In 2014 I gave a series of talks looking at use of big data to predict effects/spread of disease, chemicals, bomb blast radius (especially in ubran areas) and how integrity controls greatly affected the future of our security industry.

This was not something I pioneered, by any stretch, as I was simply looking into the systems running on cloud by insurance companies. These companies were exhausting cloud capacity at that time to do all kinds of harm and danger predictions.

Granted I might have been the first to suggest a map of zombie movement (e.g. Russian infantry) would be interesting to plot, but the list of harm prediction goes on infinitely and everyone in the business of response wants a tool.

The 2015 electronic warfare (EW) activity in Ukraine and more recent experiences in Syria have prompted the US military to seek solutions in that area as well: given a set of features what could jamming look like and how should troops route around it, for example.

It’s a hot topic these days:

The lack of understanding of the implications of EW can have significant mission impact – even in the simplest possible scenario. For example, having an adversary monitor one’s communications or eliminate one’s ability to communicate or navigate can be catastrophic. Likewise, having an adversary know the location of friendly forces based on their electronic transmissions is highly undesirable and can put those forces at a substantial disadvantage.

The US is calling their program Electronic Warfare Planning and Management Tool (EWPMT) and contractors are claiming big data analysis development progress already:

Raytheon began work on the final batch, known as a capability drop, in September. This group will use artificial intelligence and machine learning as well as a more open architecture to allow systems to ingest swaths of sensor data and, in turn, improve situational awareness. Such automation is expected to significantly ease the job of planners.

Niraj Srivastava, product line manager for multidomain battle management at Raytheon, told reporters Oct. 4 that thus far the company has delivered several new capabilities, including the ability for managers to see real-time spectrum interference as a way to help determine what to jam as well as the ability to automate some tasks.

It starts by looking a lot like what we use for commercial wireless site assessments starting around 2005. Grab all the signals by deploying sensors (static and mobile), generate a heatmap, and dump it into a large data store.

Then it leverages commercial agile development, scalable cloud infrastructure and machine learning from 2010 onward, to generate future predictive maps with dials to modify variables like destroying/jamming a signal source.

Open architectures for big data dropping in incremental releases. It’s amazing, and a little disappointing to be honest, how 2019 is turning out to be exactly what we were talking about in 2014.

According to the HHS this hospital reported a breach in 2010, was given a warning with technical assistance, then was breached again in 2013 and 2017.

URMC filed breach reports with OCR in 2013 and 2017 following its discovery that protected health information (PHI) had been impermissibly disclosed through the loss of an unencrypted flash drive and theft of an unencrypted laptop, respectively. OCR’s investigation revealed that URMC failed to conduct an enterprise-wide risk analysis; implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level; utilize device and media controls; and employ a mechanism to encrypt and decrypt electronic protected health information (ePHI) when it was reasonable and appropriate to do so. Of note, in 2010, OCR investigated URMC concerning a similar breach involving a lost unencrypted flash drive and provided technical assistance to URMC. Despite the previous OCR investigation, and URMC’s own identification of a lack of encryption as a high risk to ePHI, URMC permitted the continued use of unencrypted mobile devices.

Encryption is not that hard, especially for mobile devices. Flash drives and laptops are trivial to enable and manage keys. It’s not a technical problem, it’s a management/leadership one, which is why these regulatory fines probably should be even larger and go directly into executive pockets.

Deaths in America from heart disease are on the rise as a 2016 report warned

Heart disease is the No. 1 cause of death in the United States. But after nearly three decades in decline, the number of deaths from heart disease has increased in recent years, a new federal report shows.

Now a new study called “Data breach remediation efforts and their implications for hospital quality” (PDF) reports that a service quality decline increases death rates for patients with heart disease.

Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Remediation activity may introduce changes that delay, complicate or disrupt health IT and patient care processes.

More specifically the study authors counted 36 more dead per 10,000 heart attacks every year due to security breaches, based on hundreds of hospitals examined. It even boils the data down to showing any care center with a breach will experience an electrocardiogram delay of 2.7 minutes for suspected heart attack patients.

Given the huge rise of ransomware since 2015, traced to weak security management practices of database companies, is there a case now to be made that software development is directly culpable for a rise in human deaths?

To put this in perspective, fewer people die from service delays (availability) than from mistakes (integrity), yet downstream integrity is impacted by availability. Medicals error studies call disruptions and mistakes the third leading cause of death in America.

A recent Johns Hopkins study claims more than 250,000 people in the U.S. die every year from medical errors. Other reports claim the numbers to be as high as 440,000.

Avoiding death from heart disease, which requires fast response and critical decision-making without error, becomes even harder to ensure as system availability declines due to breaches.