Authorities by transferring relatively small amounts over time

Can this information help diagnose important problems, or detect trends that might help the car company improve its products?

Advertisements

Natural language processing (NLP) has become popular in the past two years as more businesses processes implement this technology in different niches. In inviting our guest today, we want to know specifically which industries, businesses or processes NLP could be leveraged to learn from activity logs.

For instance, we aim to understand how car companies can extract insights from the incident reports they receive from individual users or dealerships, whether it is a report related to manufacturing, service or weather.

In the same manner, how can insights be gleaned from the banking or insurance industries based on activity logs? We speak with the University of Texas’s Dr. Bruce Porter to discover the current and future use-cases of NLP in customer feedback.

Expertise: Machine reading, natural language processing

Brief Recognition: As SparkCognition’s Chief Scientist, Dr. Bruce Porter leads the company’s research and development initiatives. He was a two-time chair of the University of Texas, Austin Computer Science department, recently returning to his role as a professor at the university to focus on teaching and research. In 2017, the Austin Chamber of Commerce recognized Dr. Porter, with the Economic Development Volunteer of the Year award for his work in recruiting technology companies to build and innovate throughout the economy across the Austin region.

Big Idea

Many companies and government agencies are deluged with incident reports, customer logs, and information coming in the form of text. To gather insight from these logs, Dr. Porter coined the term “macroreading”, which refers to the detection of patterns in huge masses of unstructured text.

Example 1: Improving Customer Experience in the Auto Industry

In the automobile industry, imagine that a car company receives incident reports on a daily basis car owners or car dealerships. These reports consist of a paragraph or two of text describing a problem that the customer has experienced with a particular car. These incident logs have unstructured information. They come in the form of text, diagrams or pictures. They can also include metadata such as the occasion and other incident details that are structured, Dr. Porter clarifies.

The question is: Can the car company mine the text reports to find patterns at the macrolevel and discover what is happening with the cars in a particular model and year? Can this information help diagnose important problems, or detect trends that might help the car company improve its products?

Data entry might vary widely across different parts of the automotive industry. Car incident reports could be typed if they are received by someone in the office. Technicians in the field could be using audio devices to report a problem. A business with the ability to find patterns and across all of these different data types would be better prepared to find and address problems and opportunities quickly.

Example 2: Preventing Financial Fraud and Money Laundering

Dr. Porter brings us to the financial sector for his second example. He explains that wire transfer reports come with meta information such as the certain amount of money being moved, as well as the source and destination of the wire transfer. The report also contains text information about the nature of the wire transfer and the relationship of the money sender to the bank. In this, a macroreading application has the potential to uncover fraud and money laundering activities.

Dr. Porter further explains that developing a banking application for the government can be challenging, primarily because such an application requires a large quantity of data. That the application could potentially be used as an investigative tool requires it to be a deep, robust system. The application must have the capability to show interrelated actions and participants over time, which when taken together reveal a pattern of suspicious behavior.

Citing money laundering as an example, Dr. Porter explains that one pattern shows a small business such as a car wash or a laundromat collecting cash, and then wire transferring large sums of money through accounts owned by these small businesses (with the intention of “flying under the radar” of authorities by transferring relatively small amounts over time).

Dr. Porter forecasts that industries that would need this kind of insight in the next five to 10 years would be those with significant investments in equipment that is distributed globally. The company would be receiving reports on a regular basis, either hourly or daily, of how that equipment is performing. The challenge for the company is detecting failures early before they get out of hand and meeting the regulatory obligations for large industries.

Read more @ http://bit.ly/2KX17zY

When the medical device company makes patent claims on its process

The Design Control and Design History File have become inseparable twins.

The Design History File (DHF) is one leg of the all-important triad of documents required for the manufacture of a medical device. While the Design History File is a core requirement set out by the FDA; its counterparts, the Technical File and Design Dossier are required for the EU’s regulatory body, the MDD, and serve the same purpose.

The importance of the Design History File can be gauged from the fact that DHF is a part of the Safe Medical Devices Act passed by the American Congress in 1990 with the intention of establishing standards for safety of medical devices.Design History File is not only required for each and every single type of device; when the medical device company makes patent claims on its process, its development documentation has to be shown to have been followed properly.

files

History of the Design History File The FDA’s requirement of a medical device’s Design History File did not appear out of the blue. It developed and evolved over time, mainly as a result of the realization on the part of the FDA that it was at the design and change phases that the device’s problems had been originating, irrespective of whether the device was new or was a changed one.

Analysis over a period of time led to the idea of Design Control. Design Control is a principle by which the design elements of medical devices are tracked, monitored and corrected at every stage, right from beginning till end. Because of this, the Design Control and Design History File have become inseparable twins. A few points corroborating this observation:

  • The DHF is the source that contains or references the records needed for demonstrating that the device’s design is developed in accordance with both the approved design plan and the design control requirements as stated by the FDA
  • Formal and proper Design Control and Design History File are part of the FDA’s Good Manufacturing Practices requirements
  • Design History File combines with Design Control to create another critical yield: the Device Master Record

slide_24

These are the core elements of a DHF:

  • The FDA states that the medical device company has to ensure that the Design History File should be a “living document”. This means that it has to contain all the details of the design and development plan. In this, the medical device company should clear state and specify the design tasks and deliverables
  • It should have many copies of the approved design input and design output documents
  • The Design History File should contain the design review documentation
  • It should also document verification and validation
  • In cases where it is necessary, the Design History File should have copies of Design Control documents, apart from the records of change control. The reasons for change should also be stated.

 

At E2Labs, a cyber security warrior force is being readied

Organisations need higher preparation levels and better systems to anticipate, detect, fix and prevent cyber attacks.

With rapid technological evolution, there are several concerns, constraints and challenges around cyber security. The biggest challenge is ‘tech-knowledge lag’, says Zaki Qureshey, chairman and founder, E2Labs and HomeLand Security Solutions, and an independent computer security and digital intelligence consultant specialising in curbing cyber crimes and cyber terrorism. He has been credited for starting the first school of ethical hacking in Asia.

Security measures and technological advancements are not keeping pace with the speed and sophistication of cyber criminals, says Qureshey. Organisations need higher preparation levels and better systems to anticipate, detect, fix and prevent cyber attacks.
“Major threats like malware and spear phishing are being employed by cyber thugs to cyberjack computer networks, steal confidential data and gain illegal access to systems.

180216-kotkin-tech-cities-tease3_jgotqs

While existing technologies such as endpoint detection response or EDR can help locate and smoke out these dodgy malware, also known as RATs (remote access Trojan), mechanisms such as email gateways are being employed to tackle spear phishing and halt malicious e-mails in their tracks before they reach the inbox to inflict damage,” he says, adding that the key to staying ahead is to invest in research and develop water-tight security systems.

The second challenge is team-work lag. Extensive cooperation between key stakeholders is critical to winning the battle, he says. “Given the frequency and destructive power of cyber attacks, cyber security must be mandatorily pre-budgeted, in fact as top priority to ensure secure information and minimum collateral damage.”

Enhanced here to continue http://snip.ly/pbb6s

49-day Hack shows need for cyber security beef up

At that point the agency had found out that about 200 email accounts were under the control of criminals.

It took one NSW Government agency 49 days to shut down a hack by fraudsters, a new report on cyber security in the public service has revealed.

The attempted financial fraud in 2017 involved a government agency and its IT systems provider, and spread to other agencies before it was reported and stopped.

The case study is part of a new report by the state’s auditor-general Margaret Crawford.

She called for urgent improvements in the public sector’s ability to respond to cyber security incidents.

“There is a risk that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage may be lost,” the report said.

“Cyber security incidents can harm government service delivery and may include theft of personal information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.”

Google-Docs-Phishing

Hacked account sent out 450 bogus emails

The 2017 case study started with a compromised email account, and led to led to a shut-down of the agency’s financial payment system.

Six days later, the hacked account sent deceptive emails, known as phishing, in a bid to get the credentials of finance staff.

Two weeks after the initial hack, the agency’s IT provider detected a fraudulent invoice and raised the incident to major status.

Email account users were told to change their passwords, but by day-20, the hacked email account had sent out 450 bogus emails, and 300 staff had clicked on the link inside.

20160628_1516_FTI_Cyber_Security

At that point the agency had found out that about 200 email accounts were under the control of criminals, yet it failed to temporarily lock the accounts.

It was not until day 36 that the IT provider reported the incident to the Government’s chief information security officer.

Six days later, it was found that the account that had been hacked at the start was still compromised.

The agency’s payments gateway, which handled business invoices, staff salaries and superannuation, was finally re-opened on the 49th day.

Click here to go in detail http://snip.ly/cismk

FDA steps up efforts at bringing about medical device cyber security

All these factors combine to make medical device cyber security a much needed system.

It is a disturbing, but true fact that medical devices are hacked. Medical devices have inbuilt software, and hackers try to breach this. Medical device cyber security is thus critical, because lack of it can bring harm to patients who use medical devices that come with software built into them.

An important factor that makes medical devices vulnerable to cyberattacks, thus triggering and hastening the need for medical device cyber security is that many times, medical devices are not standalone devices. They are connected via the Net to a number of important sources such as hospitals, electronic records and healthcare providers.

This fact makes it easier for hackers to carry out cyberattacks on medical devices because it is not necessary for them to actually have access to the device to carry out their breach. All these factors combine to make medical device cyber security a much needed system.

CyberAttacksIndustries_gifThe FDA guideline of June 2013:

Keeping in mind the nature of fallibilities in a medical device; the FDA, with the intention of bringing about medical device cyber security passed the draft guideline on this topic in mid-2013. Titled the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; this guideline sought to address the issue of medical device cyber security by making an attempt at identifying the issue from its root.

That is, this guideline on medical device cyber security put in place security checks and procedures that manufacturers of medical device have to put in place right from the earliest stages of manufacture, going all the way up to the time it is implanted in or used by the patient.

medicalDeviceCyberSecurity

The main intention of this FDA medical device cyber security guideline is to offer recommendations that medical device manufacturers need to take to reduce the intentional or unintentional risk of an attack on a medical device. This FDA guideline seeks to enforce medical device cyber security by ensuring that the manufacturers take steps to secure medical devices by clearly defining medical device cyber security.

Terms clearly defined

The FDA defines medical device cyber security as steps taken to prevent any of these:

  • Unauthorized modification
  • Misuse of the device
  • Denying the use of the device
  • Unauthorized use of the information that is stored in these devices. This relates to the information stored, accessed and modified when the device is transferred from one source to another

Documentation is at the heart of ensuring medical device cyber security

Towards ensuring medical device cyber security as defined by it; this FDA guideline requires manufacturers to monitor and document all the aspects of medical device cyber security at all stages. Medical device manufacturers should bring about medical device cyber security by developing a set of controls in three vital areas:

  • Firstly, medical device manufacturers should take steps to permit only authorized personnel into the software of the medical device
  • Medical device manufacturers should also ensure medical device cyber security by filling only relevant and accurate data into the device
  • They should also ensure that data is available when asked for

Controls, controls, controls

A very important aspect of medical device cyber security that the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices brings about is that it requires medical device manufacturers to monitor and document all the possible potential for medical device cyber security breach from the design stage itself.

medicalDeviceCyberSecurityMedical device manufacturers have to also bring to the notice of the FDA whenever they make changes related to security at the premarket notification stage. It seeks to fortify medical device cyber security by requiring medical device manufacturers to provide information relating to medical device cyber security by submitting data related to the following:

medicalDeviceCyberSecurity

Cyber security startups fall on harder times

Their early investors have been left without an easy or profitable exit.

SAN FRANCISCO (Reuters) – A wave of cyber attacks by criminals, spies and hacker activists should make these heady days for U.S. cyber security startups.

Instead, many in the crowded market are struggling to live up to their early promise. In some cases, the security products they developed have been overtaken by advances in cyber hacking, according to industry executives and venture capitalists. In others, larger competitors have come out with similar technology and locked down customers.

“I have never seen such a fast-growing market with so many companies on the losing side,” said David Cowan, a partner at Bessemer Venture Partners, a venture capital firm that has invested in the cyber security sector.

235783ab1d8cfeb

Venture capital continues to pour into the industry, driven by the belief that there is no end in sight to cyber attacks or companies’ need to protect themselves. Yet only a handful of startups have successfully sold themselves or floated in the stock market in recent years. (Graphic: tmsnrt.rs/2mzClbR)

The result is a number of these start-ups have become corporate “zombies” with little prospect of fetching a good price in an initial public offering (IPO) or becoming acquisition targets, experts said. Their early investors have been left without an easy or profitable exit.

Not only is the technology behind cyber attacks rapidly evolving, the nature of how the corporate world uses security firms is changing. To save money and trouble, some companies have consolidated their security work, using just a few large players rather than spreading business around.

Companies are also diverting money to lower-cost “bug bounty” firms that contract out researchers who help identify security weaknesses.

“Suddenly, we are in this situation where there are just too many vendors and too few can be sustained,” said Dave DeWalt, the former CEO of cyber security company FireEye Inc (FEYE.O).

“You’re starting to see companies go, ‘oh my gosh, what do I do? Can I get more capital, do I have to merge?’” DeWalt said.

Momentum Cyber, an advisory firm focused on cyber industry mergers and acquisitions, said it tracks 2,500 security companies today, almost double the number a few years ago. The firm’s co-founder, Eric McAlpine, estimates 300 cyber security startups launch every year.

Few of these are pulling off IPOs. What’s more, big software companies have become less willing to acquire cyber security products they believe they can develop on their own.

“The pipe dream days of selling companies at a rich price equivalent to ten times their revenue are gone,” said Tom Kellermann, chief executive of venture capital firm Strategic Cyber Ventures.

ForeScout Technologies Inc (FSCT.O), a provider of software that helps companies keep the devices of their employees secure, was the only U.S. cyber security company, excluding identity management providers, to go public last year. This compares to three cyber security IPOs in 2016 and four in 2015.

http://snip.ly/91dbi Continue without interruption

 

 

The AAMI TIR 45 is invaluable in helping adapt Agile methods for medical device software

How to apply Agile methods for meeting the Quality System requirements set out for medical device software.

A report from the Association for the Advancement of Medical Instrumentation, namely, AAMI TIR 45, offers recommendations for how to comply with both international standards and guidance documents from the FDA when it comes to Agile practices for developing medical device software.

The AAMI TIR 45 is an attempt to align and synchronize Agile’s values, goals, principles and practices to medical device software development. It shows the ways of doing this. It seeks to remove the many misconceptions and myths surrounding the suitability and adaptability of Agile to medical device software and explains how to apply Agile methods for meeting the Quality System requirements set out for medical device software.

AAMI TIR 45 has been set out to help manufacturers of medical device software reap the benefits that Agile provides, while staying compliant with the regulatory expectations and requirements.

The AAMI TIR 45 was created because of the value that Agile can bring to medical device software. One of the reasons for which Agile was developed was to address concerns relating to the quality and efficiency present in the methods of software development that existed then. When its core features are adapted to the medical device software field, it brings enormous benefits, some of which include:

–       It allows for continuous and persistent focus on risk management, safety and delivering customer value through its method of prioritizing backlog work, and practices relating to planning and customer feedback

–       It uses continuous integration and testing to continuously and consistently assess quality

–       Through its methods of retrospective action and accountability; Agile brings in continuous improvement into the process of software development

–       By focusing on getting things done one stage at a time and thus ensuring timely and incremental completion of work and deliverables; Agile satisfies the demands and needs of the medical device company’s stakeholders in the management and quality areas.

A few reservations

Many experts in both medical device software and Agile fields have expressed reservations about the suitability that Agile has in an extremely stringently regulated area such as medical device software. They refer to the Agile Manifesto, which seems to contain value statements that seemingly contradict the values at the core of a Quality Management System.

They also draw attention to the fact that as Agile evolved at a time when there was no criticality attached to risk management and human safety; the controls needed for producing software to which safety is critical have not been embedded into Agile.

Requires proper understanding and implementation

These points notwithstanding; Agile comes with a fundamental adaptability to the context it is applied in. Implementing Agile principles and practices in a proper way makes it more than adequate in an area like medical device software, where safety is critical. It is perfectly well-suited to accomplishing the lifecycle steps prescribed in IEC 62304 and risk management under ISO 14971. It can also help achieve usability design as required under IEC 62366

A learning session on the AAMI TIR 45

Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will offer thorough clarity on the area of the suitability of the Agile to medical device software. The speaker at this session, Brian Shoemaker, will unravel the elements of AAMI TIR 45 and explain how it can be applied to medical device software smoothly and effectively in a manner that meets regulatory requirements.

Please visit Agile Meets Software Standards to register for this webinar and derive the benefit of understanding how to apply Agile principles to medical device software.

At this webinar, Brian will help understand how the AAMI TIR 45 can be the ideal roadmap for facilitating and bettering development, which benefits everyone concerned, be they development teams, companies, patients, caregivers, or regulators.

He will put this in perspective by explaining the following topics:

o  Convergence: Agile principles and regulatory needs

o  Lifecycle: incremental development, design reviews, documentation

o  Key practices: planning, collective effort, product definition

o  Implementation: evolving architecture, emergent design, continuous testing, traceability

o  Managing your software: release, configuration management, third-party software, and CAPA

Brian will cover the following areas at this webinar:

o  TIR 45 comes at a much-needed time

o  TIR 45 stitches together the important high-level concepts

o  TIR 45 outlines key practices that are needed for flexibility and quality

o  Implementation issues are not ignored

o  This TIR is actually just a starting point.

For more updates and articles AAMI TIR 45