Tuesday, August 20, 2024

UDLCO: User driven E governance and justice in a system built on zero trust architecture

Transcripts: 


[15/08, 22:27] AyI: Absolutely. 

Are our medical college hospitals safe?


[15/08, 22:30] S: No

[15/08, 23:01] T: It is a manifestation of decay in the moral fabric of the Indian society.

Medicos are a sub-set of the greater Indian society.

As other sections of the societies are suffering these distortions and barbarism, decline in governance and indifference of the society at large (except some short term outrage). The people in general themselves do not want to strive on a sustained basis to force the political class to improve overall  governance

As a subset, medicos also have to face such barbarism and related distortions

In the earlier days when Kings used to rule, there was a famous saying

Yatha Raja, Thatha Praja
(The people are as good as their King)

In democracy, the new saying is 

Yatha Praja
Thatha Raja
( The Ruler is as good as its people)

Only a vigilant citizenry can bring positive change in our society

People need to mature from being mere voters to being vigilant citizens


[15/08, 23:05] Ay: True Sir... 

Yet we need to identify the source of such decay. 

None of us can even name (not allowed per law) the single institution the corruption in whose veins is the cancer of our society. 

It's not the political class with it's public show of moral decay

🙏


[16/08, 08:31] SB: WB is in a state (sic) anarchy. Lowest crime rate in the country, my foot. Lowest reported crime cases as the authorities pressurise the victims to “settle the matter with the perpetrators and not report the matter”. Statistics is subject to many biases.

[16/08, 08:38] S: Yes statistics only speaks no. seen ..cant tells about history behind data capturing


[16/08, 09:04]AyI: What is the root cause Sir?


[16/08, 09:09] R: Power play when corrupt power chooses to play their war games by keeping the guns on not so powerful shoulders.

Listen to the current principal of RG Kar medical college and ex Vice Chancellor, WBUHS in this video posted by her in her channel 10 days back 👇




It's a 6 beat sequence in dadra with the prosody bound in the ontology Chhayanat that was written by RNT while at Bucharest in 1926, to be precise, (21/11/1926) aka 7 Agrahayan 1333.



[16/08, 09:11] AyI: Power corrupts... Absolute power corrupts absolutely... 

Where is that seat of absolute power leading to absolute corruption? 

The last I remember, a senior professor was found in breach of societal norms for having raised this question in a research paper

(The news item has vanished! Will try possible avenues to look for an archived copy) 

.... 

The song you shared the link to is wonderful https://tagoreweb.in/Songs/pooja-233/arup-tomar-bani-4395

So I guess the implication by the poet was that such absolute power is formless. In that case it would be corruptionless too? But such is not the case. 

Essentially the debate between suddha adwaita and vishishta advaita

While we can draw inference from the philosophy, the question at hand aligns more with the philosophies of Charvak, or maybe Ajivika

So where is that absolute seat of corruption in this current existential realism? 

(PS: I understand I write in crypt... That's to avoid the crypt... At least for now 🙂)


[16/08, 09:12] RB: Great! Who's that professor? Please share the link to that research paper!

[16/08, 09:20] ATP: this photographer committed suicide. He could not stand the adulation he received. Our corporate hospitals are the bird, we this kid. 🙄

16/08, 09:30] Rakesh Biswas: And the photographer is health IT?

[16/08, 09:22] ATP: our political system, where simple majority wins, though opposition numbers would be much larger. caste money gundaism used by politicians to rule. Citizen awake, arise. Demand your right. System yields.


[16/08, 09:28] Ay: For a maximum period of 5 years at a time. Another reason I discount polity as the seat of such absolute corruption is that its corruption open and visible, with limited absolution - one can write and yell about it, without naming individuals. 

That is to say... There are remedies... No matter how difficult or practically constrained

There is a seat of absolution in our societal framework which enjoys absolution, and hence any corruption in its form becomes absolute corruption. It's like Lord Voldemort, one who must not be named... (And even with these utterances I risk the skull clouds showing up 🙂) 

Do explore 🙏 (and... I understand we are far from the topic so will just leave us with the imploration to explore)


[16/08, 09:32] RB: This sounds like deidentified horcrux EHRs as the unit of health IT big data driven healthcare learning! Yes the same principle can surely be applied to governance toward improving transparency accountability toward better learning in governance!


[16/08, 09:43] AB: Unless we get local administration (eg municipality, corporation, panchayat) free from politics by law that no candidate can have political affiliation, nothing is going to change.


[16/08, 09:45] RB: You mean governance without political affiliations! Yes possible in an ICT enabled future where transparency and accountability is 100%


[16/08, 09:45] AB: In US, and many European countries that's already the case for long.

16/08, 09:48] R: Agree!

I've always maintained here that the US healthcare appears more error prone as they have more global transparency and accountability while we simply love to hide all our work


[16/08, 09:48] AB: Politics can be at higher level like state .  There is no country without politics. But civic level local  administration - must be freed from politics. Mahatma and Ambedkar had the same vision


[16/08, 09:49] R: Yes and it was also labeled anarchist governance.




[16/08, 09:51] RB: What's the audit trail for the 1 crore? Show us that first?


[16/08, 09:52] RB: Fear is the biggest enemy of anarchist governance which has been an easy scapegoat for violent events in recent months but anarchism, as a political philosophy, is fundamentally about collective deliberation and responsibility.



[16/08, 09:58] ATP: healthIT is true Astra. wielding raw data my managers question all to make a self learning system, which learns continuously. post mi mortality when retrieved from system was what we then used to raise the bar. HealthIT gives power to lift the wings of operations, as a jet


[16/08, 10:00] T: Politicians don't come from Mars.

They are one of us and they represent us as a representative of a morally corrupt society at large ( though with exceptions, far and few)


[16/08, 10:05] RB: Transparency and accountability through ICT can transform that albeit Orwellian


[16/08, 10:08] SB: Why Orwellian?


[16/08, 10:14] RB: Agree that the term Orwellian may have negative connotations although in the above post the intent was to suggest that the transparency and accountability to the system is what began the governance that Orwell finally showed in a negative manner

[16/08, 10:11] Bi: private vs public ( people , process , governance , ethics, ) are always under scanner , balanced checked and compared …. from My UK NHS & private healthcare experience


[16/08, 10:12] AyI: Who will enforce that law?


[16/08, 10:14] AB: Police of course! Once they are free from local politics, they will be empowered and also held accountable


[16/08, 10:14] R: Who polices the police?

We the people?



[16/08, 10:14] AB: Yes

16/08, 10:15] RB: How?
Let's give this an ICT angle here. Let the ideas flow


[16/08, 10:15] Ay: Explore deeper... As RB put it...

[16/08, 10:16] Ay: Exactly Sir... There's a deeper cause and that is not amendable

[16/08, 10:16] R: Put the police each and every employee under a 24x7 scanner?

[16/08, 10:17] Ay: That's needed. Its a viable solution. Still it's not the root cause


[16/08, 10:18] AyI: NIST has released post quantum cryptography standards. Implement that in health IT and show other systems how ICT accountability can be established.

16/08, 10:18] AB: No, but i believe that if local administration is devoid of organised politics, then police will act impartially to greater extent


[16/08, 10:19] Ay: Police cannot. This I can safely share some research papers on


[16/08, 10:18] T: Unless people at large actively ( not passively with lip service) start pursuing good governance, we won't get people with real characters at the top.

This alone can ensure good governance in our society.

A rotten apple at the top knows how to circumvent a system with pliable administration.

Hope, in democracy, people realise their own powers and transform themselves from being mere voters to active & vigilant citizens.

Till then, we are condemned to be ruled by the quality of leaders we choose


[16/08, 10:21] RB: Active vigilance will need them to share and trade off a little privacy toward better transparency and accountability. We have begun this movement at the grassroots and pursue it in our daily EHR workflow

16/08, 10:20] AB: So how does us and Europe system work? Not saying police there isn't corrupt

[16/08, 10:22] R: They aren't doing well because their transparency accountability has been at the moment hijacked

[16/08, 10:22] SB: I wonder. Have any research studies been conducted anywhere to assess whether adopting good governance is better than not? A good measure would be the consequences of not. Legal costs, penalties (fines, incarceration with loss of license to practice), loss of income, loss of good will, loss of brand value is the collective risk, which is the price of non-adherence. Actually, a financial calculation will also work. Present Value of expenses incurred due to adoption of good governance, versus non-adoption.

[16/08, 10:24] R: Nailed it

None done till now after Orwell's thought experiment!

The buy in to carry out the project at a large scale would be humungous and hence we carry on at a small scale grass roots level


[16/08, 10:26] R: Yes so no human policing please just ICT enabled (maybe even AI enabled but keep the robots out) policing?


[16/08, 10:29] AB: Then we will have skynet or the robots who have figured out how to re-interpret the 3 laws of robotics.


[16/08, 10:31] R: From Orwellian to James Cameroonian!


[16/08, 10:34] AB: Both are correct. Asimov will be proven right in time. If you reflect, every revolution, every democratic dream, every great "reform" has transformed the way Orwell described in animal farm or 1984


[17/08, 09:45] R: List of publications from 2001-2024 from one single institute in the country currently making a huge splash with their latest work:






Aug 2023:





[17/08, 10:25] ATP: Every one should watch


[17/08, 10:25] ATP: #QuestionWrong



[17/08, 10:32] R: He messes it up at 1:57!

They didn't say anything because of their fear of his power and not because they were unaffected
It's a good video demonstration of the pitfalls of role playing!

If this role playing by the teacher to demonstrate the ethics of protest happened in real life, the students would have still kept quiet and as soon as the class was over they would have all gone and complained to the principal.

Expecting students to reflexly stand up to authority without any thoughtful assessment of the situation is bad teaching on part of the professor?

As it happens also in the video, the students turn out to be more thoughtful and intelligent as it eventually becomes clear that their Professor was simply role playing and if they actually reacted they would have been caught in an embarrassment once the professor revealed that he was role playing!


[17/08, 12:37] Ay: Anarchy is the suggested solution in this video.

While we can keep mulling over possible solutions with questions like what are laws for, and someone or the other says justice - the question we need to ask ourselves is "how is justice delivered"

Let's say in the case of this video, had the other students spoken up there were a few possible scenarios

1. No results... The students stage a walk out, and likely the class gets suspended, as otherwise the management of the institution would risk further incidents of insubordination

2. The student was allowed back in, at the risk of other real trouble mongers among the students getting emboldened as to the "power of the voice"

For the sake of simpler arguments, let's just say that the student was let back in. Would that have been justice delivered? 

What about the indignation she had suffered? So the professor or whoever the man in the coat was, may have had to pay a penalty, suffer an official reprimand, or even get suspended. 

Who would decide that quantum? The head of the institution? 

Any action against the professor will most likely be seen as revenge, and principles of jurisprudence do not look nicely upon revenge. Justice as pointed out in the video is about revenge. 

Laws are there to maintain law and order. Just like LLB is a degree of the law of laws, laws are there to maintain laws themselves. A self fulfilling prophecy. 

There was an addition by juridical thinkers that order must be associated. But order is just that order. 

Let me share a record from UK House of Lords, whose legal precedence we follow, and may be referred back to in matters of law in the common law dominions. 

Disclaimer: Nothing in this message should be construed as connotated against the justice delivery system. We must always strive to put our utmost faith in the justice system



[17/08, 12:50] ATP: if German people had questioned, Hitler would have just been a painter. millions of jews would not have gone to auchwitz

[17/08, 12:51] SB: Anarchy is never the answer. Can never be the answer. Should never be the answer.

[17/08, 15:24] Ay: Worth exploring these authors



[17/08, 15:25] Ay: If we are serious about addressing an issue... Let's address the issue, or stop giving ourselves thought candies!


[17/08, 16:25] Ay: Only the Sovereign is absolute. So says Thomas Hobbes

Which elements of the world's largest democracy represent the erstwhile monarchical sovereignty? Which among these is beyond correction by people or their representatives



[17/08, 22:21] MA: Securing the Internet of Medical Things: 10 Effective Ways

The following is a guest article by Vinugayathri Chinnasamy from Indusface.

The Internet of Medical Things (IoMT) is revolutionizing the healthcare industry by creating a connected infrastructure of medical systems and services that are helping enhance patient outcomes. But they come with newer security risks too. 63% of healthcare organizations in 2019 faced security incidents owing to the insecure and unmanaged Internet of Medical Things. Given the increasing costs of data breaches, IoT security in healthcare is indispensable.

Continue reading to find out more about IoMT and powerful insights on securing the Internet of Medical Things.

What is IoMT?

The Internet of Medical Things (IoMT) is the amalgamation of medical devices and applications that use networking technologies to connect to healthcare IT systems. The IoT in healthcare is helping improve patient outcomes and enhancing patient experiences, optimizing costs, enabling quicker, more accurate diagnosis, enabling effective remote monitoring of chronic diseases, and bettering drug management, among others.

Why is IoT Security in Healthcare Necessary?

Today, a hospital has an average of 15-20 medical devices such as smart beds, ventilators, insulin pumps, IV pumps, etc. If any of these devices have vulnerabilities or security weaknesses such as unpatched software or outdated OS, attackers can easily breach them and access the connected devices.

Attackers could weaponize these devices and cause harm to patients. Or they could orchestrate a ransomware attack to extort huge sums of money from healthcare organizations. Given the criticality of these devices to patient safety and life, organizations may end up paying the ransom.

Healthcare organizations collect, store, and transmit a large volume of sensitive patient data using these connected devices. So, unprotected Internet of Medical Things pose a threat to data security and attracts huge penalties if a breach occurs.

10 Effective Ways to Secure the Internet of Medical Things 

1. Maintain an Updated Inventory of Assets

One of the main problems with IoMT security is that organizations do not know what devices they have, who owns them, or their location or uses since IoMT is mostly unmanaged. This creates a major blind spot for healthcare organizations. By maintaining an updated asset inventory, this problem can be solved. Through a combination of intelligent scanning tools and regular pen-testing, organizations can continuously update their asset inventory, including hardware, software, firmware, devices, systems, third-party components, and so on.

2. Deploy a Zero Trust Architecture 

A zero-trust architecture insists that trust must not be implicit but continuously evaluated. Given how lucrative healthcare data is in the black market, healthcare organizations must deploy a zero-trust architecture. To this end, they must deploy multi-factor authentication to prevent rogue devices and attackers from connecting to the network. They must implement granular role-based permission to prevent unauthorized access to data not required for a particular set of users.

3. Strictly Enforce a Strong Password Policy 

Most Internet of Medical Things is left with default usernames and passwords. And this has deadly consequences for healthcare organizations as they are left open to a whole range of attacks. So, they must strictly enforce a strong password policy. Healthcare organizations must create new, unique, and strong passwords when adding IoMT devices to the network.

4. Updates Shouldn’t Be Missed 

From MRI machines to wearables, outdated IoMT devices are causes for concern. Updates for software, OS, and firmware come with critical security patches to fix known weaknesses, vulnerabilities, and gaps. When updates are missed, healthcare organizations provide easy entry points to attackers. Organizations must create a schedule and prioritize the updates for critical IoMT devices to minimize risks.

5. Virtual Patching 

It is also possible that the vendor does not release updates for a particular software/ component. While it is ideal for removing such outdated components, it is not always possible as critical equipment and devices may be using it. In such cases, the organizations can rely on virtual patching and/or isolating the component from the network to minimize security risks.

6. Actively Monitor IoMT Devices 

It is not enough to know what assets exist to strengthen healthcare IoT security. Healthcare organizations must actively monitor IoMT devices in real-time, analyze behavior patterns, flag and alert the security team about anomalies and maintain detailed reports.

7. Segment Network  

Healthcare organizations must logically segment their network into different zones with customized security and access control policies based on the devices. For instance, network exposure can be minimized for critical vulnerable devices by segmenting them from other devices and areas of the network.

8. Closely Monitor Traffic 

Granular monitoring and analysis of incoming traffic are imperative. No requests must reach the server without validation and analysis. Malicious requests and bad bots must be blocked from accessing the network or devices. This helps prevent DDoS attacks and other attacks or minimize their impact—leverage a next-gen WAF like AppTrana for the same.

9. Configure Everything 

Do not leave any IoT device or system unconfigured as it creates vulnerabilities that attackers can exploit. So, assume everything needs configuring and do the needful. For instance, disable features that aren’t necessary.

10. Use End-to-End Encryption 

Regardless of whether it is in transit or at rest, data must be encrypted. This helps prevent eavesdropping, man-in-the-middle attacks, and phishing attacks, among others.

Conclusion 

Given the criticality of securing the Internet of Medical Things today, leverage a cloud-based, intelligent, comprehensive security solution to secure your IoMT devices effectively.

About Vinugayathri Chinnasamy

Vinugayathri Chinnasamy is the Senior Content Writer at Indusface, a leading SaaS company, which secures critical Web applications of 3000+ global customers using its award-winning platform that integrates Web Application Scanner, Web Application Firewall, CDN, API Protection, Bot Mitigation, and threat information engine




Is this a workflow problem. ?


Can Health IT address any or some of its woes ?

18/08, 07:22] R Yes

Change this episodic sham workflow by making it a persistent clinical encounter



[18/08, 03:25] Ay: Nice points. Most common attack vectors have been covered. However the write up is too superficial. I was pleasantly surprised to find "zero-trust" in the list. But at the same time mention of multi factor authentication for devices left me wondering whether the author could have done a better job with one-two days more of research! 

Missing elements:

Risk categorization. Attack vector simulation. 
Mitigation protocols and drills. 
**Guarded communication**
... and many many more


[18/08, 07:24] R: Thanks for making "guarded communication" bold

[18/08, 07:29] R: Other than guarded communication everything else can be hacked

[18/08, 07:31] AyI: Yes. Even guarded communication with quantum safe cryptography can be hacked, if paranoid diligence is not applied


[18/08, 07:36] R: In the current model of hybrid ICT driven governance, it takes one year and a tragedy (the current hack) to make guarded communications open to public!

The future hack would be to open out everything (in a guarded manner with paranoid diligence to borrow from @⁨Ay⁩) as a transparent and accountable form of model e governance

[18/08, 07:38] Ay: Prof Susan Ackerman of Yale University has spent a lifetime working on the concept. She's 80+ now, still active


[18/08, 07:39] R: Please share some links here to her work in this area


[18/08, 07:40] Ay: Corruption and Government



[18/08, 07:44] ATP: we conducted a eGovernance conference in IIMB NCeG. finance, public health and general eG were tracks. Dr Balu and I as President & Secretary IAMIb anchored it. Many of you and other Informatics leaders were with us. It was mostly a catchup to talk about how process can be improved and use IT as a catalyst. Not sure how much has emerged from the dark stables...

[18/08, 07:45] ATP: https://nceg.gov.in/

[18/08, 07:46] ATP: we should engage here using our links to iima-cmhs & iimb


[18/08, 10:36]Ay: Place war decorated officers at all positions of responsibility. 

While that eliminates civilians like us, but somewhere a war decorated officer brings two things

1. They have come face to face with some of the most heinous facets of modern civilization (sic) 

2. They have lived a life within a disciplined framework

I would not say that being a veteran does not mean that there is no baggage, but just that the spine has been toughened enough. 

It may be detrimental to innovation, to open academic thinking, but it's high time for our educational (sic) institutions to pick up the threads on discipline. 

This young promise of a nation lost her life in one of the worst nightmares one can imagine as a parent. No matter what the society does now, that loss is irreparable. 

There are millions of so-called minor (sic) incidents being brushed under the carpet. 

Let's make the world a little different for those who come after us. 

PS: The rot is not restricted to our country alone. See https://nces.ed.gov/fastfacts/display.asp?id=804 for instance


[18/08, 10:39] R: It would still restrict our vision to just what the media chooses to show selectively!

Transparency and accountability is the key in all forms of governance and we should actively reject past decorations and push performers to show their present capabilities





Figure licence:

https://commons.m.wikimedia.org/wiki/File:Iustitia_van_Heemskerck.png#mw-jump-to-license

No comments: