1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit NEXT WEEK on November 2-3, 2016, we’re sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

National Cyber Response Plan + Cybersecurity Strategies:
DHS Races to Get Obama’s Signature on Cyber Response Plan   NextGov

Good Cybersecurity Doesn’t Try to Prevent Every Attack   Harvard Business Review

Why the Auto Industry Is Tapping a Boeing Executive to Lead Its Cybersecurity Group   Fortune

DDoS Attack:
Hobbyist hackers probably caused Friday’s Internet meltdown, researchers say   Washington Post

Cybersecurity Meets Privacy Concerns:
Is Facebook’s Facial-Scanning Technology Invading Your Privacy Rights?   Bloomberg Technology

AI + Cybersecurity:
As Artificial Intelligence Evolves, So Does Its Criminal Potential   The New York Times

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit and register? Click here or watch the video below. #CapitalCyber

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Doug Logan, chief technologist at US Cyber Challenge and CEO of Cyber Ninjas, is the author of our latest cybersecurity guest blog post on new approaches to cybersecurity hiring and retaining top cybersecurity talent. US Cyber Challenge’s National Director, Karen Evans, will be speaking on the Force Multipliers to Future Cybersecurity panel at the 2016 Capital Cybersecurity Summit on Nov. 2-3, 2016.


us cyber challenge logoWith over 209,000 vacant cybersecurity jobs in the U.S and job postings up 74% over the last 5 years; it is an understatement to say that cybersecurity is a growth field. Yet with my work with the US Cyber Challenge, I am routinely told by some of America’s best and brightest that they’re having difficulty finding a job. Once a person reaches the six month mark in a cybersecurity role, recruiters will call like crazy. Getting that initial experience is another story. If we’re going to secure our companies and our country, this is a problem we need to solve.

Traditional hiring practices suggest that we find people who have performed the job function in the past. By this measure, studies have shown that fewer than 25% of cybersecurity applicants are qualified to perform the job functions. I’ve actually had even less optimistic results with less than 10% of candidates qualified. In many cases this is despite certifications, or even similar past job experience. The resource pool is simply not large enough to readily find skilled candidates; and those who are skilled are extremely expensive. I’d like to suggest a different approach: hire the inexperienced and train them.

Time and time again I’ve been surprised at how quickly smart, passionate, but inexperienced individuals out-perform more experienced but “normal” candidates. On average I find that the right candidates learn about twice as fast as your typical candidate. This means that at six months in, my passionate candidate is functioning at the one year experience level; and that one year in, they already function at the equivalent of two years of experience. At this pace it does not take long before they surpass those with more experience; and best of all, home-grown talent is more loyal and won’t typically jump ship. But how do you find this talent?

The best way I’ve found to find smart, passionate, individuals who are interested in cybersecurity is taking a look at those candidates who find the time to learn cybersecurity topics even though they are not required to. This is often showcased in resumes that are littered with self-study topics related to the field, or with participating in one of the many cybersecurity competitions available. This list includes Cyber Aces, Cyber Patriot, the US Cyber Challenge and the National Collegiate Cyber Defense Competition. If you want to check out a site that specializes in showcasing this type of talent, this is why the site CyberCompEx was created.

Unlike the inflated prices of experienced cybersecurity professionals, truly entry-level candidates can typically be picked up at a fraction of the cost. However, with this discount in salary you should be planning on spending a good $5,000-$10,000 the first year on investing in their training. In addition, you should be sure to review their performance at the six month mark and bump their pay appropriately at that time. While home-grown talent is less likely to jump ship, you always need to be in the ball park of their current worth.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Jack Huffard, president, COO and co-founder of Tenable Network Security, discusses the latest legislation on legacy IT in the federal government in his NVTC guest blog post. Huffard will be participating on the Collaborating for Cyber Success Panel at NVTC’s Capital Cybersecurity Summit on November 2-3, 2016.


jack-huffard-2015-2-webIn government IT, the old adage “if it works, don’t fix it” no longer applies. While legacy systems may still technically be working, they can harbor risky vulnerabilities without vendor support, regular security updates or patch management. This point hit home for many in May when a report from the Government Accountability Office revealed that the country’s nuclear arsenal was still controlled by a system with an 8-inch floppy disk.

More recently, the House Oversight and Reform Committee released its report analyzing the OPM Data Breach that exfiltrated personally identifiable information (PII) of over 4 million government employees and over 21 million more cleared individuals. One of the report’s key recommendations was to modernize existing legacy federal information technology assets to help prevent another such egregious attack.

The Modernizing Government Technology Act of 2016

Earlier this year, to address this urgent situation, two bills were introduced in Congress to help modernize government IT systems – the MOVE IT Act and the IT Modernization Fund. Both bills have since been combined into the Modernizing Government Technology Act of 2016 (the MGT Act). This Act would create individual funds for government agencies and a broader centralized fund to which agencies could apply for financing modernization efforts. The bill states that the funds could be used “for technology related activities, to improve information technology, to enhance cybersecurity across the Federal Government.”

Details of the MGT Act

More specifically, MGT stipulates several areas in which modernization funds can be used, including:

  • Replacing existing systems that are outdated and inefficient
  • Transitioning to cloud computing (using the private sector as a model)
  • Enhancing information security technologies

The Act states that the government currently spends almost 75% of its IT budget (which now totals over $80 billion) on operating and maintaining legacy systems, leaving little left over for modernization efforts. Not only are these systems subject to failure, but as they get older and older, they present greater and greater security risks as well. So it is good to see that the Act encourages not only the simple replacement of agencies’ IT systems, but the addition of cybersecurity technology. Regardless of which new technology is chosen – on-premises, virtual, or cloud-based – there is also a pressing need for better information security solutions for government infrastructures, as evidenced by recent agency breaches.

MGT is unique and different than previous proposals because it does not appropriate funds. Rather, it enables agencies to transfer monies – that they have saved by retiring legacy systems and moving to newer technologies – into individual IT working capital funds. They could then reinvest those funds over the next three years for other modernization initiatives, avoiding the “use it or lose it” cycle.

The Act also calls for a general government-wide IT Modernization Fund. This centralized fund would be overseen by the General Services Administration (GSA) and an IT Modernization Board in accordance with guidance from the Office of Management and Budget. Agencies would apply, and present business cases for access to the funds to modernize their legacy IT infrastructures. The centralized fund would then be replenished with savings from those modernization initiatives.

The 8-member IT Modernization Board would include the Administrator of the Office of Electronic Government, a GSA official, a NIST employee, a DoD employee, a DHS employee, and three tech-savvy federal employees.

Moving forward in the 21st century

The MGT Act was introduced by Rep. Will Hurd (R-Tx.) who is one of the few members of Congress with a computer science degree. It was co-sponsored by Rep. Gerry Connolly (D-Va.) in a welcome display of bipartisan collaboration. The House passed the bill at the end of September 2016. It is now up to the Senate to act on the bill. Prospects for passage are encouraging, and this bill would be a good step towards updating legacy IT systems, strengthening cybersecurity and embracing 21st century technologies.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit on November 2-3, 2016, we’ll be sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

IoT:

As cyberthreats multiply, hackers now target medical devices  CNBC

Leaky IoT devices help hackers attack e-commerce sites   CIO

Election:

Connolly: cybersecurity at stake in election  FCW

Government:

U.S. CISO wants to lean on freelance hackers to improve .gov security  FedScoop

CIA Prepping for Possible Cyber Strike Against Russia  NBC

General:

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth   Motherboard

 

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit? Click here or watch the video below.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC provides members with many valuable benefits and programs. The best way to realize the full value of your membership investment is to take advantage of all your membership benefits. In celebration of NVTC’s 25th anniversary in 2016, here are 25 ways to make the most out of your NVTC membership.

1.       Take advantage of NVTC’s inclusive membership. All employees of member companies can participate as members. Strengthen your membership roster by engaging more employees in NVTC’s events, committees and programs.

2.       Join a committee. NVTC’s committees focus on specific industries or interests and offer increased brand exposure, leadership, presentation, panel and professional development opportunities, as well as professional development for your employees. Comprehensive and content-driven, committees’ smaller scale provide ample opportunities for efficient networking.

3.       Attend NVTC signature events like TechCelebration and Titans breakfasts. NVTC’s signature events draw hundreds of top technology executives and feature well-known and relevant speakers from all industry sectors. If you want exposure and the best networking, our events are where you need to be!

4.       Post FREE job listings and receive FREE access to NoVaTechVets.org, a database of more than 800,000 Veteran resumes through the NVTC Veteran Employment Initiative (VEI). NVTC also provides resources and training to promote best practices in Veteran recruitment, training and retention, connections with the region’s academic institutions.

5.       Network on Engage! Engage is NVTC’s dynamic members-only platform to network, collaborate and communicate. Now you won’t have to wait until the next NVTC event to network with your NVTC peers…you can now connect with them 24/7 online!

 6.       Enhance your organization’s public policy advocacy efforts. NVTC is front and center in Richmond to advocate for issues that are important to members and to advance a pro-business, pro-technology agenda. NVTC’s full-time advocacy team can offer counsel on your policy objectives and help you connect to policymakers.

 7.       Promote and brand your business through NVTC’s sponsorship and advertising opportunities. Reach thousands of technology decision-makers or target a very specific market or industry sector. Contact Yolanda Lee at ylee@nvtc.org to create your personalized advertising/sponsorship plan.

 8.       Put your business on the Techtopia Maps. For more than 15 years, the NVTC Techtopia Map has been our way of “branding” Northern Virginia and the National Capital region as a premiere technology corridor. Sign up today to ensure that your company is represented among other key players in the technology community on the 2017 Techtopia Maps which include the main Techtopia Map and three industry-specific maps: Cybersecurity, Big Data & Analytics and Health IT Map.

 9.       Utilize NVTC’s searchable member directory. NVTC members have access to a detailed online business-to business directory to help you find business contacts and potential partners. Offering complete contact information of all other NVTC members, the members-only directory is one of the most valuable tools in your membership.

10.   Participate in NVTC’s new Tech Talent Initiative. Leverage your organization’s efforts to recruit, hire, retain and upskill your workforce and expand your connections to the academic community through NVTC’s new Tech Talent Initiative. Learn how you can participate in NVTC’s workforce research efforts and assistance opportunities.

 11.   Expand your company’s communications outreach by utilizing NVTC’s communications resources. By updating your organization’s expertise on your member profile, NVTC can help connect you to reporters who contact us for stories. You can also submit your news for publication on the member news section of the NVTC website.

 12.   Contribute an NVTC guest blog post and showcase your organization’s unique expertise.

 13.   Hire an intern through the VEI Scholars Summer Internship Program. NVTC member companies can provide student Veterans from 14 NVTC member colleges and universities with professional mentoring and meaningful work-based experiences by participating in the Scholars program.

 14.   Highlight your organization in the monthly Member Spotlight section on the NVTC website and eNewsletter.

 15.   Stay informed about NVTC and the latest tech industry news and trends by reading NVTC’s The Voice of Technology magazine and NVTC’s weekly member eNewsletter.

 16.   Read the NVTC daily news summary in your inbox and keep up to date on the biggest technology articles of the day from all major and trade publications.

 17.   Access NVTC’s members-only Resource Library that offers a comprehensive collection of webinars, podcasts, articles and other publications developed by NVTC and its members.

 18.   Recruit on NVTC’s job board. NVTC offers a job board for NVTC members to post positions and for applicants to apply.

 19.   Start saving! NVTC Member Advantage program provides members with money saving member-exclusive discounts on a variety of valuable products and services while facilitating mutually beneficial business relationships between NVTC member companies.

20.   Take advantage of discounted health screenings. NVTC members get an exclusive discount on a comprehensive physical health exam offered through Inova Health System’s Executive Health Screening Program.

21.   NVTC members get access to preferred pricing and special discounts on select Insperity HR solutions, including Workforce Optimization, Workforce Synchronization, Payroll Services, Time and Attendance, Organizational Planning, Recruiting Services, Expense Management and Financial Services. Insperity, Inc. is a leading provider of human resources and business performance solutions.

22.   Participate in NVTC’s exclusive RiskNet and BeneNet discount programs and get reduced rates on insurance and employee benefit programs for companies of all sizes.

23.   Save on office at Office Depot. As a member, you will be able to enroll in the discount program to enjoy incredible savings on office supplies, ink and toner, paper, and coffee and break room essentials.

24.   Save 30% on UPS shipping! Members can now save up to 30% on UPS shipping services thanks to a new exclusive agreement with NVTC! That’s a significant savings, all with a carrier that guarantees delivery of more packages around the world than anyone, and delivers more packages overnight on time in the US than any other carrier.

25.   Utilize NVTC’s free conference room space: NVTC offers free conference room space for small technology and associate member companies (1-9 employees) at NVTC headquarters in the CIT building in Herndon. Email Yolanda Lee at ylee@nvtc.org for details.

Ready to join NVTC? Fill out our membership application!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

We’re thrilled to share our latest cybersecurity guest blog post written by Rick Howard, chief security officer at Palo Alto Networks. Howard will be sharing his expertise at the Capital Cybersecurity Summit on November 2-3, 2016 on the CISO Sidebar panel.


Rick Howard HeadshotIn today’s cybersecurity landscape, where attacks are increasing in number and sophistication, the network defense model developed over the past 20 years has become overwhelmed. Commonly referred to in cybersecurity circles as the “Cyber Kill Chain,” the model uses what was originally a military concept to help network defenders find a cyber attack and fix any damage it caused and then track, target and engage with the cyber attacker.

Over time, cyber adversaries’ capabilities grew. Soon, they were routinely finding ways to circumvent the Cyber Kill Chain model. This happened for several reasons:

  • Too many tools for defenders to manage. As network defenders struggled to keep up with evolving cyber attackers, more security tools were implemented on the network, and the man-hours spent ensuring those tools were operating correctly and analyzing the data they provided quickly became a burden with which most network defense teams couldn’t keep up.
  • Too much complexity for security. As new security tools were added, the complexity of the network grew. The more complex the network, the easier it is for network defenders to make a mistake that can expose the network to cyber attacks.
  • Too much wasted time. As vendors launched new security tools, customers entered into a kind of arms race in which they were constantly evaluating new “best of breed” security products against each other to determine which was the most effective. These evaluations could take months, with more time and money wasted after a decision was made in order to remove legacy security tools and replace them with new ones, and then train teams on how to use them effectively. It was a process that became more complex – and expensive – every year as cyber threats evolved and new tools were developed to address them.
  • Too inefficient at crossing the last mile. Cyber attackers often leave clues when they penetrate a network’s defenses, which are called “indicators of compromise.” Once an indicator is found, network security vendors develop prevention and detection controls that address the indicator and deploy them to customers—a process the industry has referred as “crossing the last mile.” But when an indicator affects multiple products from different vendors, or a new indicator of compromise is discovered, keeping track of the status of each tool and whether or not that tool has the most updated controls installed becomes a logistical nightmare.

Much of the complexity that currently overwhelms the Cyber Kill Chain model can be solved with an integrated security platform. “Platform” is a buzzword many vendors use, but I define it as a way to combine tools that network defenders have previously implemented as point solutions from different vendors into a platform built and maintained by one vendor. The “secret sauce” is that integration – when the platform components work together – makes each component more effective as a result of its integration with the others and it makes the network easier to defend by reducing the number of tools to be managed.

More advanced security platforms have the additional ability to automate the deployment of prevention and detection controls, making the process to cross the last mile much less labor-intensive. By replacing an ad hoc collection of independent, patched-together tools with a well-integrated, automated security platform, the problems described above become much simpler to resolve or disappear altogether. Partnering with one vendor gives network defenders leverage in terms of contract negotiations. They can use longer term contracts to get significant discounts from the vendor and, because of that, they can insist on creative fulfillment models that are advantageous to themselves in defending their networks.

The challenge for automated security platform adoption is primarily cultural. Network defenders are familiar with the best-of-breed security tool model, and many see the constant evaluation of new tools as a sort of “survival of the fittest” contest that ensures they’ll find the best tool for their network. It will take a lot of education and mind-changing, a process that may require support from an organization’s board of directors or C-suite, to ensure it happens. But it’s a change that needs to happen in order to protect our way of life in this digital way more effectively and efficiently in the future.


Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit on November 2-3, 2016, we’ll be sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top cyber headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

NSA Contractor arrested; charged with stealing top secret info  Cyber Scoop

How did the Feds Get past Yahoo’s encryption? Yahoo!  Wired

Which country has the most malware-infected devices?  CNBC

Johnson & Johnson warns of insulin pump hack risk  USA Today

Hackers used the IoT to create an unprecedented DDoS attack—Now what?  IOT Journal

Federal cybersecurity workforce should be more than just IT degrees  Federal News Radio

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit? Click here or watch the video below.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week’s blog is written by Connie Pilot, executive vice president and chief information officer at Inova Health System. Pilot will be sharing her expertise on the “The Coming Storm from IoT” panel at the Capital Cybersecurity Summit on November 2-3, 2016


Pilot_Connie UpdatedWith billions of data-generating devices connected to the Web, the Internet of Things (IoT) is changing the way we do business. No industry is immune, including healthcare. The Food and Drug Administration estimates that 500 million people around the world use some sort of mobile health app on their smartphones and millions more have embraced wearable health technology. Inside the hospital, Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps provide critical patient monitoring and support and as wireless technology proliferates in healthcare, so too does risk. The Web is fertile ground for stolen medical records, which are now more valuable to hackers than credit cards. Providers must find new ways to secure private data in an ultra-connected world.

The IoT offers important benefits for healthcare delivery and efficiency. It provides new avenues for patient communication, improves patient engagement and compliance, and enhances value-based care and service. At Inova, we use it in many ways: to monitor fragile newborns in the neonatal intensive care unit, control temperature and humidity in the operating room, deliver pain medication post-operatively and measure heart rhythm in cardiac patients, to name just a few. Medical data tracking enables us to intervene when necessary to provide preventive care, promptly diagnose acute disorders or deliver life-saving medical treatment. The benefits extend beyond our hospital walls into the community, where the IoT drives telehealth advancements that improve access for patients, such as virtual visits, eCheck-In, patient portals and electronic health records.

Balancing the benefits of greater connectivity with the need to protect critical data is a growing priority for healthcare providers. Opportunities exist for instilling interoperability and security standards that will seamlessly facilitate the sharing of necessary patient care information, while continuing to safeguard it from cyber-attacks.

Enabling connection and communication among different information technology systems and software applications can be daunting. While healthcare organizations can use proven security protocols in other domains, differences between IoT devices and traditional computing systems pose significant challenges. The IoT introduces innovative technology that requires emergent, often untested, software and hardware. Wearables, such as consumer fitness trackers and smartwatches, are a case in point. They present non-traditional access into the technology environment. While they use existing communication protocols that can be secured, there are challenges with multi-factor authentication and control of the devices in case of loss or theft.

Additionally, with millions of people using wearables, the volume of data generated can easily overwhelm an organization’s network, leaving it vulnerable to a potential denial of service attack. In this scenario, hackers attempt to prevent legitimate users from accessing information or services. Methods must be developed to limit data transmitted from wearables solely to those devices that should be transmitting and solely to information that is required for patient care.

Clearly, developing new methods of securing devices and the information they generate is a formidable task. We are fortunate to do business in an area that is well positioned to tackle this growing cybersecurity threat. With one of the most sophisticated technology workforces in the country, pioneering start-ups, world-class educational resources and a large government infrastructure, the National Capital region stands at the epicenter of innovation, policy and research. Our collective expertise can help us meet healthcare privacy and security challenges, and keep our patients and community safe.

 

Connie Pilot is executive vice president and chief information officer at Inova Health System. As the leader of Inova’s technology services division, she oversees all aspects of technology, including IT applications, change and quality management, information security, enterprise architecture, service delivery and informatics. 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Gabriela Coman, partner and co-chair of Rubin and Rudman’s Intellectual Property Practice in Washington, D.C., discusses the ever-expanding field of medical device wearable technology and the important intellectual property implications around these devices.


RubinRudman

Wearable devices such as personal health monitoring, prevention and management devices, as well as methods of using such wearable devices, have become part of our everyday life and essential tools of modern medicine. From head-mounted display devices such as Google Glass or Oculus Rift to bracelets such as Fitbit or Garmin, wearable devices have also become part of an increasingly competitive and litigious environment, especially when competitors enter the market.

To become successful in the marketplace, a wearable device company needs a superior product and patent protection for its wearable device and related methods of use, both in the United States and abroad.

Patents are critical. A patent is a legal right that excludes others from practicing, manufacturing and selling the technology claimed in the patent (the wearable device and/or method of use of the wearable device).To obtain such patent protection, a wearable device company must submit a separate patent application for each country (or region, in the case of the European patent application) in which it wishes to protect its investment and invention. The time, money and effort required to obtain U.S. and international patents are important considerations because the process to obtain a patent requires a significant investment after filing the application.

Without patent protection, the costly product development for wearable devices may easily be copied by competitors. However, if the wearable device is patentable (and once it has been patented), the company will be able to (i) create legal barriers to entry for competing devices by preventing others from copying, selling or manufacturing the patented device; (ii) license the patented device to generate revenue; and (iii) enhance the value of the wearable device company by building equity in the company and creating assets that may attract other investments.

Before a wearable device company invests time and money to develop a wearable device and bring it to market (particularly for medical devices in the U.S. market that require FDA approval and clearance), the wearable device company should consider the following:

1.    What Are Wearable Devices?

Wearable devices encompass various technologies and systems that span numerous lifestyle applications including health and wellness, sports and fitness, home diagnostics, childcare, pet care, fashion and continuous lifestyle monitoring, among many others. These wearable, portable medical devices make it easier for people to assess their wellness, adopt better lifestyles and prevent the majority of diseases with early diagnosis and treatment. These wearable devices (when connected to a hospital or doctor) can also alert health professionals to various problems regardless of where the patient is located.

For example, a personal heart monitor like AliveCor Heart Monitor (FDA-approved for detection of atrial fibrillation) allows patients to monitor their heartbeat using an iPhone and provide the information to their doctors. The AliveCor Heart Monitor may be combined with its AliveECG app to provide a 30-second, one lead electrocardiogram in addition to recording heart rate per minute. In just 30 seconds, a patient could capture a medical-grade electrocardiogram and know instantly if the heart rhythm is normal or if atrial fibrillation is detected in the electrocardiogram. The AliveCor Heart Monitor operates remotely and includes a control unit wirelessly connected to a transmitter that could relay heartrate signals and electrical profile of the heartbeats, skin temperature and other measurements from a chest band or patch, for example.

Google Glass is another exemplary wearable device. As a head-mounted display device in the shape of a pair of eyeglasses, Google Glass allows medical personnel (surgeon) to view information relevant to a patient during surgery without having to turn away from the patient. As the projector display is next to the user’s right eye, the surgeon could see all medical information without looking across the room and away from the patient. The Glass projector could also display patient’s vital signs, urgent lab results and surgical checklists, along with relevant information on the specific surgical procedure. The doctor can control the device manually through voice commands and a touchpad located on its frame.

2.    Impact Of Wearable Devices On Health Information Technology

With the 2014 launch of the Apple Watch and its related Apple Health app (a health and fitness data dashboard) and HealthKit platform, many have predicted the beginning of a digital healthcare revolution. Indeed, wearable technology devices have impacted our personal lives in many ways providing insight into our health and diet regimen, blood pressure, sleep pattern, heart rate and many other life aspects. Wearable devices in the form of sport watches track steps and amount of calories burned; Doctor on Demand facilitates video conferences and live discussions with remote physicians; Google Glass facilitates surgery by offering surgeons information relevant to the patient without having to turn away from the patient; mobile health apps help patients stop smoking or lose weight (and can be installed either on a mobile phone or tablet).

Recently, medical device companies have promoted the use of biometric technology within people/patients. The idea is that sensors within the body could be used to call the healthcare provider if the person is sick. These sensors could be swallowed and placed in the blood or injected or inserted directly under the skin. The sensor can report when a patient ingested a prescription drug, as well as a patient’s vital signs. For example, a digital sensor recently approved by the FDA can be placed inside a pill and swallowed by a patient. Once the patient swallows the tiny digital device, the sensor transmits the identity of the medication and timing of ingestion to a mesh worn on the patient’s skin. The mesh then transmits the received information to a mobile phone app that can also provide physicians with vital signs such as heart rate, body temperature and various rest patterns.

Data from biometric digital sensors can be integrated with wearable devices to create new age health monitors that are further integrated with smartphone apps. Conventional health parameters such as glucose, blood pressure and heart rate can now be combined with environmental data to provide predictive as well as preventative information. In this manner, the emphasis is shifted from treatment to prevention of illnesses and diseases.

3.    Wearable Devices And Types Of Intellectual Property

Wearable devices in the medical field could be protected by various types of intellectual property including patents, copyrights and trademarks.

Utility patent applications may be filed to encompass various aspects of the device per se, such as components and specific structures of the wearable device, as well as designs of various components of the wearable device (through design patent applications).

Patent applications may be also filed to cover hardware of the wearable device such as software, interface, or materials and specialized particulates employed in the wearable technology.

A wearable device company may also apply for copyrights in various software for operating the wearable technology and device, and/or trademarks directed to branding. Considerations may be also given to the packaging of the device for possible protection by trade dress.

4.    Patent Protection For Wearable Devices

Wearable device are protected and patented in the U.S. and other countries.  However, methods or surgery and medical treatment methods are protected and patentable in the U.S. and Australia but typically not in Europe and other countries such as Canada, South Korea or Japan.

Utility patent applications may be filed directed to various aspects of the device per se, such as systems, sensors (electrical, optical or chemical sensors that monitor patient parameters), servers, accelerometers, actuators, materials, controls, kits or specific mechanical components of the wearable device, as well as designs of various structural components of the wearable device (through design patent applications).

Patent applications may also be directed to software, interface (iconic, graphical or numeric user interface with monochrome or color LCD display) or controller (high speed microprocessors or microcontrollers for analysis and data control) of the wearable device.

For example, US 8,764,651 entitled “Fitness Monitoring” discloses and claims inter alia a monitoring system with a portable device, one or more sensors and a processor; a system with a cellular telephone, an accelerometer and one or more sensors; and a system with a server, a portable appliance with a heart sensor and a processor. US 8,108,036 entitled “Mesh network stroke monitoring appliance” discloses and claims inter alia a monitoring system that includes one or more wireless nodes and a sensor coupled to a person to determine a stroke attack; as well as a heart monitoring system that includes one or more wireless nodes, a wearable appliance and a statistical analyzer. Similarly, USD 737159 and USD 764346 are examples of design patents that depict and claim ornamental design for wearable devices.

Medical device companies in the wearable technology field should protect all novel aspects of the wearable device including structural attributes and methods of use, as well as the ornamental look and design of the product. When possible, medical device companies should include claims that cover not only the product per se but also software that is within the app and the wearable device, without referring to the device, to preserve the right of the patent owner to sue the manufacturer of the software for direct infringement of the patent.

5.    Wearable Devices And Privacy Concerns

While wearable devices and biometric technology are redefining the information landscape offering many opportunities, they also pose several challenges.

One important challenge is protecting personal data and ensuring that the policies protecting the privacy and confidentiality of patients are evolving at the same pace as the expanding use of new technologies. Concerns are being raised as to where this personal data is stored and how it is being protected. Highly sensitive and personal data is constantly input into many smartphones with health apps which monitor an individual depending on the data that is inputted. The more data that is inputted, the more vulnerable the individual/patient becomes.

The digital format of data from wearable devices and biometric records opens a world of opportunities for hacking and data breaches, especially when the wearable device is linked with a smartphone, tablet and computer.

 

Gabriela I. Coman is partner and co-chair of Rubin and Rudman’s Intellectual Property Practice in Washington, D.C. Coman practices primarily in the intellectual property area, concentrating in the fields of medical, biotechnology, pharmaceuticals, chemical, semiconductors and design patents. Contact Gabriela Coman by email at gcoman@rubinrudman.com or by phone at 202.794.6300.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week’s cybersecurity headlines spanned Yahoo’s massive data breach, growing election cyber threats and a major IoT hack. Leading up to our Capital Cybersecurity Summit on November 2-3, 2016, we’ll be sharing a weekly roundup of some of the top cybersecurity stories. Find an interesting cybersecurity article? Share it with us in the comments or Tweet us at @NOVATechCouncil

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit? Click here or watch our event video below.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS