computer viruses

Hospitals facing a different kind of infection: computer viruses

Hervé Debar, Télécom SudParis – Institut Mines-Télécom

[divider style=”normal” top=”20″ bottom=”20″]

[dropcap]W[/dropcap]annaCry was the first case of a cyberattack that had a major effect on hospitals. The increasing digitization of hospitals (like all areas of society) offers significant opportunities for reducing the cost of health care while making the care provided more effective. However, with digitization comes cybersecurity challenges and these threats must be taken into account in implementing e-health solutions.

The hospital: a highly digitized environment

The medical world — and especially hospitals — is a highly digitized environment. This reality first began with management tasks (human resources, room management, planning, etc.) and over the past few years it has grown to include medical equipment (radiology, imaging). Two significant developments have occurred:

  • An increasing number of objects are used in hospitals to collect data or administer medication. This is what is referred to as the Internet of Medical Things (IoMT). The nature of these often-inexpensive objects represents a break with the professional management of conventional medical platforms.
  • More and more of these objects are used outside the hospital, by individuals who are not properly trained to use them. Some of these uncontrolled devices, such as our smartphones, can enter the hospital and interact with medical processes.

From a technical perspective, we are undeniably becoming increasingly dependent on a high-quality digital infrastructure to provide us with quality medical care. This directly affects not just the care provided but also all the related processes (planning, insurance, reimbursement of fees, logistics, etc.). It is particularly difficult to ensure security in these areas, since the conventional development and management technology in information systems is also vulnerable to these attacks. Furthermore, technological advances are based on the increased ability to share, analyze and disseminate information. The number of vulnerabilities is therefore likely to remain high.

From an economic perspective, the rise in healthcare costs is unavoidable. Increased operational efficiency, made possible by computerization, is one of the measures used to prevent costs from rising too high. It is therefore imperative to keep the impacts of cyberattacks in hospital environments to a minimum.

From a legal perspective, the implementation of European personal data protection regulations (GDPR) and the cybersecurity for operators of critical infrastructures (NIS) are imposing new obligations for everyone.

Hospitals are the perfect example of the use of extremely sensitive data demanding confidentiality, integrity (accuracy) and availability (access) to provide care and ensure medical records are properly managed. A medical record is a summary of sensitive, correlated information with separate subsets with varying levels of interest.

A poorly protected environment

Over the past few years there have been cyberattacks that have affected hospital operations. We should note that in many cases, hospitals are just one of the targets of these attacks, since many other organizations are also impacted.

Wannacry is a computer worm that exploits a breakdown in Windows protocol that allows printers and files to be shared. This protocol is used by medical imaging equipment to transfer an image file from a scanner to computers and is used by doctors who meet with patients to make a diagnosis. When imaging equipment is infected by Wannacry through this network protocol, it becomes inoperable, preventing operations and hence endangering patients’ lives.

More generally, much of the medical equipment relies on aging operating systems and old protocol. It is therefore crucial that manufacturers of this equipment become aware of this issue.

The effectiveness of a medical procedure increasingly relies on the ability to connect various tools used by medical staff for the purpose of transferring data (images, prescriptions, etc.) and interacting. Therefore, it is not possible to consider isolating these pieces of equipment. More rigorous access controls must therefore be implemented (which is generally a challenge for organizations, as demonstrated in the study by Deloitte called “Future of Cyber”).

An attack on pacemakers

In addition to the Wannacry incident, it is also necessary to reflect on the communications between medical objects and information systems. Several examples have recently demonstrated the vulnerability of medical objects.

Implants, such as insulin pumps and pacemakers, are vulnerable to computer attacks. Communications between these objects are neither encrypted nor authenticated, meaning that they could be listened to for the purpose of extracting sensitive data. This also means they can receive commands allowing them to be controlled, creating all types of imaginable consequences through changes in their operations.

Other routine medical equipment, like infusion pumps, are also vulnerable to attacks.

New attacks in sight

So far, the attacks that have been revealed have had two main consequences. The first is a denial of service, or the inability to use medical equipment when it is needed and all the potential consequences this entails. Since it is difficult to prevent denial of service attacks, measures must be taken to limit their effects.

The second result is the leak of potentially sensitive information. This leak of information involves the risk of data being added to other databases, for example as data sources for the validation of creditworthiness, used by banks in their decisions to grant or refuse bank loans. This would represent a major setback in protecting our personal data.

We do not have any clear examples of data being falsified, which could be the next step taken by attackers. Data falsification could lead to erroneous prescriptions and therefore to drug diversion. This diversion would allow the author of the crime to receive an immediate profit, which fits with current trends.

What are the solutions?

The first solutions that come to mind are technological ones. Such new solutions do indeed exist which could improve computer security in medical environments.

  • blockchain. This technology can significantly improve data protection by separating the data according to purpose (medical, clerical, insurance, etc.) and by protecting each piece of data individually. It can also log access to manage emergency situations. Current technology is too energy-intensive and must be changed to become more acceptable.
  • Virtualization and cloudification. Outsourcing computer services professionalizes the management of an organization’s digital activities. The scarcity of human resources trained in cybersecurity makes it necessary to rely on external means. The development of cloud services, particularly the concept of a sovereign cloud, must be done in a way that complies with current regulations, particularly the famous GDPR.
  • By Design. Manufacturers of medical objects, software and platforms must take cybersecurity into account during the design phase for their equipment as well as integrating it into the life cycle. This is a major revolution that cannot be carried out in a day. It is therefore necessary to continue protecting older equipment whose initial cost justifies its continued use for decades to come. This is also a revolution for the IT world, which now counts the life span of its software and services in terms of months. While awareness in the area is growing in the industrial world, it must also increase in the medical world.

All these new forms of technology, and others not mentioned here, will never be effective unless the human factor is first taken into account in the hospital, among caregivers, but also patients and visitors. This remains the key to a successful digital transformation of the hospital.

Medical objects must be adapted to their users, generally patients. Besides gadgets like connected watches, better solutions must be found for all objects to make them simpler and easier to use. Confidence in these objects is fundamental and cybersecurity incidents that could restrict their use must be avoided at all costs.

Finally, the role of medical professionals is absolutely fundamental. They must accept the presence of computer technology and recognize that it can make their work easier on a daily basis rather than representing a hindrance. Medical staff must take an interest in cybersecurity issues, receive training in this area and urge suppliers to develop tools adapted to their needs.

[divider style=”normal” top=”20″ bottom=”20″]

Hervé Debar, Head of the Telecoms Networks and Services Department at Télécom SudParis – Institut Mines-Télécom, Université Paris-Saclay

The original version of this article (in French) has been published on The Conversation.

See all articles by Hervé Debar on I’MTech

ANIMATAS

Robots teaching assistants

Projets européens H2020The H2020 ANIMATAS project, launched in January 2018 for a four-year period, seeks to introduce robots with social skills in schools to assist teaching staff. Chloé Clavel, a researcher in affective computing at Télécom ParisTech, one of the project’s academic partners, answered our questions on her research in artificial intelligence for the ANIMATAS project.

 

What is the overall focus of the European project ANIMATAS?

The ANIMATAS project focuses on an exciting application of research in artificial intelligence related to human-agent interactions: education in schools. The project also contributes to other work and research being carried out to integrate new technologies into new educational methods for schools.

The project’s objectives are focused on research in affective computing and social robotics. More specifically, the project aims to develop computational models to provide the robots and virtual characters with social skills in the context of interactions with children and teachers in the school setting.

What are the main issues you are facing?

We are working on how we can incorporate robots to allow children to learn a variety of skills, such as computational thinking or social skills. The first issue concerns the robot or virtual character’s role in this learning context and in the pre-existing interactions between children and teachers (for example, counselors, colleagues or partners in the context of a game).

Another important issue relates to the capacity of the underlying computational models responsible for the robots’ behavior to adapt to a variety of situations and different children. The objective is for the robot to be attentive to its environment and remain active in its learning while interacting with children.

Finally, there are significant ethical issues involved in the experiments and the development of computational models in accordance with European recommendations. These issues are handled by the ethics committee.

Who else is involved with you in this project, and what are the important types of collaboration in your research?

We have partners from major European academic laboratories. The majority are researchers in the field of affective computing, but also include researchers in educational technologies from the École Polytechnique Fédérale de Lausanne (EPFL), with whom we are working on the previously mentioned issue of the robot’s role in the learning process.

Three researchers from Télécom ParisTech are involved in this project: Giovanna Varni and myself, from the Images, Data and Signal Department and Nicolas Rollet, from the Economic and Social Sciences Department.

ANIMATAS requires skills in computer science, linguistics, cognitive sciences and pedagogy… What areas are the researchers from Télécom ParisTech contributing to?

Télécom ParisTech is contributing skills in affective computing and computational linguistics. More specifically, my PhD student, Tanvi Dinkar, and I are working on the automatic analysis of disfluencies (for example, hesitations, unfinished words or sentences) as a sign of a child’s emotions or stress in the learning process, or their level of confidence in their skills (feeling of knowledge) in the context of their interactions with other children, the teacher or the robot.

How will the results of ANIMATAS be used?

The project is a research training network, and one of its main objectives is to train PhD students (15 for ANIMATAS) in research as well as uniting work around affective computing and social robotics for education.

The project also includes unfunded partners such as companies in the field of robotics and major US laboratories such as ICT (Institute of Creative Technologies) and USC (University of Southern California) who provide us with regular feedback on scientific advances made by ANIMATAS and their industrial potential.

A workshop aimed at promoting ANIMATAS research among industrialists will be organized in September 2020 at Télécom ParisTech.

What is the next step in this project?

The kick-off of the project took place in February 2018. We are currently working with schools and educational partners to define interaction scenarios and learning tasks to collect the data we will use to develop our social interaction models.

Read more on I’MTech:

recycling

“We must work now to recycle composites”

High-performance composite materials are used in cutting-edge sectors such as energy, aerospace and defense. The majority of these parts have not yet reached the end-of-life stage, but recycling them remains a medium-term issue that must be considered now in order to offer technically efficient and economically viable solutions when the time comes. The issue is one that Marie-France Lacrampe, a researcher in plastics materials and processes, is working on at IMT Lille Douai. She presents the processes scientists are currently studying for recycling composites and explains why efforts in this area must start increasing today.

 

Are all composite materials recyclable?

Marie-France Lacrampe: In theory, they are recyclable: we can always find something to do with them. The important question is, will the solution we find be a useful one? If so, will it be economically viable? In this respect, we must distinguish between composites according to the nature of their polymer matrix, their reinforcing fibers and the dimensions of these fibers.  Recycling possibilities for glass fiber composites are not the same as those for carbon fiber composites.

Read more on I’MTech: What is a composite material?

Glass fiber composites are among the most common. What can be done with these materials at the end of life?

MFL: Glass-fiber-reinforced polymers now represent a significant source of potential products to recycle. Annual global production currently represents millions of tons. Most of these materials use small, cut fibers. These are non-structural composites that can be seen as fiber-filled thermoplastic or thermosetting polymers. The ratio between the cost of recycling these materials and the value of the recycled product is not very advantageous. Currently, the most reasonable solution would be to incinerate them to recover thermal energy for various industrial applications. Nevertheless, in some specific cases, mechanical recycling is possible: the materials can be ground and integrated into a polymer matrix. This offers valuable uses that justify the recycling costs. For example, this method is being explored as one of the components of the Interreg Recy Composite* project that we are participating in.

What functionality does this type of approach enhance?

MFL: In our case, we grind automotive parts made with glass fibers found under the engine hood. The ground material is used to develop intumescent systems, which swell when exposed to heat. These intumescent systems represent a strategy for passively protecting a material from fire. The intumescence leads to a crust forming that slowly conducts heat to the material’s surface, thus diminishing its deterioration and reducing the gases feeding the flame. These systems are generally expensive and integrating the ground materials helps reduce production costs. The proposed formulations made from recycled glass fiber composites can compete with existing formulations in terms of their fire behavior. The ongoing research seeks to develop other characteristics, including mechanical ones. The results are encouraging and increase the value of the recycled materials. However, this does not offer a solution for absorbing all the potential sources of glass fiber composite materials. As it stands, energy recovery remains the only economically viable solution.

What about other composites, such as those with carbon fibers used for high-performance applications?

MFL: Carbon-fiber composites offer much more valuable potential for use after recycling. Production volumes are currently lower, but worldwide production is significantly growing. Recycling solutions for these materials exist, but they are currently limited to manufacturing waste for the most part. In certain cases, the pyrolysis of these composites makes it possible to once again obtain long carbon fibers and architectured reinforcements that can be used instead of new fibers. The disadvantage is that the polymer matrix is burned in the process and cannot be used. Other solutions are currently being studied, including solvolysis methods.

What is solvolysis?

MFL: It involves selectively dissolving the components of a composite to recover them. In the case of thermoplastic polymer matrices this process, while not easy, is technically feasible. In the case of thermosetting polymer matrices, selectively dissolving the polymer matrix without damaging the fibers is more complicated and requires specific equipment and protocols. This aspect is also being addressed in the Recy-Composite project. The initial results reveal the feasibility of this process. The recovered carbon reinforcement is of good quality and could be reintroduced to create a new composite with satisfactory properties. There are still many obstacles to overcome, including identifying solvents that could achieve the objective without creating any major health or safety problems.

Are there recycling issues for other types of composites?

MFL: Without being exhaustive, there is a new type of composite material that will someday need to be recycled: composites that use natural fibers. They offer very interesting properties, including from an environmental perspective. The problem is that the end-of-life processing of these materials is not yet well understood. For now, only mechanical recycling has been considered and it is already posing technical problems. The plant reinforcements used in these materials are susceptible to aging and are more temperature and shear sensitive. Grinding, reprocessing and reintegrating these components into a new composite material results in significant decreases in mechanical performance. A potential solution currently being assessed as part of the Recy-Composite project involves an original compounding process that can lower the temperatures. The initial results confirm this technology’s potential, but they must be complemented to ensure a higher level of performance.

Read more on I’MTech: Flax and hemp among tomorrow’s high-performance composite materials

In general, does the low volume of composite materials pose any problems in developing a recycling system?

MFL: Yes, because the biggest problem is currently the volume of the composite materials sources available for recycling. Until we can obtain a more constant and homogeneous inflow of the composites, it will be difficult to recycle them. Yet, one of the main advantages of structural composites is that, as primary construction materials, they are designed on a case-by-case basis according to the application. This explains the great variety of materials to be processed, the small volumes and why recycling solutions must be adapted case by case.

Is there cause for optimism regarding our ability to establish recycling systems despite this case-by-case issue?

MFL: The markets are rapidly evolving. Many applications are being developed for which the recycling costs can be compensated by gains in raw materials, without adversely affecting performance. Composites are increasingly used for structural parts, which naturally leads to an increase in volume of the potential sources of composites to recycle. The location of these future sources is fairly well known: in areas involving aircraft, wind turbines and major infrastructures. We also know the types of materials they contain. In these cases, the dismantling, collection and treatment circuits will be easy to create and adapt. The major challenge will be handling common, diffuse waste that is not well identified. Yet, even with lower volumes compared to other materials, it will still be possible to organize profitable systems.

These situations will not arise until a few years from now. Why is it important to study this topic already?

MFL: These systems will only be profitable if technical solutions to the problems have been validated beforehand. Excuses such as “it’s not profitable today”, “the systems do not exist” or “the inflow is too insignificant,” must not prevent us from seeking solutions. Otherwise, once the volumes become truly significant and the environmental constraints become extreme, we will be without technical solutions and systems. We will not have made any progress and the only proposed solution will be: “we must stop producing composite materials!” The volumes do not yet exist, but we can predict and anticipate them, design logistics to be implemented and at the same time prepare for the scientific and technical work that remains to be done.

*The Interreg V France Wallonie Flandres RECY-COMPOSITE project, supported by the European Union and the Walloon Region is jointly led by Certech, VKC, CTP, CREPIM, ARMINES and IMT Lille Douai.