization are likely working from home.

“If you are hit with ransomware, how are you going to process through that, how are you going to do that when you can’t get everybody in the room … how are you going to make decisions, who are you going to work with,” he said. “Get those plans up to date.”

Go to Original Article

Session cookie mishap exposed HackerOne private reports

A researcher discovered a session cookie risk that could have exposed private bugs on HackerOne, and questions remain about if data may have been taken.

The risk for vulnerability coordination and bug bounty site HackerOne stemmed from a HackerOne security analyst accidentally including a valid session cookie in a communication with community member haxta4ok00. According to the HackerOne incident report attached to the original bug report, which was first reported by Ars Technica, the session cookie was disclosed due to human error and revoked exactly two hours and three minutes after the company learned of the issue.

“Session cookies are tied to a particular application, in this case hackerone.com. The application won’t block access when a session cookie gets reused in another location. This was a known risk. As many of HackerOne’s users work from mobile connections and through proxies, blocking access would degrade the user experience for those users,” HackerOne wrote in the incident report. “A short-term mitigation of this vulnerability is to bind the user’s session to the IP address used at initial sign-in. If an attempt is made to utilize the session from a different IP address, the session is terminated.”

HackerOne added that longer-term mitigations will include detecting session cookies and authentication tokens in user comments and blocking submission, binding sessions to devices rather than IP addresses, improving employee education, and overhauling the permission model for HackerOne security analysts.

Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team, told SearchSecurity, “The first rule of session cookies is don’t share your session cookies.”

“That being said, accidents and oversights can happen. The general idea here is to bind the session cookies with some other identifying attribute of the expected client. This is commonly done by associating session cookies with some additional fingerprint of the authorized user,” Young said. “This can be as simple as restricting session cookies based on IP address or region. More sophisticated methods might involve client-side scripting to fingerprint a specific client browser.”

After seeing “the amount of sensitive information that could have been accessed” as a result of the session cookie account takeover, HackerOne decided the submission was a critical vulnerability and awarded a $20,000 bug bounty.

Data access still in question

Haxta4ok00 wrote in the report that they had “HackerOneStaff Access” and could “read all reports” and edit private programs. However, they asserted multiple times that all actions were in the spirit of white hat hacking.

In the discussion about the issue in the bug report, Reed Loden, director of security at HackerOne, asked haxta4ok00 to “delete all screenshots, exports, etc.” and confirm they had “no other copies of vulnerability data” captured as part of the report submission. While haxta4ok00 claimed they only took screenshots, they admitted they didn’t understand how to prove such data was deleted. Even so, Loden thanked the member “for confirming your removal of all screenshots and other data you may have downloaded as part of your report submission.” 

Following this exchange, Jobert Abma, co-founder of HackerOne, joined the conversation to ask why haxta4ok00 had “opened all the reports and pages in order to validate you had access to the account,” noting the HackerOne team found the extent of the member’s actions unnecessary.

Again, the member claimed they meant no harm and that answer seemed to be accepted by HackerOne staff. The member went on to claim they had previously reported the session cookie risk and nothing was done.

Katie Moussouris, founder and CEO of Luta Security, pointed out on Twitter that the discussion between haxta4ok00 and HackerOne staff raised more questions.

Loden told SearchSecurity that “asking the reporting hacker to validate what we are seeing on our end is one of many steps in our investigation process.”

“HackerOne always conducts comprehensive investigations for all vulnerabilities reported to our own bug bounty program. In this case HackerOne’s bug bounty program operated exactly as intended, it gave us a way to identify an unknown risk fast so we could safely eliminate it,” he wrote via email. “Less than 5% of programs were impacted by this issue, the risk was eliminated within two hours of receipt and long-term fixes were pushed within days.”

Loden also clarified why action was not taken on the first report about session cookie issues.

“HackerOne’s bug bounty program is focused on identifying real-world vulnerabilities impacting the Platform, and we require hackers to provide a valid proof of concept with submissions,” Loden said. “The report in question from three years ago was a purely theoretical scenario focused on older browsers that were not, and are still not, supported by the HackerOne Platform.”

Go to Original Article

Cute but vulnerable: Scientists to use drones, cloud, and AI to protect Australia’s Quokkas – Asia News Center

Microsoft AI for Earth boosts DNA research for species at risk of extinction

The quokkas of Rottnest Island hop about and raise their babies in pouches  – just like mini kangaroos. They have chubby cheeks, pointy ears, big brown eyes, and tiny mouths that always seem to smile. As far as furry little critters go, they have real star power.

But being super-cute doesn’t mean being safe.

The International Union for the Conservation of Nature (ICUN) has classified the quokka as “vulnerable” on its Red List of 28,000 species threatened with extinction.

Scientists want to know more about these animals and are turning to digital technologies to help find out. Their initial focus is on Rottnest, a small island just off the coast from Western Australia’s state capital, Perth.

It is one of the few places where quokkas are doing well. But unlike the hundreds of thousands of day-trippers who go there every year, the researchers aren’t taking selfies with the friendly, cat-sized marsupials.

Instead, they’re after quokka “scat” – a polite biological term for their droppings. More precisely, they want to study the DNA that those droppings contain.

– Jennifer Marsman, principal engineer, Microsoft AI for Earth.

Microsoft recently awarded an AI for Earth Compute Grant to the University of Western Australia (UWA) to study quokkas with new methods that could accelerate research into other threatened and endangered species around the world.

The UWA team is planning to trial a program to monitor at-risk species in faster and cheaper ways using specially designed “scat drones” along with high-powered cloud computing.

“A scat drone has a little probe attached to it for DNA analysis. It can go and look for scat samples around the island, and analyze them in real-time for us,” says UWA Associate Professor Parwinder Kaur who is leading the research. This initial information can then be sequenced and analyzed further in the cloud with the help of machine learning and artificial intelligence.

Jennifer Marsman, principal engineer on Microsoft’s AI for Earth program & UWA Associate Professor Parwinder Kaur director of the Australian DNA Zoo
Jennifer Marsman, principal engineer on Microsoft’s AI for Earth program, and UWA Associate Professor Parwinder Kaur, director of the Australian DNA Zoo

The quokka project is part of an initiative by DNA Zoo, a global organization made up of  more than 55 collaborators in eight countries. It aims to use new digital technologies and scientific rigor to facilitate conservation efforts to help slow, and perhaps one day, halt extinction rates around the world.

The United Nations estimates that around 1 million plant and animal species are now at risk of dying out. Scientists want to prevent that catastrophe by better understanding the complex forces that drive extinctions. To do that, they need lots of data. Just as importantly, they need ways to process and analyze that data on a massive scale.

“It’s a classic big data challenge,” explains Dr. Kaur, who is also a director of DNA Zoo’s Australian node. “The genome of a single mammal may run to 3.2 gigabytes (GB).

“To properly understand the genome, it needs to be read 50 times – creating a 172 GB data challenge for a single animal. Multiply that challenge across entire populations of threatened species and the scale of the computing and analysis problem is clear.

“By using supercomputing power and also Microsoft cloud, artificial intelligence, and machine learning, we hope to automate and accelerate genome assemblies and subsequent analyses.”

With their AI for Earth grant, DNA Zoo will use the cloud to democratize genome assemblies worldwide. It will also come up with insights to help protect and preserve species that are now at risk.

Dr. Kaur (center) with students in her lab at the University of Western Australia.
Dr. Kaur (center) with team members in her lab at the University of Western Australia.

Importantly, data collected through the DNA Zoo program is open-source. When it is shared with other open-source data collections, machine learning can search for patterns that, in turn, can reveal new insights into the health and condition of species populations.

This sort of comparative genomics means scientists can study the DNA of a threatened species or population alongside those which appear to thrive in the same or similar habitats. Ultimately, that will help researchers learn more about how to slow or reverse population decline.

Among other things, the researchers will be looking for genetic clues that might help explain why quokkas thrive on Rottnest but struggle on the Western Australian mainland, just 22 kilometers (13.6 miles) away.

Before Europeans started settling this part of Australia less than two centuries ago, quokkas were common across much of the bottom end of the state. But today’s mainland populations have dropped dramatically. The species now exists in only small scattered mainland locations and two offshore islands, including Rottnest, where they are out of the reach of dangers, such as introduced predators, like wild cats, dogs, and foxes, as well as habitat loss from urbanization and agriculture.

Michelle Reynolds, Executive Director of the Rottnest Island Authority, says the island’s quokka population is a much-loved conservation target. “We welcome the support from Microsoft, DNA Zoo, and UWA that will add to our knowledge of the quokka in ensuring its ongoing survival,” she says.

A species with star power: A quokka on Rottnest Island.

Studying the quokka is just the start for DNA Zoo Australia, which plans to focus its efforts on the country’s top 40 most threatened mammals.

“In the last 200 years, we’ve lost more than 30 species,” says Dr. Kaur. “It’s critical that we act now and join hands with the global initiatives where we can empower our genetically and developmentally unique Australian species with genomic resources.”

Jennifer Marsman, principal engineer on Microsoft’s AI for Earth program, argues that “preserving biodiversity is one of the most important challenges facing scientists today.”

“By putting AI in the hands of researchers and organizations, we can use important data insights to help solve important issues related to water, agriculture, biodiversity, and climate change,” she says.

AI for Earth is more than just grants. Microsoft is helping to bring transformative solutions to commercial scale and offering open-source API solutions to help organizations everywhere boost their impact.”

Go to Original Article
Author: Microsoft News Center

SafeBreach launches new platform to prioritize, mitigate security gaps

SafeBreach has launched the next version of the SafeBreach GRID platform — its Global Risk Director that helps security teams prioritize and manage security gaps revealed by breach simulation.

According to SafeBreach, GRID correlates data from multiple simulations to identify security gaps and then links them to their potential business impact. The platform then generates a priority-based set of recommendations that helps security teams decide which security gaps to address first.

Cybersecurity and risk management are among the top investment priorities in 2019 for Europe, Middle East and Africa (EMEA), according to this year’s ComputerWeekly/TechTarget IT Priorities research.

As companies equip themselves with new technologies to improve employee performance, smooth operations and boost productivity, concerns over breaches and attacks grow higher. As a result, 29% of EMEA and 34% of U.K. respondents said they were planning to increase investment in security to address new threats and compliance requirements to support digital transformation.

According to SafeBreach, the launch follows customers’ demand for higher team efficiency by discovering and tackling the most impactful security issues first. It claims GRID does that by analyzing the enterprise’s assets and the immediate threat landscape to discover any security gaps in its network.

The GRID product works exclusively with the SafeBreach platform and includes the following features:

  • risk indicators to help quantify business risk;
  • analysis of multiple simulation results to provide prioritization of remediation activities;
  • guidance on security configuration changes based on potential business impacts; and
  • integration via the SafeBreach platform with security tools to automatically gather SafeBreach’s analysis of enterprise network and endpoint security gaps for an organization.

A security startup based in Silicon Valley, SafeBreach is competing with other U.S.-based startups, such as Verodin and AttackIQ, in the breach and attack simulation technology market.

AttackIQ, which recently announced its partnership with BlackBerry Cylance to deliver enterprise endpoint security validation, promises to provide “customizable scenarios that mimic real-world threats” for organizations to measure their security control performance and identify security gaps, according to their website.

Verodin’s Security Instrumentation Platform also works to make sure an organization’s security control system is up to date with the current threat landscape. The product intends to integrate into and guide customers’ IT environments to test the effectiveness of their “network, endpoint, email and cloud controls” and then offers reports on how to optimize existing controls, according to the vendor.

Go to Original Article

Inside the GAO’s Equifax breach report

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office’s report on the Equifax breach and the questions it raises.

The U.S. General Accountability Office offered a detailed postmortem on the 2017 Equifax data breach, including new details about what led to the incident.

The Equifax breach report revealed that threat actors began scanning the credit rating agency’s systems for an Apache Struts vulnerability just two days after the vulnerability was publicly disclosed.

And while the Apache Struts bug enabled the attackers to gain a foothold in Equifax’s network, the General Accountability Office (GAO) report shows the vulnerability was just one of the many missteps that contributed to the breach. Those errors include missing 9,000 database queries made by the threat actors in search of valuable data, failing to catch data exfiltration because of a misconfiguration and an outdated recipient list of system administrators who should have been notified of the Apache Struts flaw.

In addition, the Equifax breach report describes how U.S. government agencies were unclear about which — if any — federal agency was coordinating the response effort; the U.S. Department of Homeland Security offered assistance, but Equifax turned it down. Several agencies, including the IRS, U.S. Postal Service and Social Security Administration, used Equifax’s identity verification services at the time of the breach.

What were the biggest lessons learned from the Equifax data breach report? What did the GAO investigation miss? Should companies like Equifax that handle massive amounts of personal data be subject to greater government oversight? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Are the Meltdown and Spectre flaws overhyped?

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards’ Most Overhyped Bug.

Were the Meltdown and Spectre flaws as bad as some claimed? That question was raised by the Pwnie Awards at Black Hat 2018 earlier this month.

While the Meltdown and Spectre flaws were nominated for the Most Innovative Research and Best Privilege Escalation Bug awards, the flaws were also nominated for the Most Overhyped Bug award. According to the Pwnie Awards, the “hype train jumped the tracks a bit” with the reaction to Meltdown and Spectre.

While the Most Overhyped Bug award eventually went to another vulnerability, the Pwnie nomination illustrated the ongoing debate over the seriousness of Meltdown and Spectre. While some experts at Black Hat argued the flaws opened up a dangerous new avenue of attacks, others said Meltdown and Spectre aren’t nearly as threatening as other recent bugs.

Were the Meltdown and Spectre flaws overhyped by some media outlets and security researchers? How dangerous can the flaws be if there’s no evidence they’ve been successfully exploited in the wild? Have we seen the worst of Meltdown and Spectre or are more variants coming? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Meltdown and Spectre disclosure in review

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss new insights — and questions — regarding the coordinated disclosure effort for Meltdown and Spectre.

Black Hat USA 2018 offered new insights into the Meltdown and Spectre disclosure process and raised questions about how such coordinated vulnerability disclosure efforts should be handled.

A Black Hat panel discussion provided a behind-the-scenes look at the process from the perspective of Microsoft, Google and Red Hat representatives.

During the discussion, the panelists revealed a number of stumbling blocks that posed problems for not only Intel, AMD and ARM, but the security response teams at various stakeholder companies, as well. For example, because of a miscommunication, Google wasn’t officially informed about the vulnerabilities until 45 days after they were first reported to the chipmakers.

The panelists also discussed the challenge of deciding which stakeholders to include in the Meltdown and Spectre disclosure and response process and when to include those parties.

How could the coordinated vulnerability disclosure process have been handled better? Should the pre-disclosure response and mitigation effort have included more people or fewer? How could Google have been left out of the loop for so long? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions on the Meltdown and Spectre disclosure and more in this episode of the Risk & Repeat podcast.

Deloitte CIO survey: Traditional CIO role doesn’t cut it in digital era

CIOs who aren’t at the forefront of their companies’ digital strategies risk becoming obsolete — and they risk taking their IT departments with them.

The message isn’t new to IT executives, who have been counseled in recent years to take a leadership role in driving digital transformation. But new data suggests CIOs are struggling to make the shift. According to a recently published global CIO survey by Deloitte Consulting, 55% of business and technology leaders polled said CIOs are focused on delivering operational efficiency, reliability and cost-savings to their companies.

Kristi Lamar, managing director and U.S. CIO program leader at Deloitte and a co-author of the report, said IT executives who are serving in a traditional CIO capacity should take the finding as a clarion call to break out of that “trusted operator” role — and soon.

“If they don’t take a lead on digital, they’re ultimately going to be stuck in a trusted operator role, and IT is going to become a back office function versus really having a technology-enabled business,” she said. “The pace of change is fast and they need to get on board now.”

Taking on digital

Manifesting legacy: Looking beyond the digital era” is the final installment of a three-part, multiyear CIO survey series on CIO legacy. The idea was to chronicle how CIOs and business leaders perceived the role and to explore how CIOs delivered value to their companies against the backdrop of digital transformation.

Kristi Lamar, managing director and U.S.CIO program leader at DeloitteKristi Lamar

In the first installment, the authors developed three CIO pattern types. They are as follows:

  • Business co-creators: CIOs drive business strategy and enable change within the company to execute on the strategy.
  • Change instigators: CIOs lead digital transformation efforts for the enterprise.
  • Trusted operators: CIOs operate in a traditional CIO role and focus on operational efficiency and resiliency, as well as cost-savings efforts.

Based on their findings, the authors decided that CIOs should expect to move between the three roles, depending on what their companies needed at a given point in time. But this year’s CIO survey of 1,437 technology and business leaders suggested that isn’t happening for the most part. “We have not seen a huge shift in the last four years of CIOs getting out of that trusted operator role,” Lamar said.

The pace of change is fast and they need to get on board now.
Kristi Lamarmanaging director, Deloitte

Indeed, 44% of the CIOs surveyed reported they don’t lead digital strategy development or lead the execution of that strategy.

The inability of CIOs to break out of the trusted operator role is a two-way street. Lamar said that companies still see CIOs as — and need CIOs to be — trusted operators. But while CIOs must continue to be responsible for ensuring a high level of operational excellence, they also need to help their companies move away from what’s quickly becoming an outdated business-led, technology-enabled mindset.

The more modern view is that every company is a technology company, which means CIOs need to delegate responsibility for trustworthy IT operations and — as the company’s top technology expert — take a lead role in driving business strategy.

“The reality is the CIO should be pushing that trusted operator role down to their deputies and below so that they can focus their time and energy on being far more strategic and be a partner with the business,” she said.

Take your seat at the table

To become a digital leader, a trusted operator needs to “take his or her seat at the table” and change the corporate perception of IT, according to Lamar. She suggested they build credibility and relationships with the executive team and position themselves as the technology evangelist for the company.

“CIOs need to be the smartest person in the room,” she said. “They need to be proactive to educate, inform and enable the business leaders in the organization to be technology savvy and tech fluent.”

Trusted operators can get started by seeing any conversation they have with business leaders about digital technology as an opportunity to begin reshaping their relationship.

If they’re asked by the executive team or the board about technology investments, trusted operators should find ways to plant seeds on the importance of using new technologies or explain ways in which technology can drive business results. This way, CIOs continue to support the business while bringing to the discussion “the art of the possible and not just being an order taker,” Lamar said.

Next, become a ‘digital vanguard’

Ultimately, CIOs want to help their organizations join what Deloitte calls the “digital vanguard,” or companies with a clear digital strategy and that view their IT function as a market leader in digital and emerging technologies.

Lamar said organizations she and her co-authors identified as “digital vanguards” — less than 10% of those surveyed — share a handful of traits. They have a visible digital strategy that cuts across the enterprise. In many cases, IT — be it a CIO or a deputy CIO — is leading the execution of the digital strategy.

CIOs who work for digital vanguard companies have found ways to shift a percentage of their IT budgets away from operational expenses to innovation. According to the survey, baseline organizations spend on average about 56% of their budgets on business operations and 18% on business innovation versus 47% and 26% respectively at digital vanguard organizations.

Digital vanguard CIOs also place an emphasis on talent by thinking about retention and how to retool employees who have valuable institutional knowledge for the company. And they seek out well-rounded hires, employees who can bring soft skills, such as emotional intelligence, to the table, Lamar said.

Talent is top of mind for most CIOs, but digital vanguards have figured out how to build environments for continuous learning and engagement to both attract and retain talent. Lamar called this one of the hardest gaps to close between organizations that are digital vanguards and those that aren’t. “The culture of these organizations tends to embrace and provide opportunities for their people to do new things, play with new tools or embrace new technologies,” she said.

Plan to map UK’s network of heart defibrillators could save thousands of lives a year

Thousands of people who are at risk of dying every year from cardiac arrest could be saved under new plans to make the public aware of their nearest defibrillator.

There are 30,000 cardiac arrests outside of UK hospitals annually but fewer than one-in-10 of those survive, compared with a 25% survival rate in Norway, 21% in North Holland, and 20% in Seattle, in the US.

A new partnership between the British Heart Foundation (BHF), Microsoft, the NHS and New Signature aims to tackle the problem by mapping all the defibrillators in the UK, so 999 call handlers can tell people helping a cardiac arrest patient where the nearest device is.

Ambulance services currently have their own system of mapping where defibrillators are located but this is not comprehensive.

It is hoped the partnership can evolve to capture heart data from cardiac arrest patients

“There is huge potential ahead in the impact that technology will have in digitally transforming UK healthcare,” said Clare Barclay, Chief Operating Officer at Microsoft. “This innovative partnership will bring the power of Microsoft technology together with the incredible vision and life-saving work of BHF and the NHS. This project, powered by the cloud, will better equip 999 call handlers with information that can make the difference between life and death and shows the potential that innovative partnerships like this could make to the health of the nation.”

Cardiac arrest occurs when the heart fails to pump effectively, resulting in a sudden loss of blood flow. Symptoms include a loss of consciousness, abnormal or absent breathing, chest pain, shortness of breath and nausea. If not treated within minutes, it usually leads to death.

Defibrillators can save the life of someone suffering from a cardiac arrest by providing a high-energy electric shock to the heart through the chest wall. This allows the body’s natural pacemaker to re-establish the heart’s normal rhythm.

However, defibrillators are used in just 2% of out-of-hospital cardiac arrests, often because bystanders and ambulance services don’t know where the nearest device is located.

Owners of the tens of thousands of defibrillators in workplaces, train stations, leisure centres and public places across the country will register their device with the partnership. That information will be stored in Azure, Microsoft’s cloud computing service, where it will be used by ambulance services during emergency situations. The system will also remind owners to check their defibrillators to make sure they are in working order.

It is hoped that the partnership can evolve to enable defibrillators to self-report their condition, as well as capture heart data from cardiac arrest patients that can be sent to doctors.

Simon Gillespie, Chief Executive of the BHF, said: “Every minute without CPR or defibrillation reduces a person’s chance of surviving a cardiac arrest by around 10%. Thousands more lives could be saved if the public were equipped with vital CPR skills, and had access to a defibrillator in the majority of cases.

Everything you need to know about Microsoft’s cloud

“While we’ve made great progress in improving the uptake of CPR training in schools, public defibrillators are rarely used when someone suffers a cardiac arrest, despite their widespread availability. This unique partnership could transform this overnight, meaning thousands more people get life-saving defibrillation before the emergency services arrive.”

Simon Stevens, Chief Executive of NHS England, added: “This promises to be yet another example of how innovation within the NHS leads to transformative improvements in care for patients.”

The defibrillation network will be piloted by West Midlands Ambulance Service and the Scottish Ambulance Service, before being rolled out across the UK.

Tags: , , , , ,

For Sale – Coloredge CX240

Ideal monitor for photographic work.

Collection only as I have no box and don’t want to risk packaging.

Price and currency: £300
Delivery: Goods must be exchanged in person
Payment method: Paypal or COD
Location: Burnley, Lancashire
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.