Tag Archives: within

Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise – Microsoft Security

Microsoft Threat Experts is the managed threat hunting service within Microsoft Defender Advanced Threat Protection (ATP) that includes two capabilities: targeted attack notifications and experts on demand.

Today, we are extremely excited to share that experts on demand is now generally available and gives customers direct access to real-life Microsoft threat analysts to help with their security investigations.

With experts on demand, Microsoft Defender ATP customers can engage directly with Microsoft security analysts to get guidance and insights needed to better understand, prevent, and respond to complex threats in their environments. This capability was shaped through partnership with multiple customers across various verticals by investigating and helping mitigate real-world attacks. From deep investigation of machines that customers had a security concern about, to threat intelligence questions related to anticipated adversaries, experts on demand extends and supports security operations teams.

The other Microsoft Threat Experts capability, targeted attack notifications, delivers alerts that are tailored to organizations and provides as much information as can be quickly delivered to bring attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion. Together, the two capabilities make Microsoft Threat Experts a comprehensive managed threat hunting solution that provides an additional layer of expertise and optics for security operations teams.

Experts on the case

By design, the Microsoft Threat Experts service has as many use cases as there are unique organizations with unique security scenarios and requirements. One particular case showed how an alert in Microsoft Defender ATP led to informed customer response, aided by a targeted attack notification that progressed to an experts on demand inquiry, resulting in the customer fully remediating the incident and improving their security posture.

In this case, Microsoft Defender ATP endpoint protection capabilities recognized a new malicious file in a single machine within an organization. The organization’s security operations center (SOC) promptly investigated the alert and developed the suspicion it may indicate a new campaign from an advanced adversary specifically targeting them.

Microsoft Threat Experts, who are constantly hunting on behalf of this customer, had independently spotted and investigated the malicious behaviors associated with the attack. With knowledge about the adversaries behind the attack and their motivation, Microsoft Threat Experts sent the organization a bespoke targeted attack notification, which provided additional information and context, including the fact that the file was related to an app that was targeted in a documented cyberattack.

To create a fully informed path to mitigation, experts pointed to information about the scope of compromise, relevant indicators of compromise, and a timeline of observed events, which showed that the file executed on the affected machine and proceeded to drop additional files. One of these files attempted to connect to a command-and-control server, which could have given the attackers direct access to the organization’s network and sensitive data. Microsoft Threat Experts recommended full investigation of the compromised machine, as well as the rest of the network for related indicators of attack.

Based on the targeted attack notification, the organization opened an experts on demand investigation, which allowed the SOC to have a line of communication and consultation with Microsoft Threat Experts. Microsoft Threat Experts were able to immediately confirm the attacker attribution the SOC had suspected. Using Microsoft Defender ATP’s rich optics and capabilities, coupled with intelligence on the threat actor, experts on demand validated that there were no signs of second-stage malware or further compromise within the organization. Since, over time, Microsoft Threat Experts had developed an understanding of this organization’s security posture, they were able to share that the initial malware infection was the result of a weak security control: allowing users to exercise unrestricted local administrator privilege.

Experts on demand in the current cybersecurity climate

On a daily basis, organizations have to fend off the onslaught of increasingly sophisticated attacks that present unique security challenges in security: supply chain attacks, highly targeted campaigns, hands-on-keyboard attacks. With Microsoft Threat Experts, customers can work with Microsoft to augment their security operations capabilities and increase confidence in investigating and responding to security incidents.

Now that experts on demand is generally available, Microsoft Defender ATP customers have an even richer way of tapping into Microsoft’s security experts and get access to skills, experience, and intelligence necessary to face adversaries.

Experts on demand provide insights into attacks, technical guidance on next steps, and advice on risk and protection. Experts can be engaged directly from within the Windows Defender Security Center, so they are part of the existing security operations experience:

We are happy to bring experts on demand within reach of all Microsoft Defender ATP customers. Start your 90-day free trial via the Microsoft Defender Security Center today.

Learn more about Microsoft Defender ATP’s managed threat hunting service here: Announcing Microsoft Threat Experts.

Go to Original Article
Author: Microsoft News Center

DevOps security shifts left, but miles to go to pass hackers

DevOps security processes have matured within enterprises over the last year, but IT shops still have far to go to stem the tide of data breaches.

DevOps teams have built good security habits almost by default as they have increased the frequency of application releases and adopted infrastructure and security automation to improve software development. More frequent, smaller, automated app deployments are less risky and less prone to manual error than large and infrequent ones.

Microservices management and release automation demand tools such as infrastructure as code and configuration management software to manage infrastructure, which similarly cut down on human error. Wrapped up into a streamlined GitOps process, Agile and DevOps techniques automate the path to production while locking down access to it — a win for both security and IT efficiency.

However, the first six months of 2019 saw such a flood of high-profile data breaches that at least one security research firm called it the worst year on record. And while cybersecurity experts aren’t certain how trustworthy that measurement is — there could just be more awareness of breaches than there used to be, or more digital services to attack than in past years — they feel strongly that DevOps security teams still aren’t staying ahead of attackers, who have also learned to automate and optimize what they do.

Adrian Sanabria, advocate at Thinkst Applied ResearchAdrian Sanabria

“The attackers have innovated, and that’s one of the problems with our industry — we’re at least five years behind the attackers,” said Adrian Sanabria, advocate at Thinkst Applied Research, a cybersecurity research and software firm based in South Africa. “We’re in a mode where we’re convinced, with all this VC money and money spent on marketing, that we have to wait for a product to be available to solve these problems … and they’re never going to be ready in time.”

DevOps security tools aren’t enough

A cybersecurity tool is only as good as how it’s used, Sanabria said, citing the example of a Target breach in 2013, where security software detected potentially malicious activity, but IT staff didn’t act on its warnings. In part, this was attributed to alert fatigue, as IT teams increasingly deal with a fire hose of alerts from various monitoring systems. But it also has to do with IT training, Sanabria said.

“In the breach research I’ve done, generally everyone owned [the tools] they needed to own,” he said. “They either didn’t know how to use it, hadn’t set it up correctly, or they had some kind of process issue where the [tools] did try to stop the attacks or warn them of it, [but] they either didn’t see the alert or didn’t act on the alert.”

The attackers have innovated, and that’s one of the problems with our industry — we’re at least five years behind the attackers.
Adrian SanabriaAdvocate, Thinkst Applied Research

DevOps security, or DevSecOps, teams have locked down many of the technical weak points within infrastructure and app deployment processes, but all too often, the initial attack takes a very human form, such as a spoofed email that seems to come from a company executive, directing the recipient to transfer funds to what turns out to be an attacker’s account.

“Often, breaches don’t even require hacking,” Sanabria said. “It requires understanding of financial processes, who’s who in the company and the timing of certain transactions.”

Preventing such attacks requires that employees be equally familiar with that information, Sanabria said. That lack of awareness is driving a surge in ransomware attacks, which rely almost entirely on social engineering to hold vital company data hostage.

Collaboration and strategy vital for DevOps security

Thus, in a world of sophisticated technology, the biggest problems remain human, according to experts — and their solutions are also rooted in organizational dynamics and human collaboration, starting with a more strategic, holistic organizational approach to IT security.

Jeremy Pullen, PolodisJeremy Pullen

“Technology people don’t think of leadership skills and collaboration as primary job functions,” said Jeremy Pullen, CEO of Polodis, a digital transformation consulting firm in Atlanta. “They think the job is day-to-day technical threat remediation, but you can’t scale your organization when you have people trying to do it all themselves.”

An overreliance on individual security experts within enterprises leads to a ‘lamppost effect,’ where those individuals overcompensate for risks they’re familiar with, but undercompensate in areas they don’t understand as well, Pullen said. That kind of team structure also results in the time-honored DevOps bugaboo of siloed responsibilities, which increases security fragility in the same way it dampens application performance and infrastructure resilience.

“Developers and operations may be blind to application security issues, while security tends to focus on physical and infrastructure security, which is most clearly defined in their threat models,” Pullen said. “Then it becomes a bit of a game of Whac-a-Mole … where you’re trying to fix one thing and then another thing pops up, and it gets really noisy.”

Instead, DevSecOps teams must begin to think of themselves and their individual job functions as nodes in a network rather than layers of a stack, Pullen said, and work to understand how the entire organization fits together.

“Everyone’s unclear about what enterprise architecture is,” he said. “They stick Jenkins in the middle of a process but might not understand that they need to separate that environment into different domains and understand governance boundaries.”

Effective DevOps security requires more team practice

Strategically hardening applications and IT management processes to prevent attacks is important, but organizations must also strategically plan — and practice — their response to ongoing security incidents that can and will still happen.

“Cybersecurity so far has been focused on solitary study and being the best technical practitioner you can be, and building stand-alone applications and infrastructure to the best technical standard, which reminds me of golf,” said Nick Drage, principal consultant at Path Dependence Ltd., a cybersecurity consulting firm based in the U.K., in a presentation at DevSecCon in Seattle last month. “But in reality, cybersecurity is a fight with an opponent over territory — much more like American football.”

As long as security is practiced by isolated individuals, it will be as effective as taking the football field armed with golf clubs, Drage said. Instead, the approach should be more team-oriented, cooperative, and, especially, emphasize team practice to prepare for ‘game time.’

This is the future of governance — controlling risk on the human side of our systems.
Charles BetzAnalyst, Forrester Research

American football defenses are particularly instructive for DevOps security strategy ideas about defense in depth, Drage said in his presentation. Among other things, they demonstrate that an initial incursion into a team’s territory — yards gained — does not amount to a breach — points scored. IT teams should also apply that thinking as they try to anticipate and respond to threats — how to protect the ‘end zone,’ so to speak, and not just their half of the field.

Thinkst’s Sanabria uses a different analogy — the DevOps security team as firefighters.

“We’re not going to get good at this if we don’t practice it,” he said. “We buy all the tools, but imagine firefighters if they’d never donned the suits, never driven the truck, never used the hose and they’re not expecting the amount of force and it knocks them down. Going out to their first fire would look like a comedy.”

And yet that’s exactly what happens with many enterprise IT security teams when they must respond to incidents, Sanabria said, in part because companies don’t prioritize experiential learning over informational training.

The good news is that IT analysts expect the next wave of DevOps security to look very much like chaos engineering used in many organizations to improve system resiliency, but with a human twist. Organizations have begun to emerge such as OpenSOC, which sets up training workshops, including simulated ransomware attacks, for companies to practice security incident response. Companies can also do this internally by treating penetration tests as real attacks, otherwise known as red teaming. Free and open source tools such as Infection Monkey from Guardicore Labs also simulate attack scenarios.

Charles Betz, Forrester ResearchCharles Betz

Tech companies such as such as Google already practice their own form of human-based chaos testing, where employees are selected at random for a ‘staycation,’ directed to take a minimum of one hour to answer work emails, or to intentionally give wrong answers to questions, to test the resiliency of the rest of the organization.

“Despite the implications of the word ‘chaos,’ some companies are already presenting chaos engineering to their risk management leaders and auditors,” said Charles Betz, analyst at Forrester Research. “This is the future of governance — controlling risk on the human side of our systems.”

Go to Original Article
Author:

New HashiCorp Terraform pricing aims for midsize firms, teams

HashiCorp Terraform offers a new midrange pricing tier that may appeal to teams within enterprises who want to use the infrastructure-as-code tool, but don’t want to wait for a capital commitment to Terraform Enterprise.

HashiCorp Terraform Cloud, a hosted version of the open source-based infrastructure-as-code software, came out as a free offering in 2018, which offered cloud-based state storage for Terraform users outside the Terraform Enterprise subscription user base. This week, HashiCorp added features to the free version, and rolled out a paid version, Terraform Cloud for Teams, that bridges the gap between the Terraform Cloud free tier and Terraform Enterprise.

“How do you collaborate with your peers if you’re not in a regulated corporate setting, if Terraform Enterprise is too big?” said Armon Dadgar, co-founder and CTO of HashiCorp, in a keynote presentation at HashiConf this week.

Additions to the Terraform Cloud free tier will flesh out Terraform for this mid-tier scenario, Dadgar said. In addition to state storage, Terraform Cloud free tier will now support remote plan and apply operations for Terraform infrastructure-as-code templates, as well as team-based workflows and collaboration and a private module registry for internal distribution among teams.

For Terraform teams that do want enterprise governance features, Terraform Cloud for Teams comes with role-based access control for private module registries and support for unlimited collaborators in a version priced at $20 per user per month. For $70 per user per month, Terraform Cloud for Teams also includes Sentinel policy as code and advanced policy and permissions features that can be customized among multiple regions and time zones, and enforced as mandatory or suggestions. The $70 per month version also includes a new cloud infrastructure cost estimation feature that alerts users about the projected costs of infrastructure they are about to provision with Terraform.

There will be overlap in the Terraform Cloud for Teams audience between midsize companies that will never need Terraform Enterprise, industry watchers say, and very large companies where IT teams don’t want to go through the politics of instituting a Terraform Enterprise license agreement.

How do you collaborate with your peers if you’re not in a regulated corporate setting, if Terraform Enterprise is too big?
Armon Dadgar Co-founder and CTO, HashiCorp

“Most big customers face a similar internal dynamic where it’s more and more difficult to get capital budget for IT projects, and top-down license agreements take a very long time,” said John Mitchell, formerly chief platform architect at SAP Ariba, a HashiCorp Enterprise shop, and now an independent digital transformation consultant who contracts with HashiCorp, among others. “Terraform Cloud for Teams offers an Opex-based consumption model, with fewer training issues, that gives enterprise teams an ‘end around’ to be able to use the tool from a political and budgeting standpoint.”

HashiCorp can also use these team-based footholds to upsell the wider enterprise on a Terraform Enterprise license agreement where appropriate, Mitchell said.

Terraform Cloud’s features in both the free tier and paid Teams versions also expanded to include workflow integrations with third-party IT management and DevOps platforms, from GitHub to ServiceNow and Slack, Dadgar said. Those tools could trigger Terraform build and deploy jobs in the past, but Terraform teams can now collaborate within those platforms as well. Terraform Cloud webhooks also let users back Terraform in to a broader IT automation ecosystem, including custom applications.

Terraform’s future: Remain ‘Switzerland’ or join a platform?

It’s no coincidence that HashiCorp seems to broaden Terraform’s reach into third-party workflow platforms, as many large enterprise IT vendors race to offer soup-to-nuts DevOps and infrastructure automation platforms for their respective customers. It’s also no secret that HashiCorp might make a juicy acquisition target for such a platform player. However, such speculation has been ongoing for at least a year, without any such acquisition in place, and industry experts are divided on whether HashiCorp will join up with a platform vendor or retain its platform independence while partnering with larger companies.

For HashiCorp loyalists such as Mitchell, HashiCorp’s lack of affiliation with any one infrastructure or software platform provider is key to its appeal.

“The reality is that HashiCorp’s founders have been around long enough to see what happens to most acquisitions done by [large IT vendors],” he said. “Even if the IP technically survives, it’s still part of that bigger machine and economic model. HashiCorp will be more successful long-term than as part of an incumbent, legacy bureaucracy.”

At the same time, HashiCorp faces some of the same business model problems as other independent open core software businesses, as major cloud providers threaten to usurp their value. So far, HashiCorp has taken a slightly different tack than players such as Elastic Inc. and Redis that saw open source software lifted by cloud providers such as Amazon — HashiCorp offers its own managed services with Terraform Cloud, and where a third-party provider offers them, such as Microsoft Azure’s HashiCorp Consul Service, HashiCorp’s site reliability engineers retain control over back-end management.

“That has to be part of their strategy if they’re going to remain independent, figuring out how to block or sidestep the obvious invasion by cloud providers,” Mitchell said.

Other industry watchers don’t count HashiCorp out as an acquisition target just yet.

“Terraform has the advantage of being able to deploy applications, while others have to find a way to plug in with CI/CD tools,” said Tom Petrocelli, analyst at Amalgam Insights in Arlington, Mass. “But in a world where platforms matter, at some point they have to pull what they have together as part of a platform to compete with the likes of Ansible.”

Go to Original Article
Author:

Deep learning rises: New methods for detecting malicious PowerShell – Microsoft Security

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on such tasks as image and text classification. With these developments, there’s great potential for building novel threat detection methods using deep learning.

Machine learning algorithms work with numbers, so objects like images, documents, or emails are converted into numerical form through a step called feature engineering, which, in traditional machine learning methods, requires a significant amount of human effort. With deep learning, algorithms can operate on relatively raw data and extract features without human intervention.

At Microsoft, we make significant investments in pioneering machine learning that inform our security solutions with actionable knowledge through data, helping deliver intelligent, accurate, and real-time protection against a wide range of threats. In this blog, we present an example of a deep learning technique that was initially developed for natural language processing (NLP) and now adopted and applied to expand our coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector. These deep learning-based detections add to the industry-leading endpoint detection and response capabilities in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

Word embedding in natural language processing

Keeping in mind that our goal is to classify PowerShell scripts, we briefly look at how text classification is approached in the domain of natural language processing. An important step is to convert words to vectors (tuples of numbers) that can be consumed by machine learning algorithms. A basic approach, known as one-hot encoding, first assigns a unique integer to each word in the vocabulary, then represents each word as a vector of 0s, with 1 at the integer index corresponding to that word. Although useful in many cases, the one-hot encoding has significant flaws. A major issue is that all words are equidistant from each other, and semantic relations between words are not reflected in geometric relations between the corresponding vectors.

Contextual embedding is a more recent approach that overcomes these limitations by learning compact representations of words from data under the assumption that words that frequently appear in similar context tend to bear similar meaning. The embedding is trained on large textual datasets like Wikipedia. The Word2vec algorithm, an implementation of this technique, is famous not only for translating semantic similarity of words to geometric similarity of vectors, but also for preserving polarity relations between words. For example, in Word2vec representation:

Madrid – Spain + Italy ≈ Rome

Embedding of PowerShell scripts

Since training a good embedding requires a significant amount of data, we used a large and diverse corpus of 386K distinct unlabeled PowerShell scripts. The Word2vec algorithm, which is typically used with human languages, provides similarly meaningful results when applied to PowerShell language. To accomplish this, we split the PowerShell scripts into tokens, which then allowed us to use the Word2vec algorithm to assign a vectorial representation to each token .

Figure 1 shows a 2-dimensional visualization of the vector representations of 5,000 randomly selected tokens, with some tokens of interest highlighted. Note how semantically similar tokens are placed near each other. For example, the vectors representing -eq, -ne and -gt, which in PowerShell are aliases for “equal”, “not-equal” and “greater-than”, respectively, are clustered together. Similarly, the vectors representing the allSigned, remoteSigned, bypass, and unrestricted tokens, all of which are valid values for the execution policy setting in PowerShell, are clustered together.

Figure 1. 2D visualization of 5,000 tokens using Word2vec

Examining the vector representations of the tokens, we found a few additional interesting relationships.

Token similarity: Using the Word2vec representation of tokens, we can identify commands in PowerShell that have an alias. In many cases, the token closest to a given command is its alias. For example, the representations of the token Invoke-Expression and its alias IEX are closest to each other. Two additional examples of this phenomenon are the Invoke-WebRequest and its alias IWR, and the Get-ChildItem command and its alias GCI.

We also measured distances within sets of several tokens. Consider, for example, the four tokens $i, $j, $k and $true (see the right side of Figure 2). The first three are usually used to represent a numeric variable and the last naturally represents a Boolean constant. As expected, the $true token mismatched the others – it was the farthest (using the Euclidean distance) from the center of mass of the group.

More specific to the semantics of PowerShell in cybersecurity, we checked the representations of the tokens: bypass, normal, minimized, maximized, and hidden (see the left side of Figure 2). While the first token is a legal value for the ExecutionPolicy flag in PowerShell, the rest are legal values for the WindowStyle flag. As expected, the vector representation of bypass was the farthest from the center of mass of the vectors representing all other four tokens.

Figure 2. 3D visualization of selected tokens

Linear Relationships: Since Word2vec preserves linear relationships, computing linear combinations of the vectorial representations results in semantically meaningful results. Below are a few interesting relationships we found:

high – $false + $true ≈’ low
‘-eq’ – $false + $true ‘≈ ‘-neq’
DownloadFile – $destfile + $str ≈’ DownloadString ‘
Export-CSV’ – $csv + $html ‘≈ ‘ConvertTo-html’
‘Get-Process’-$processes+$services ‘≈ ‘Get-Service’

In each of the above expressions, the sign ≈ signifies that the vector on the right side is the closest (among all the vectors representing tokens in the vocabulary) to the vector that is the result of the computation on the left side.

Detection of malicious PowerShell scripts with deep learning

We used the Word2vec embedding of the PowerShell language presented in the previous section to train deep learning models capable of detecting malicious PowerShell scripts. The classification model is trained and validated using a large dataset of PowerShell scripts that are labeled “clean” or “malicious,” while the embeddings are trained on unlabeled data. The flow is presented in Figure 3.

Figure 3 High-level overview of our model generation process

Using GPU computing in Microsoft Azure, we experimented with a variety of deep learning and traditional ML models. The best performing deep learning model increases the coverage (for a fixed low FP rate of 0.1%) by 22 percentage points compared to traditional ML models. This model, presented in Figure 4, combines several deep learning building blocks such as Convolutional Neural Networks (CNNs) and Long Short-Term Memory Recurrent Neural Networks (LSTM-RNN). Neural networks are ML algorithms inspired by biological neural systems like the human brain. In addition to the pretrained embedding described here, the model is provided with character-level embedding of the script.

Figure 4 Network architecture of the best performing model

Real-world application of deep learning to detecting malicious PowerShell

The best performing deep learning model is applied at scale using Microsoft ML.Net technology and ONNX format for deep neural networks to the PowerShell scripts observed by Microsoft Defender ATP through the AMSI interface. This model augments the suite of ML models and heuristics used by Microsoft Defender ATP to protect against malicious usage of scripting languages.

Since its first deployment, this deep learning model detected with high precision many cases of malicious and red team PowerShell activities, some undiscovered by other methods. The signal obtained through PowerShell is combined with a wide range of ML models and signals of Microsoft Defender ATP to detect cyberattacks.

The following are examples of malicious PowerShell scripts that deep learning can confidently detect but can be challenging for other detection methods:

Figure 5. Heavily obfuscated malicious script

Figure 6. Obfuscated script that downloads and runs payload

Figure 7. Script that decrypts and executes malicious code

Enhancing Microsoft Defender ATP with deep learning

Deep learning methods significantly improve detection of threats. In this blog, we discussed a concrete application of deep learning to a particularly evasive class of threats: malicious PowerShell scripts. We have and will continue to develop deep learning-based protections across multiple capabilities in Microsoft Defender ATP.

Development and productization of deep learning systems for cyber defense require large volumes of data, computations, resources, and engineering effort. Microsoft Defender ATP combines data collected from millions of endpoints with Microsoft computational resources and algorithms to provide industry-leading protection against attacks.

Stronger detection of malicious PowerShell scripts and other threats on endpoints using deep learning mean richer and better-informed security through Microsoft Threat Protection, which provides comprehensive security for identities, endpoints, email and data, apps, and infrastructure.

Shay Kels and Amir Rubin
Microsoft Defender ATP team

Additional references:

Go to Original Article
Author: Microsoft News Center

Chief transformation officer takes digital one step further

There’s a new player on the block when it comes to the team leading digital efforts within a healthcare organization.

Peter Fleischut, M.D., has spent the last two years leading telemedicine, robotics and robotic process automation and artificial intelligence efforts at New York-Presbyterian as its chief transformation officer, a relatively new title that is beginning to take form right alongside the chief digital officer.

Fleischut works as part of the organization’s innovation team under New York-Presbyterian CIO Daniel Barchi. Formerly the chief innovation officer for New York-Presbyterian, Fleischut described his role as improving care delivery and providing a better digital experience.

“I feel like we’re past the age of innovating. Now it’s really about transforming our care model,” he said.

What is a chief transformation officer?

The chief transformation officer is “larger than a technology or digital role alone,” according to Barchi.

Indeed, Laura Craft, analyst at Gartner, said she’s seeing healthcare organizations use the title more frequently to indicate a wider scope than, say, the chief digital officer.

The chief digital officer, a title that emerged more than five years ago, is often described as taking an organization from analog to digital. The digital officer role is still making inroads in healthcare today. Kaiser Permanente recently named Prat Vemana as its first chief digital officer for the Kaiser Foundation Health Plan and Hospitals. In the newly created role, Vemana is tasked with leading Kaiser Permanente’s digital strategy in collaboration with internal health plan and hospital teams, according to a news release.

A chief transformation officer, however, often focuses not just on digital but also emerging tech, such as AI, to reimagine how an organization does business.

“It has a real imperative to change the way [healthcare] is operating and doing business, and healthcare organizations are struggling with that,” Craft said. 

Barchi, who has been CIO at New York-Presbyterian for four years, said the role of chief transformation officer was developed by the nonprofit academic medical center to “take technology to the next level” and scale some of the digital programs it had started. The organization sought to improve not only back office functions but to advance the way it operates digitally when it comes to the patient experience, from hospital check-in to check-out.

I feel like we’re past the age of innovating. Now it’s really about transforming our care model.
Peter Fleischut, M.D.Chief transformation officer, New York-Presbyterian

Fleischut was selected for the role due to his background as a clinician, as well as the organization’s former chief innovation officer. He has been in the role for two years and is charged with further developing and scaling New York-Presbyterian’s AI, robotics and telemedicine programs.

The organization, which has four major divisions and is comprised of 10 hospitals, deeply invested in its telemedicine efforts and built a suite of services about four years ago. In 2016, it completed roughly 1,000 synchronous video visits between providers and patients. Now, the organization expects to complete between 500,000 and 1,000,000 video visits by the end of 2019, Fleischut said during his talk at the recent mHealth & Telehealth World Summit in Boston.

One of the areas where New York-Presbyterian expanded its telemedicine services under Fleischut’s lead was in emergency rooms, offering low-acuity patients the option of seeing a doctor virtually instead of in-person, which shortened patient discharge times from an average baseline of two and a half hours to 31 minutes.

The healthcare organization has also expanded its telemedicine services to kiosks set up in local Walgreens, and has a mobile stroke unit operating out of three ambulances. Stroke victims are treated in the ambulance virtually by an on-call neurologist.  

“At the end of the day with innovation and transformation, it’s all about speed, it’s all about time, and that’s what this is about,” Fleischut said. “How to leverage telemedicine to provide faster, quicker, better care to our patients.”

Transforming care delivery, hospital operations  

Telemedicine is one example of how New York-Presbyterian is transforming the way it interacts with patients. Indeed, that’s one of Fleischut’s main goals — to streamline the patient experience digitally through tools like telemedicine, Barchi said.

“The way you reach patients is using technology to be part of their lives,” Barchi said. “So Pete, in his role, is really important because we wanted someone focused on that patient experience and using things like telemedicine to make the patient journey seamless.” 

But for Fleischut to build a better patient experience, he also has to transform the way the hospital operates digitally, another one of his major goals.

As an academic medical center, Barchi said the organization invests significantly in advanced, innovative technology, including robotics. Barchi said he works with one large budget to fund innovation, information security and electronic medical records.

One hospital operation Fleischut worked to automate using robotics was food delivery. Instead of having hospital employees deliver meals to patients, New York-Presbyterian now uses large robots loaded with food trays that are programmed to deliver patient meals.

Fleischut’s work, Barchi said, will continue to focus on innovative technologies transforming the way New York-Presbyterian operates and delivers care.

“Pete’s skills from being a physician with years of experience, as well as his knowledge of technology, allow him to be truly transformative,” Barchi said.

In his role as chief transformation officer, Fleischut said he considers people and processes the most important part of the transformation journey. Without having the right processes in place for changing care delivery and without provider buy-in, the effort will not be a success, he said.

“Focusing on the people and the process leads to greater adoption of technologies that, frankly, have been beneficial in other industries,” he said.

Go to Original Article
Author:

For Sale – Apple-Wireless-Keyboard-A1314 £30

in a great condition ..

Price and currency: £30
Delivery: Delivery cost is included within my country
Payment method: BT,PPG
Location: London
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple-Wireless-Keyboard-A1314 £30

in a great condition ..

Price and currency: £30
Delivery: Delivery cost is included within my country
Payment method: BT,PPG
Location: London
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple-Wireless-Keyboard-A1314 £30

in a great condition ..

Price and currency: £30
Delivery: Delivery cost is included within my country
Payment method: BT,PPG
Location: London
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple-Wireless-Keyboard-A1314

in a great condition ..

Price and currency: £35
Delivery: Delivery cost is included within my country
Payment method: BT,PPG
Location: London
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Intel i7 8700k’s For Sale

Hello

I have some Intel i7 8700k’s within my FBA inventory that I wish to sell. All CPU’s are brand new and sealed. All orders to be delivered within 2-5 days and payment is by bank transfer.

I am more than happy to respond to any of your queries.

Price and currency: £250
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer
Location: Manchester
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.