Privacy-Preserving Hierarchical Clustering: Formal Security and Efficient Approximation

Machine Learning (ML) is widely used for predictive tasks in a number of critical applications. Recently, collaborative or federated learning is a new paradigm that enables multiple parties to jointly learn ML models on their combined datasets. Yet, in most application domains, such as healthcare and security analytics, privacy risks limit entities to individually learning local models over the sensitive datasets they own. In this work, we present the €first formal study for privacy-preserving collaborative hierarchical clustering, overall featuring scalable cryptographic protocols that allow two parties to privately compute joint clusters on their combined sensitive datasets. First, we provide a formal defi€nition that balances accuracy and privacy, and we present a provably secure protocol along with an optimized version for single linkage clustering. Second, we explore the integration of our protocol with existing approximation algorithms for hierarchical clustering, resulting in a protocol that can efficiently scale to very large datasets. Finally, we provide a prototype implementation and experimentally evaluate the feasibility and efficiency of our approach on synthetic and real datasets, with encouraging results. For example, for a dataset of one million records and 10 dimensions, our optimized privacy-preserving approximation protocol requires 35 seconds for end-to-end execution, just 896KB of communication, and achieves 97.09% accuracy.

The full article can be downloaded below.

The Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint

Prior to graduating from medical school, soon-to-be physicians take the Hippocratic Oath, a symbolic declaration to provide care in the best interest of patients. As the medical community increasingly deploys connected devices to deliver patient care, a critical question emerges: should the manufacturers and adopters of these connected technologies be governed by the symbolic spirit of the Hippocratic Oath? In 2016, I Am The Cavalry, a grassroots initiative from the cybersecurity research community, published the first Hippocratic Oath for Connected Medical Devices (HOCMD). Over the past three years, the HOCMD has gained broad support and influenced regulatory policy. We introduce five case studies of the HOCMD in practice, leading to a safer and more effective adoption of connected medical technologies.

The full article can be downloaded below.  

Health care's huge cybersecurity problem

The health care industry increasingly relies on technology that’s connected to the internet: from patient records and lab results to radiology equipment and hospital elevators. That’s good for patient care, because it facilitates data integration, patient engagement, and clinical support. On the other hand, those technologies are often vulnerable to cyberattacks, which can siphon off patient data, hijack drug infusion devices to mine cryptocurrency, or shut down an entire hospital until a ransom is paid.

“If systems are disrupted over the internet, by an adversary or an accident, that can have a profound impact on patient care,” says Beau Woods, a cybersecurity advocate and cybersafety innovation fellow with the Atlantic Council.

The full article from The Verge can be viewed at this link.  

Blockchain Technology May (Eventually) Fix Healthcare: Just Don't Hold Your Breath

There is a common fallacy that every new technology that skitters across the healthcare plain will have an earth-shattering, and short-term, positive impact on the healthcare system writ large. In fact, when attending the Health Information Management Systems Society’s (HIMSS) annual meeting, you see a vast and growing number of service providers addressing some healthcare-technology need, whether far-reaching, niche, real, or imagined, in the healthcare space. From artificial intelligence (AI) to machine learning to blockchain to care management, the healthcare horizon is rife with new technologies. But these solutions seldom deliver immediate applications or success. Look at IBM Watson’s highly publicized venture into the delivery of cancer-care services. Internal IBM documents showed “multiple examples of unsafe and incorrect treatment recommendations” from the Watson for Oncology system.  Additionally, The Wall Street Journal pointed out that “more than a dozen IBM partners and clients have halted or shrunk Watson’s oncology-related projects.” In a blog post titled “Setting the Record Straight,” IBM responded to some of this media coverage by saying that it is inaccurate to suggest Watson “has not made ‘enough’ progress on bringing the benefits of AI to healthcare.

Is that to say that AI, machine learning, and blockchain will not play a role in the future of healthcare? Certainly not. But it seems reasonable to expect some missteps in the short term. These and other cutting-edge technologies are needed to advance the delivery and coordination of care, squeeze costs out of “the system,” and help ensure repeatable quality-care outcomes. But few technologies are perfect.

The full Forbes article can be viewed at this link.  

Adversarial attacks on medical machine learning

With public and academic attention increasingly focused on the new role of machine learning in the health information economy, an unusual and no-longer-esoteric category of vulnerabilities in machine-learning systems could prove important. These vulnerabilities allow a small, carefully designed change in how inputs are presented to a system to completely alter its output, causing it to confidently arrive at manifestly wrong conclusions. These advanced techniques to subvert otherwise-reliable machine-learning systems—so-called adversarial attacks—have, to date, been of interest primarily to computer science researchers. However, the landscape of often-competing interests within health care, and billions of dollars at stake in systems’ outputs, implies considerable problems. We outline motivations that various players in the health care system may have to use adversarial attacks and begin a discussion of what to do about them. Far from discouraging continued innovation with medical machine learning, we call for active engagement of medical, technical, legal, and ethical experts in pursuit of efficient, broadly available, and effective health care that machine learning will enable. 

The full article can be downloaded below.  

Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis

Developers of mobile applications (apps) routinely, and legally, share user data. Most health apps fail to provide privacy assurances or transparency around data sharing practices. User data collected from apps providing medicines information or support may be particularly attractive to cybercriminals or commercial data brokers.

Medicines related apps, which collect sensitive and personal health data, share user data within the mobile ecosystem in much the same way as other types of apps. A small number of companies have the potential to aggregate and perhaps reidentify user data owing to their network position.

The full article can be downloaded below.  

In 2018, eHealth Initiative Foundation (eHI) and Manatt, Phelps & Phillips hosted two executive advisory board meetings on privacy and security in the age of wearable technologies. The risky business of sharing data In and Outside of the healthcare system is becoming more complicated, especially as consumer use of health applications and the desire to share health data increases exponentially. The roundtables convened experts in healthcare privacy and security, explored data sharing within and between organizations (including the relationships healthcare providers have with business associates and application (app) developers), and tackled data sharing implications for the bio-economy and the state, federal, and international policies and rules that aim to guide organizations through the murky terrain. The brief examines the significant amount of health data being generated from apps and consumer devices that are ungoverned by HIPAA and aims to clear up some of the confusion, offering tangible examples of what constitutes a covered and non-covered HIPAA entity, how to determine business associates in relation to HIPAA, provides an examination of federal guidance and regulations for covered entities and app developers, and discusses the nuances of the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

Health Care Technology Predictions For 2019

In 2019, health care information technology (HIT) in the U.S. will continue to be transformed by external forces from around the world. To be honest, the whole of health care is feeling the pain of this evolution, and there are challenges that need to be met head-on.

But there are also inklings of light at the end of the tunnel. The digital transformation of this sector is only in the embryonic stages, but there’s clear evidence of enormous development and growth on the horizon. Here are my top five predictions for health care technology in 2019.

1. There Will Be A Major Push Toward Truly Digitized Health Care
2. AI Will Start To Penetrate The Broader Health Care IT Landscape
3. The Transition From Data Centers To The Cloud Will Accelerate
4. Cybersecurity Attacks Will Continue To Escalate
5. The Mobile-First Movement Will Gain More Traction

The full Forbes article can be viewed at this link.  

CyberPDF: Smart and Secure Coordinate-based Automated Health PDF Data Batch Extraction

Data extraction from files is a prevalent activity in today’s electronic health record systems which can be laborious. When document analysis is repetitive (e.g., processing a series of files with the same layout and extraction requirements), relying on data-entry staff to manually perform such tasks is costly and highly insecure. Particularly analyzing a large list of PDF files (as a widely used format) to extract specific data and migrate them to other destinations for later use is both tedious and frustrating to do manually. This paper addresses a very practical requirement of batch extracting data from PDF files in health data document analysis and beyond. Specifically, we propose a Coordinate Based Information Extraction System (CBIES) to instrument a smart and automatic PDF batch data extraction tool, releasing health organizations from duplicate efforts and reducing labor costs. The proposed technique enables users to query a representative PDF document and extract the same data from a series of files in the batch analysis manner swiftly. Furthermore, since security and privacy considerations are essential part of any health record systems, it is included in our approach. Based on CBIES, we implement a prototype tool for PDF batch data extraction technique named, CyberPDF. The tool exhibits great efficiency, security and accuracy in multi-file data processing.

The full article can be downloaded below.