Pitfalls in AI?

Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production. Use AI and don’t land in the pitfall.

“Competition is the keen cutting edge of business, always shaving away at costs”…Henry Ford

Is there a pitfall if you use AI? Computer Forensic Experts Lee Neubecker interviews Chief Innovation Office with DISCO, Cat Casey both agree the largest pitfall in AI is NOT embracing AI! Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production.

Cat explains DISCO was born out of the firm’s frustration with conventional eDiscovery tools that were slow and difficult for lawyers to use. Instead of being forced to adapt our work methods to technology, we wanted to invent technology that works the way lawyers work. DISCO was the result, and today we are the fastest-growing eDiscovery solution in North America. Both experts agree implementing AI will help companies gain a competitive edge. Watch this video to hear examples of how AI helps sharpen that edge!

Final Part of our 3-Part Series in Artificial Intelligence: Pitfalls in AI

The Video Transcript Pitfalls in AI Follows.

Lee Neubecker (LN): Hi and welcome back again Cat. Thanks for being on the show again.

Cat Casey (CC): My pleasure.

LN: Cat Casey from CS Disco. She’s a Chief Product Innovation Officer. Did I say that right?

CC: Chief Innovation Officer.

LN: Okay.

CC: Products too, though. It’s fine.

LN: They call her chief.

CC: They should.

LN: So we’re going to talk now, in this last part of our series on artificial intelligence, about some of the challenges of organizations that don’t adapt and don’t get on board. So, what do you see the potential risks and pitfalls for law firms that don’t begin to embrace so sort the form of a technology-assisted review or artificial intelligence to help speed up the review process?

CC: Well, at a very basic level, clients are getting smarter. We’ve got Clock, we’ve got clients talking to each other more, and they’ve raised their expectation of how their firms are going to be competitive. And it used to be if you were big law firm A you would always have this corporate client for every anti-trust case they would always go to you. But now I was getting dozens of RFPs where they’re asking me what technology are you using? How are you driving innovation? How are you driving efficiency? Because there is a higher expectation of competition between outside counsel. That, maybe, wasn’t there a few years ago. And so, the client expectation is driving this appetite to investigate eDiscovery and Artificial Innovation (AI) based innovation in a way that wasn’t here a few years ago.

LN: Has there been any industry research that has attempted to benchmark the cost of a case using an AI platform to speed up review versus not, to your knowledge?

CC: You know. I can speak from Disco, and we see about a 60% reduction in time to evidence to production. And that translated to dollars. And so, I mean, 60% savings on the 80% of a case that is reviewed is substantial. The thing that I think is most important is cost-savings big, but getting evidence quicker.

LN: Yeah. Time is of the essence.

CC: That is the thing that is paramount because of a lot of these companies… I worked at a company that had very big budgets, but no amount of money, no amount of people, was going to be enough to get these insights I needed before the meet and confer. Or before I had a critical filing with a government investigator. And so, getting evidence quicker so I can start building my case, was the differentiator.

LN: Yeah, certainly if you’re working for a company facing a DOJ inquiry.

CC: Yep.

LN: Knowing the good, the bad, the ugly.

CC: Yep.

LN: As soon as possible can help you make better decisions for your clients. Which might involve, you know, settlement. settling. Yeah, yeah. There have been many recent settlements, recently, from big companies that didn’t want to get tied down at least.

CC: Well I’ve had cases where… One of my favorite ones I used tons of different AI and analytic tools. I had a big bank that had been fined billions of dollars and another big bank was, they had hired on people in that same group, and they were wondering if they would be subject to the same investigation. So, I did some social network analysis. Who was talking to who, with what frequency? I parsed Bloomberg’s chat. I parsed audio logs. And I used everything to keep triangulating down until I was able to identify the bad actors, saying the bad things, and the map of the structured data to show they didn’t do the bad things. And my company wasn’t on the front page of the Wall Street Journal. My company wasn’t fined. So it ends up being very compelling, even early in investigations.

LN: Yeah. Certainly responding quickly is important now. Have you seen any success stories as it relates to companies embroiled with data breach incidences, that have used your platform to help get ahead of what was going on?

CC: 100%. I mean PII, so personally identifiable information, is something that you’re going to have to notify if there is a breach. So if someone, say your Equifax, not that I’m naming them, but say you’re a big company with a lot of personally identifiable or health information. You need to identify it quickly, notify these people in their specific timelines. Tools, like Disco’s, help you use algorithms to find that quickly and act upon it. Otherwise, if you’re looking at 100 million records, there’s no amount of humans that could go through that, in a timely manner, where you’re going to comply with time obligations. And so, it’s majorly impactful.

LN: That certainly is. Well, are there any other things you want to say on the show before we wrap up?

CC: You know, adapt. The reality is no one wants to be the buggy whip maker in a Tesla world. The time to start investigating and vetting and ensuring that the tech you’re looking at isn’t hype is now. Because in a year, or three years, or four years, you might be behind the curve. So, find your resident dork, ask questions, dig into the tech. Now is the time.

LN: And it’s probably worthwhile, you know, without being biased towards Lit Funder, why not take a case try out Disco, try out another offering to see what really works. I mean you had the benefit of…

CC: Yeah.

LN: You were on the other side working for the law firm, shopping for vendors.

CC: I did a 55 vendor RFP. I’ve seen everyone. I’ve looked under every hood. I mean there’s a reason I went to Disco. But there are other tools good out there. I think you want a toolbox with lots of different tools. If you’re a hammer, everything looks like a nail. Let’s be honest, litigation is always bespoke, so you want lots of tools that can help you address it.

LN: Great. Well, thanks again for being on the show.

CC: Yeah, my pleasure.

LN: This was great.

Watch the Entire Series on Artificial Intelligence (AI)

Part 1 of our 3-Part Series on AI

Part 1 in our 3-Part Series on AI

Part 2 of our 3-Part Series on AI

Part 2 on our 3-Part Series

Other Related Articles

DISCO’s website

https://www.csdisco.com/about-us

The Association for the Advancement of Artificial Intelligence

http://www.aaai.org/

Please follow and like us:

What does the Cook County Clerk of the Circuit Court do?

Meet Jacob Meister candidate for Cook County Clerk of the Circuit Court that oversees the second-largest court system in the United States. Jacob vows to improve and better manage over 400 judges in 14 different court locations all around Cook County.

The Cook County Clerk of the Circuit Court is one of those offices that is not well known but is extremely important in the operation of one of the nation’s largest court systems. The Cook County Circuit Court is the second-largest court system in the United States. The Clerk of the Circuit Court is responsible for overseeing all the court records for many courts including small claims, chancery, civil, law, probate, child support enforcement, traffic, and criminal courts. There are over 400 judges in 14 different court locations all around Cook County.

In this video, Lee Neubecker interviews Jacob Meister, a candidate for the Cook County Clerk of the Circuit Court. Jacob Meister has been a practicing attorney in Chicago for 29 years. In his law practice, he has been a near-daily user of the Cook County Court system and he has experienced firsthand the tragically antiquated and inefficient operation of the Clerk of the Circuit Court’s office. Jacob Meister shares how he intends to reform the antiquated system, create a better judicial management workflow with transparency, efficiency and while running the office in an ethical manner.

Part 1 of our 4-Part Series on Meet Jacob Meister Candidate for the Cook County Clerk of the Circuit Court

The Video Transcript for What Does the Cook County Clerk of the Circuit Court Do?

Lee Neubecker: Today I have on my show, Jacob Meister. Jacob’s running for Cook County Clerk of the Court. And he’s come on today to tell us all a little bit about what the Clerk of the Court does and what their role is. Thank you for being on the show.

Jacob Meister: Well, thank you for having me on, Lee. The Clerk of the Circuit Court is one of those offices that are not really well known but is extremely important in the operation of our courts. The Cook County Clerk oversees the second-largest court system in the United States. We have over 400 judges in 14 different court locations all around Cook County. And the Clerk of the Court is the chief operating officer effectively of the courts, overseeing everything from all the court records to staffing the courtrooms, the Court Clerk’s who take your oath when you go testify and then all of the intake and the counters. And they also oversee things like child support, about a half a billion dollars a year in fines, fees, and forfeitures. They handle all the accounting so that when a fine is paid, it goes to the right municipality or to the state or to whoever is entitled to that money for the fines. So it’s very important. The Clerk’s office is currently occupied, as you may know by Dorothy Brown. She’s retiring after 20 years. And we really need to rethink how the Clerk’s office works. I personally am the only one in the race who has actually practiced for 29 years in the Circuit Court of Cook County and made a career of it. And it’s an office that’s broken. It’s broken ethically and operationally. We still, unfortunately, as judges and lawyers hand write out orders in triplicate using carbon paper. And for a court system that has a million and a half cases pending, that means millions and millions and millions of pieces of paper just in court orders. We can do better. We have to do better. The private industry long ago automated, implemented technology. We need to do the same thing in courts. And let me just give you a couple of examples of the real-life consequences of what happens because of our broken technology. We have about 600 prisoners right now in the Cook County or in the state of Illinois prison system who have appealed their convictions and their convictions for more than a year, cannot move forward because the Clerk’s office has lost the paperwork. And this has been pretty widely reported on. But the other things are that you know, people end up getting evicted, they have child custody issues, they sit in the Cook County jail because our current system can’t get paperwork where it needs to be. It doesn’t have good auditing standards, accounting standards. We need to do better because it affects substantial justice.

LN: So will you put computers into the courtroom with printers so that the documents are being captured instantly, electronically?

JM: Well, it’s actually beyond that. So you’ve got two kinds of systems. You’ve got one system which is, a filing system. And right now, we are in the process of moving over so that when people file paperwork, it gets filed electronically. But the second system, which is yet to come is a case management system. So once those documents have been filed, we need a way to index everything. The current Clerk’s office runs on a DOS-based system that was implemented in the 1990s and it’s just an index system. But court systems all around the country have very robust case management systems that outline exactly what’s going on in the case. And instead of having written orders, you do digital orders so that, so that those digital orders, are called minute orders, are captured right in the courtroom, real-time, by the Court Clerks, noting such things as the next court date or what happened in the court, in the court hearing. There’s still going to be a percentage of things that need to be done on paper and then uploaded as PDFs but we can probably capture about 80% of our orders fully digitized so that there is no paper but goes in digitally. And that is a great first step and it helps eliminate errors. It makes sure that there’s a clear record that’s available, it needs to be available. Web-based from outside the court system too so the lawyers and judges-

LN: So you mean you had to come down on a cold Chicago day

JM: Correct.

LN: to stand in line. To pay your money, to make your photocopy and then schlep back.

JM: Correct. I mean, right now, they’ve got electronic filing so we file, we’re required to file digitally but if you want to get a copy of what’s been filed digitally in a case, you actually have to travel to a court location, print it out hard copy, pay for the hard copy and then, of course, I go back and scan it back into the system. It’s not available web-based. It’s not web-based for download, just like the rest of the world works and that’s a problem.

LN: There are systems out there though, commercial systems out there that are designed to snap in and take care of that, correct?

JM: Correct, there are case management systems that are in use. Cook County has a tremendously complex court system with lots of divisions and different sections all over the county so we need to be very highly customized. Cook County has committed to about 36 million dollars towards a new case management system. Problem is, they want to use an off the shelf software. They tried rolling them out in the criminal division back in November. It is fraught with problems. There hasn’t been proper training for the users. Actually, the judges and lawyers and others, including the Sheriff’s Department, the State’s attorney, all of the stakeholders in the system haven’t been consulted with bringing that onboard and so as a result, we’ve got a system that is at risk of just being shelved and not used any longer because it’s just fraught with problems and errors and lack of user training. We need to do a better job. We need to train people. We need to consult with all the end-users to make sure that our case management system meets the workflow of the courts, not the other way around and our current Clerk has tried to implement it in a way to say, “Here’s a system we’re going to use. Figure out how to organize your court system around our computer system.” That’s the tail wagging on the dog.

LN: So as a reformer, you really plan to make changes to speed up and get rid of the backlog of cases that currently jam up the court.

JM: Yeah, well, right now, we’ve got a huge backlog as I mentioned in the Appellate Court. You’ve got a huge backlog because the Circuit Court’s not transmitting proper records up to the Appellate Court so you got a huge backlog in the Appellate Court and you end up having a much slower process at the Circuit Court level because it’s all based on our old paper system movement of files from courts to warehouses, back to the courts, back and forth. Things are lost.

LN: That creates lots of jobs, right?

JM: Well, that is really, you know, we’ve got a very unfortunate patronage problem in the Clerk’s office. Clerk’s office has about 1500 employees and there’s a tremendous amount of political patronage that’s controlled by the party machine. The old way of doing business. We can’t afford to do that anymore. We got to deliver good value to the taxpayers, particularly as we move to electronic systems. It’s no longer a system that can operate with paper where somebody’s job is to stamp paper and then move the pile over to somebody else to stamp something else. It’s now a much more technical job so we need to make sure we’re doing a better, making sure we’re doing a better job of training Clerk staff so that they can digitally record minute orders as I talked about. Make sure that our court records are being kept but that is going to require a lot of training. I have had discussions with the city colleges of Chicago and some of our community colleges to having a new program, a certificate in paralegals, a paralegal certificate for Cook County Courtroom management.

LN: Take the staff and put them through there to actually take the people that are there and make them more efficient by investing in their training.

JM: Correct, correct. So they’d have paralegal certificates in Cook County Courtroom management and that would make sure our systems are very uniform and automated so that everybody who interfaces with the court can rest assured that our court system’s going to operate transparently and efficiently. And so we need to do that, our employees deserve it and I think the public deserves the transparency that that would bring.

LN: Well, thanks for being on the show, Jacob. This has been really great.

JM: Well, thank you for having me. Happy to come back on again.

Other Related Articles on Cook County

More About Cook County Clerk of the Circuit Court

http://www.cookcountyclerkofcourt.org/NewWebsite/Home.aspx

Please follow and like us:

What Constitutes Biometric Data?

Facebook’s record-breaking $5 billion settlement, proves the FTC takes consumer privacy very seriously. Will Facebook’s settlement spark other class-action lawsuits based on claims of privacy abuse relating to the Biometric Information Privacy Act (BIPA)? Forensic Expert Lee Neubecker and attorney David Rownd from Vedder Price discuss the ramifications of this settlement and dissect what really constitutes biometric data?

Part 2 of our 3 Part Series on BIPA

The Video Transcript Follows.

Lee Neubecker (LN): I am back again with David Rownd, and David’s going to talk a little bit more about BIPA. We’re talking about in the news recently, Facebook just reached a very large settlement related to claims of abuse relating to BIPA. What does this mean with such a large settlement? Is this inviting all the plaintiff attorneys to file more and more class-action lawsuits?

David Rownd (DR): Well, this has been a very active area of the law, and yes, the answer is yes. There’s a lot of class actions going on in this area, and it’s largely as a result of the low threshold to become a plaintiff in that you don’t have to establish specific damages, and the mere fact that the law has been violated can make you an aggrieved party who has the standing to file a lawsuit.

LN: Just so we can be clear, can you give some examples of what constitutes BIPA biometric data and what isn’t?

DR: Well, fingerprints are biometric data, a retina scanner, the veins in your hands can be evaluated as biometric data, and other things as well.

LN: What about the way you walk or the way you talk?

DR: Their voice recognition has been considered to be biometric data. Handwriting is not biometric data.

LN: So, devices like Siri and Alexa, is there a potential they’re going to fall into that?

DR: I think that that is certainly a possibility.

LN: So are we going to have to sign a contract before we use Alexa or Siri to protect, for them to be protected?

DR: I wouldn’t propose to advise Siri and Alexa as to how to conduct their business.

LN: Very good answer.

DR: I think that there is a possibility, certainly.

LN: So what do you think the future holds for BIPA-related lawsuits?

DR: Well, this is certainly an opening for plaintiffs lawyers to go after, and you see this in a variety of different areas where the law creates a low threshold to get in the courthouse door and potentially high exposure for defendants. You have plaintiffs lawyers who are attracted to that and they go after it, and that’s currently what’s happening now with BIPA in Illinois and why there are so many lawsuits filed.

LN: And I think it relates to, the fees are based on each instance of biometric data, so potentially you have multiple videos, multiple pictures, this data is stored, and if you can be aggrieved without the data even getting hacked, it’s a very large potential, which is probably why Facebook settled because what it could be much greater. And they probably weighed their risk and decided it made sense to settle.

DR: I think that’s probably right.

LN: Well, thanks again for being on the show, I really appreciate it.

DR: All right, thanks for having me.

View Part 1 of our 3-Part Series on Biometric Data

Part 1 of our 3-Part Series on Biometric Information

Other Related Articles on Biometric Data

FTC’s Press Release on Facebook’s settlement on Biometric Data

https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

If you live in Illinois and use Facebook read this story from WGN, about Biometric Data.

https://wgntv.com/2020/01/30/facebook-may-pay-550-million-to-illinois-users-to-settle-lawsuit/

Please follow and like us:

Optimize eDiscovery With AI

You’re looking for the smoking gun and have tens of thousands of documents to review. Experts Lee Neubecker and ZyLAB’s eDiscovery Director, Jeffrey Wolff say Optimize with AI and make your review easier!

Optimize eDiscovery with AI! Lee Neubecker sets out on a quest to find out what’s happening with Artificial Intelligence as it relates to the eDiscovery review process. Lee visits eDiscovery Director, Jeffrey Wolff from ZyLAB and together they examine how new AI algorithms are coded for priority review and can rank documents for relevance, saving countless hours and dollars for the client. Utilizing new AI will optimize your current eDiscovery process.

Part 2 of 3 Part Series on Smarter Solutions eDiscovery

Part 2 of our 3 Part Series on Smarter Solutions in eDiscovery

Optimize eDiscovery with AI Video Transcript Follows

Lee Neubecker (LN): Hi, I have Jeff Wolff back on the show again from ZyLAB. Jeff, thanks for coming back.

Jeff Wolff (JW): Thank you.

LN: And today we’re going to talk a little bit more about trends in Artificial Intelligence as it relates to eDiscovery and the review process that comes along with that. Jeff, what do you see happening right now with Artificial Intelligence as it relates to the eDiscovery review process?

JW: So what we’ve noticed over time is that, traditionally, Artificial Intelligence was always deemed to be only valid in cases where you had hundreds of thousands or millions of documents. And one of the changes that have happened over the last few years is that the Artificial Intelligence models have gotten so much better than you can now use them for much smaller data sets, and so we evangelize the use of Artificial Intelligence in smaller data sets, even, a thousand documents, you’re going to get a better review, more efficient, and more correct, faster, with AI than you would with a team of reviewers.

LN: So if you have a project and you’re using your platform, let’s say there are a million pages of documents that need to be reviewed. You put a review team on starting that process, and they start categorizing and coding, as they get through the first ten thousand documents, what is your software doing to help make this process more efficient and effective for them?

JW: Sure, so if you’re using traditional, what we call supervised machine learning, that used to be referred to as predictive coding, what our software allows you to do is train a small training batch, so a small sample of the documents, and code them for responsiveness, whether they’re responsive or not responsive. And we’ve made it very easy for users to do that. So, you can create issues, and for each issue, you get two tabs, responsive or not responsive, and you just train, you look through a bunch of training documents and you tag the documents appropriately, and the machine classifier learns, very quickly, what is responsive, what is not responsive. So, maybe after two or at most three training batches, the classifier is now bringing you back almost exclusively responsive documents. It’s already smart enough to do that. And so you only need a few training rounds to get the classifier well over the 80%, typical 80% precision and recall threshold that most attorneys feel is what the human is capable of, but the machine will do 90, 95% precision and recall, so you can be assured, not only are you getting a more efficient and more correct review, but you’re also doing it in a whole lot less time with a whole lot fewer people.

LN: And so, are your algorithms looking for synonyms, and similar phrasing that has equivalent word matches?

JW: It’s a bit of secret sauce. But, yeah, we use a support vector machine-based set of algorithms, kind of the most modern version of machine learning. And it is effective, it understands what our topics that were identified in the document, and what other topics are like them. So that’s how it’s doing an identification. But you’re effectively training in or on that.

LN: So the people using your platform, are they having to necessarily review all of the documents, or are you basically, based on the trained review process, you’re taking that universe of a million, and as they get through it, it’s starting to cluster.

JW: Correct.

LN: There’s a set that, this probably isn’t useful, and you don’t have to look at it, but you can look through it just to see.

JW: Sure.

LN: They have confidence that it’s not excluding relevant stuff, right?

JW: Yeah. What we find from an AI standpoint is that the two primary use cases that attorneys have when they use AI are priority review, so that means hey, I’m going to start teaching the data about, the classifier about my data set, and I’m going to show what responsive documents look like, and then I want it to rank all the remaining documents for me for relevance. And so I’m going to then put eyes on those top-ranking documents. That’s effectively looking for the smoking gun, right? That’s one. But they also use it a lot for QC and this is where I see I’m trying to put a lot more attorneys into utilizing AI, is you’ve already done your tagging, and you had eyes on all of your documents, now go back and use the AI and compare it against what your human reviewers did, and see if you’ve missed things. Because inevitably, your reviewers are not going to be all at the same level. Some people are going to miss-tag documents, and the AI has a really good chance of picking up those mistakes and showing them to you.

LN: So have there been any published studies that document the effectiveness of AI with the review process?

JW: There’s been a bunch of them. I know Law Geeks did one that was pretty interesting. What I’ve read recently is that only about, nationally, about 4% of all cases use Artificial Intelligence officially. But then again, there’s no requirement, in the meet and confer that you identify that you are using Artificial Intelligence in a discovery case. So a lot of attorneys can be used, and just not reporting it. Which is fine, because back when the review was manual, and you went through paper and bankers boxes, you didn’t have to document the process for that review. So why should you have to document the fact that you using a machine to do some of the identification of documents and responsiveness today?

LN: So are there potential problems as a result of using AI for failing to produce relevant documents?

JW: No, I think the case law already demonstrates that AI is an accepted form of using, of identifying reviewed documents, and again, even if you’re just using it for QC purposes, you’re still better off. You’re still less likely to miss things than if you hadn’t used it at all.

LN: Great, well, it’s been great. Thanks a bunch for being on the show.

JW: My pleasure, my pleasure.

View Part 1 of our 3 Part Series on Smarter Solutions in eDiscovery

Part 1 of our 3 Part Series about Smarter Solutions and eDiscovery

Other Articles about Artificial Intelligence (AI)

More related articles

To Learn More about ZyLAB’s Ability to Optimize eDiscovery With AI

https://www.zylab.com/

Please follow and like us:

FDA Cybersecurity Regulations: Medical Devices

A cardiac pacemaker is a lifesaver for many and is considered an implantable medical device. The FDA imposes regulations to protect these devices. Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine FDA Quality System Regulations, ISO standards, and FDA guidelines used by Sterling Medical Devices that are good manufacturing practices.

FDA Cybersecurity regulations in medical devices is a tough topic! Consider the cardiac pacemaker, probably the most notable life-saving implantable medical device. Did you know that it is operated by a computer chip? Just like any other computer they can be vulnerable to cybersecurity breaches.

Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine the FDA’s Cybersecurity quality system regulations, ISO standards, and guidelines followed by Sterling Medical Devices to ensure cybersecurity for all their devices.

Tune in to Part 2 of our 3 Part Series on Medical Devices

The FDA Cybersecurity Regulations: Medical Devices Video Transcript Follows.

Lee Neubecker (LN): Hi, I’m back on the show today with Keith Handler, Keith, thanks for being back on.

Keith Handler (KH): Thanks again for having me.

LN: And Keith, again, is from Sterling Medical Devices, and today we’re going to talk about what measures are in place, that the FDA imposes to help ensure cybersecurity on medical devices, especially safety of PHI, and safety of the operation of those devices for end-users. Thanks again for being here.

KH: Yeah, thanks for having me. So, cybersecurity. It’s a tough topic, and the FDA is still figuring out how exactly to deal with it. They have issued guidance that attempts to categorize how high the risk is of cybersecurity for a device and the basic standards you need to follow in designing, and testing, and documenting your processes for developing that device. That guidance is currently how we generally implement most of our analysis processes and controls. The FDA has chosen to recognize certain certifications, such as UL 2100-1-2.

LN: And what is UL 2100-1?

KH: 2100-1 is a certification for network-connected systems, as far as cybersecurity is concerned, and 2100-1-2 is a subset of that standard, specifically for medical devices connected to the internet or a network. Mostly that standard follows the 2100-1, with a couple of modifications, based on the fact that medical is safety-related.

LN: Have you seen any changes in the standard since the WannaCry attack that took out a lot of the UK hospitals?

KH: Nothing that I can point to specifically. You know, that really comes down to changing specific vulnerabilities, our knowledge about them, and the attack vectors that we know that are capable of executing these things, cataloging them, making sure that we plan for them in future designs.

LN: So I know Bluetooth is a protocol that’s vulnerable to exploitation. I think at one point in time, there was a warning that everyone should take their pacemaker and get it updated. Were you familiar with that?

KH: Yes.

LN: Can you tell people a little bit more about what happened?

KH: Yeah, well, in that specific case, I’m not actually 100% sure what occurred there, but most of the time your issues are, with a lack of authentication, a lack of encryption, you need to be sure that what the device is talking to on the other end is exactly who they expect it to be, what they expect it to be, and you have to make sure that that communication is secured and unchanged, unaltered. Typically, that’s done by using specific security libraries, integrating them in careful ways, making sure that all communication over the wire is encrypted, things like an asynchronous key generation.

LN: I think, just from my memory of events, one of the problems they discovered is that these protocols, there’s a period of time before authentication occurs, in the preamble when there’s broadcast of the Mac address, the wireless name, and whatnot, where there’s a potential to create an overflow situation, to actually compromise a device before encryption and authentication occurs.

KH: Yes, in certain system designs it is that way.

LN: And, unfortunately, these protocols are, you know, they’re everywhere. So, at the time, I believe that the chip makers and various equipment providers, not just only in the medical area, but across the board, had to create fixes that help protect against these types of cyber-attacks.

KH: Yes.

LN: So, you were talking about UL 2100-1-2, what about TIR57? Can you explain what that is?

KH: So, AAMI TIR57 describes how to marry up the processes of medical safety risk analysis and security analysis. It’s an attempt to show that the security analysis process is actually very similar and very familiar for anybody that’s done the safety risk analysis before. More of less, it takes ISO 14971 and applies security risk management to it with a mix of a little bit of some NIST standards in as well. But the general idea is to really categorize what assets you’re protecting in your system, and the known vulnerabilities that your system has, and then from there, you attempt to determine a list of known attack vectors and categorize the profiles of your possible attackers. With a combination of that type of information, you can assess what the real vulnerabilities and risks are for your system, and design in controls, from the ground up, to make sure that you’ve protected against them.

LN: Yeah, well, this is really fascinating stuff. I appreciate you being on the show, and I look forward to our next segment talking more about cybersecurity and how to keep these devices safe.

KH: Thanks again for having me, Lee.

Don’t Miss Part 1 of this 3-Part Series on Medical Devices

Part 1 of the 3-Part Series on Medical Devices

View Related Articles

To Learn More About Sterling Medical Devices

https://sterlingmedicaldevices.com/company/

FDA Cybersecurity Medical Devices Regulations

https://www.fda.gov/medical-devices/digital-health/cybersecurity

Please follow and like us:

AI Trends in the Legal Industry

AI trends in the Legal Industry is revolutionizing data, and whittling down the amount of paperwork involved in legal practice. Lee Neubecker and DISCO’s Cat Casey discuss trends in the legal industry.

Paper death! Legal professionals get buried in a mountain of paperwork. Artificial Intelligence (AI) replaces that mountain of paper with cloud-based apps and whittles down costs. What’s new in Artificial Intelligence (AI) as it relates to the legal industry? Check out this video as Forensic Expert Lee Neubecker and DISCO’s Information Officer Catherine “Cat” Casey talk through AI trends in the legal industry.

View Part 2 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry

Artificial Intelligence (AI) in the Legal Industry

The video transcript AI Trends in the Legal Industry follows:

Lee Neubecker: Hi, I’m back here again with Cat Casey from CS Disco. Thanks for coming back again.

Cat Casey: My total pleasure.

LN: We’re going to continue our conversation in this multipart series. This time, we’re talking about artificial intelligence and the trends impacting the legal industry and the whole eDiscovery industry as well.

CC: Absolutely, so in my role at Disco, I’m chief innovation officer, and one of the things I’m tasked with doing, both now and in my prior roles, is going out and figuring out what’s going on in the market, and what we’re seeing is AI written everywhere. Sometimes it’s true AI, sometimes it’s not, but what we are seeing is people want to find evidence faster. People want to eliminate those low-hanging tasks that aren’t the practice of law. And so, we’re seeing a lot of tools that are driving efficiency both in practice management and litigation management and in finding evidence.

LN: So where do you see we’ve gone in the last few years with AI in terms of advancements and providing products for the review process?

CC: When we first, I think, announced AI about 2006, seven, eight, nine, I was working as a channel partner with the company that patented the word predictive coding. That was the first AI model in eDiscovery and people liked it. They didn’t really want to use it. They were nervous. What I’ve seen is not only has the process improved instead of TAR 1.0, where you have a sample, you make decisions, and then, the algorithm might learn, we have continual models. So the tools got better, but the appetite to use them has increased dramatically, I think, in the last 18 months, because data’s getting very big, very complicated, and no amount of money or time is enough to actually get through it without using this sort of technology.

LN: So are you seeing that other messaging platforms are starting to become more a part of this process, like Slack?

CC: Oh, yeah.

LN: You’ve got all kinds of other messaging platforms, WhatsApp.

CC: Weird data is the new normal and I noticed it starting, I’ve been at Disco about a year, so starting my last 18 months at Gibson Dunn, where it used to be, okay, email, maybe text. That’s all I got to worry about. No, no, no, now I’m dealing with ephemeral messaging, which is self-destructing text messages. I’m dealing with collaboration tools like Slack and Messenger and Teams and each one of these tools has a challenge in terms of formatting the data, being able to review it, and relating it. Think of a given day. This morning, I was on Slack, then I was answering text messages, then I had a phone call, then I sent an email, then I went back to my Slack channel. That was before I got out of bed and if you want to recreate kind of this digital footprint of what people are doing, you need to have all of that info. And so, finding tools and partners that can deal with it is paramount.

LN: So does your platform at Disco, does it have APIs and import specs that match upon those alternate data streams?

CC: We do to a degree. We also do kind of a middleware layer of parsing and creating a new visualization, like say from a JSON file for Slack, we recreate that in our ecosystem and render it the way you would’ve seen it in the Slack dialogue box. And so, we’re developing more of those direct APIs of a 365 box, but we’ve worked on the visualization and ensuring that the data we receive is reviewable, usable, and easily rendered, so.

LN: Now, it’s interesting when we’ve collected cellphone data, we’ve used some of the popular tools on the market and the output of the data isn’t necessarily always easy for the attorneys to review. And what we’ve done is we’ve often taken the spreadsheet output of text.

CC: Oh yeah, yeah.

LN: So what are some of the challenges you see facing AI and its adoption over the next few years?

CC: Like with everything, it’s fear and desire. People desire the outcome of finding stuff faster, being able to practice law, but no attorney went to law school to play with relational databases and lambda calculus. I didn’t. And so, what ends up happening is there’s a fear of the unknown and a fear of explaining something to a judge who maybe didn’t even use a laptop when he was going to law school, probably didn’t. So there is a fear of using technology that folks don’t understand, a fear of explaining it, and that’s when having the right partner, the right person to testify, the right person to navigate you through this becomes so important.

LN: Have you seen much, part of my practice deals with patient electronic medical records?

CC: Oh yeah, yeah.

LN: And patient audit trails of EMR, electronic medical records.

CC: Oh, yeah.

LN: Usually, those records aren’t quite like an email thread. They’re more cryptic. They’re more accustomed to the specific platform the hospital’s use. Have you seen many of those cases come in where they’re pulling in the charts and various transcripts from the physicians and whatnot?

CC: I haven’t run into that as much at Disco, but when I was at PWC, we were doing very complex multilayer investigations, and so, we would have, sometimes, medical charts. Sometimes we would have trade databases and so, marrying and creating a story between that structured data and the unstructured data was always very challenging and very bespoke, and there’s some tech that’s beginning to create a unified place to do that. We’re looking in to do that as well, but it’s very hard to take that weirdly formatted data and render it in a way that then ties to what the humans are saying and then, help you get those facts to build your case.

LN: That’s great. Well, this has been great. In our next segment, we’ll be talking a little bit more about artificial intelligence and some of the potential challenges and impacts for organizations that don’t get on board. So thanks for coming on again.

CC: My pleasure.

View Part 1 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry

Part 1 in our Three-Part Series about Artificial Intelligence (AI) in the Legal Industry

View Other related blogs from Enigma Forensics.com

Artificial Intelligence (AI) Plays an Important Role in EMR Audit Trails
Artificial Intelligence (AI) in Hospitals
Artificial Intelligence (AI) in the Energy Sector

View DISCO’s website and receive a free demo

https://www.csdisco.com/

View Law Technology Today LTT as it reviews AI trends in the Legal Industry

Please follow and like us:

Data Breach Response Experts

Chicago Tribune reported, “US says Chinese military behind Equifax breach that stole Americans’ personal data” Data Breach Response Experts Lee Neubecker and Kari Rollins say “Data Breach is inevitable!” They give us advice on how to prepare.

Sedona Conference Incident Response Guide

It is not a question of if you will fall victim to a Data Breach incident, it is when. Organizations large and small need to be ready for when cybercrime strikes. Data Breach Response Experts Lee Neubecker and Kari Rollins know how to prepare for a data breach without breaking the bank. Kari is a partner in the Intellectual Property Practice Group for Sheppard Mullin in New York, and also a member of the Sedona Conference, Working 11 group. Kari describes the Sedona Working 11 as a group of Cyber Breach Experts who design tools and how-to resources that are available to the general public through the Sedona Conference website. The Sedona Conference is a nonprofit research and educational institute that brings together jurists, lawyers, experts, and academics. Kari and Lee share their combined knowledge and talk about the options available to small to midsize companies that may not have the resources in-house necessary to respond to a data breach incident.

Watch Part 1 of our 3 Part Series on Data Breach Readiness follow:

Kari Rollins and Lee Neubecker discuss Data Breach: Sedona Conference

The Video Transcript of Data Breach Response Experts Kari Rollins and Lee Neubecker Follows

Lee Neubecker (LN): Hi, I’m here today with Kari Rollins. She’s the co-managing partner of the New York office of Sheppard Mullins. Thanks for being on the show.

Kari Rollins (KR): Thank you for having me.

LN: And I had Kari, she’s a specialist in the whole area of privacy related litigation involving data breaches and personal information and what not. She’s also a member of the Sedona Conference. Could you tell everyone a little bit about what the Sedona Conference does?

KR: Sure, so the Working Group 11 is the Working Group that is dedicated to helping companies and other practitioners understand some of the hot topics and legal issues in data privacy and cybersecurity today that are rapidly evolving as the laws in that area change. And the Sedona Conference itself is dedicated to pulling together practitioners from private sector, public sector, judges, regulatory authorities who all come to talk about their experiences in these different specialized areas so that it you know, you have a knowledge base with a wide variety of perspectives.

LN: Great and so I asked you to come on to talk a little bit about the data breach incident response guide that the conference came up with. Can you tell us what this is about?

KR: Sure, so as a member of the Working Group 11, several of us at the request of Sedona Conference came together to put together what our views were on how to handle a data breach, or an incident response from the very beginning of the breach life cycle, i.e. planning for and anticipating a breach, through the breach investigation itself and even thinking about issues that may be implicated in a post-breach regulatory inquiry and how companies can best defend themselves and prepare for what is now today, the inevitable, a data incident.

LN: So this is a free resource available to anyone?

KR: It is a resource available to anyone. It’s really a practitioner’s guide. We think this is probably best used by small to midsize companies who may not have the resources or staff in-house, legal staff in-house dedicated to responding to incidents. And it’s, though it can be used by any practitioner, any counsel, any type of company, we do expect that this is probably something that would be useful to small to midsize companies as really a guideline and material to help them issue spot and understand what are the issues in incident response? What should I be concerned about? What are the pitfalls? What am I going to need to be on the lookout for?

LN: Great, and if people want more information about this or want to download the guide, where can they obtain it from?

KR: They can go directly to the Sedona Conference website. There are, there are publications that are, in the publication section of the sedonaconference.org website, it will have all of the various publications including this one, “The Sedona Conference Incident Response Guide,” and you can download and access the publications there.

LN: Great, so in our next segment, we’re going to be talking a little bit about what should be done before a data breach happens.

KR: Right.

LN: And then in our third segment, we’ll talk a little bit about okay, the data breach happened or an incident happened, what do you need to do to respond? So watch those segments and tune in again. Thanks Kari for being on.

KR: Thank you.

View Related Articles here

Forensic Experts Can Form a Response
How the Energy Industry Responds to a Cyber Breach.
How Hospitals Respond to a Data Breach
Lee Neubecker Presents on Infrastructure Vulnerabilities
Be Prepared and Know Your Companies Vulverabilites
Select a Computer Forensic Expert Before a Data Breach Incident

More Information about Kari Rollins and Sheppard Mullin

https://www.sheppardmullin.com/krollins

View The Sedona Conference Website

https://thesedonaconference.org/

https://thesedonaconference.org/download-publication?fid=4860

Other Resources on the Web Helping Organizations Prepare and Defend Against Cyber Attacks and Data Breaches

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf

https://www.nccoe.nist.gov/sites/default/files/library/project-descriptions/dc-drr-project-description-draft.pdf

https://www.ready.gov/cybersecurity

https://www.cisa.gov/national-cyber-exercise-and-planning-program

Please follow and like us:

BIPA: How it May Affect You

Does your employer require your fingerprint when you clock in for work? That fingerprint is considered private biometric information. BIPA is the Illinois law that protects its use. Experts Lee Neubecker and David Rownd share how this law affects employers that have Illinois based employees.

Biometric Information Privacy Act (BIPA) is a law that covers the employer’s use of biometric information of its employees. Biometrics are the physiological means to gather an individual’s uniqueness. The oldest most widely used is a fingerprint but other biometric identifiers may be also used such as; facial recognition, photos, retina scan, voice recognition, ear shape, and hand scans all are considered private biometric information. The Illinois BIPA law is designed to govern, secure, store and prohibit the sale of biometric information. Forensic Expert Lee Neubecker and David Rownd from Vedder Price discuss how BIPA may affect employers that have satellite offices in Illinois.

Part 1 of a 3 Part Series on Illinois’ Biometric Information Protection Act

The Video Transcript on BIPA: How It May Affect Employers in Illinois.

Lee Neubecker (LN): Hi I am here again with David Rownd from Vedder Price. Thanks for being on the show David

David Rownd (DR): Thanks for having me

LN: David is an attorney that specializes in defending class action lawsuits also employment litigation, trade secret theft, and misappropriation. I asked him to come on the show today to talk a little bit about BIPA which is the Illinois Biometric Information Protection Act and specifically he deals with a lot of trading security-related financial services firms and since that law applies to Illinois and many trading firms in New York have satellite offices I wanted him to talk a little bit about the act and some of the concerns that employers should have if they have employees working in Illinois. So, David, can you tell us a little bit about BIPA what it is and what it entails?

DR: Basically it covers the employers use of biometric information of its employees and this can be a retinal scan it can be a fingerprint it can be a number of different things and it can be used for time cards access to the workplace and things like that and employers are using biometric information because its an easy way to keep track of employees. However, it is also a privacy issue and that’s where the BIPA comes in and BIPA is intended to regulate employers ability to utilize biometric information and put certain requirements on them for notifying employees they are using it and notifying employees why they are using it keeping written records of the biometric information and it specifically prohibits the sale of biometric information to third parties.

LN: It’s especially troublesome too because if you lose your biometric unique identifiers you can’t necessarily get those back unlike a social security number you could replace a social security number but if someone is able to copy your retina scan your fingerprints what not it could cause a lot of permanent damage.

DR: That’s true you only get one of those things

LN: So we will be talking later in the series next well be talking a little bit about what employers should do before they land in trouble with BIPA to help protect against finding themselves embroiled in litigation and then finally we’ll talk a little bit about some of the national happenings with Facebook and other entities who have been en snagged in the BIPA trap and we’ll conclude with there so thanks for being on the show today.

DR: Oh thanks for having me.

View related Employment Litigation articles on our website.

EMR or Electronic Medical Records May Contain Private Biometric Information
Forensic Data Collection can be used in cases where ESI is breached or stolen
Private Biometric Information is Electronically Stored Information (ESI) and governed by BIPA
An individual’s photo is considered biometric information.

Employment Litigation articles

Learn More about Illinois BIPA Litigation

http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57

Protection under BIPA

https://www.vedderprice.com/

Please follow and like us:

AI Smarter Solutions: eDiscovery

Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.

Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.

In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.

Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.

The video transcript of AI Smarter Solutions: eDiscovery follows.

Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.

Jeff Wolff: Thank you.

LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.

JW: Sure.

LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.

JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.

LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.

JW: Right.

LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?

JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.

LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?

JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.

LN: Yeah.

JW: Same thing with data privacy.

LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,

JW: Yep.

LN: and even corporations.

JW: Yes.

LN: So what do you see happening over the next few years with the adoption of AI platforms?

JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.

LN: Yeah.

JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.

LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.

JW: Mmhmm.

LN: The companies that are using tools that are more of a channel partner tool to resell.

JW: Yes.

LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?

JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.

LN: Well, this has been great. Thanks a bunch for being on the show.

Lee Neubecker: Thank you again.

LN: Take care.

JW: Bye bye.

View related articles on Artificial Intelligence

Artificial Intelligence (AI): Medical Data
Artificial Intelligence (AI) Re-inventing Legal Technology
Artificial Intelligence (AI) eDiscovery
Litigation & Computer Forensic Experts
Cyber Security & Artificial Intelligence (AI)
Artificial Intelligence (AI) Assists in Cyber Security

View ZyLAB’s for more information on (AI) Smart Solutions: eDiscovery

https://www.zylab.com/en/product/artificial-intelligence

View Law Technology Today’s article on Artificial Intelligence (AI)

Please follow and like us:

Medical Device Security Challenges

Behind lifesaving medical devices are Cyber Experts hard at work to secure and protect Patient Health Information (PHI). Check out this video on securing medical devices.

Cutting edge medical devices save lives! Not only do they save lives but they carry a vector of complicated communications and a unique set of security challenges. Cyber Security Expert Lee Neubecker, sits down with Sterling Medical Device’s top engineer, Keith Handler who develops cyber protection and security for their client’s medical devices.

Sterling Medical Devices helps companies design and develop mechanical & electronic medical devices and follows them through FDA approval. The conversation is educational and important to those interested in knowing how medical devices are cyber protected and secured. In this video, they outline the concerns that relate to the control, security, and confidentiality of the patient’s health information (PHI) when using these medical devices.

The transcript of Part 1 of our Series in Medical Device Security

Lee Neubecker: Hi, I have Kieth Handler here on my show from Sterling Medical Devices. Keith is a top engineer here that helps ensure cybersecurity and resilience and protection of medical devices of their clients. They help assist through the FDA certification process. Keith, thank you, thank you for being on my show.

Keith Handler: Thanks for having me, Lee.

LN: So can you tell me a little bit about what your firm does and how it helps clients in cybersphere?

KH: Yeah, sure. Sterling Medical Devices is a 13485 certified product development firm. We help various companies design and develop electro-mechanical medical devices. Pretty much from, anything from concept all the way to submission to the FDA.

LN: So, can you tell everyone what, ISO…?

KH: 13485?

LN: 13485 Certification means?

KH: Yes that is, that is the ISO standard that defines the product development and manufacture of medical devices. It defines all the processes that we generally run our business by.

LN: Okay, so what are some of the concerns that you have as it relates to the patient personalized information, sometimes known as PHI? Is that right?

KH: Yeah, patient help information, that’s correct. Well, you know, our first concern, of course, with any medical device is safe. We want to make sure that the devices are treating patients as intended and not presenting any undue harm to the patient or anybody else. The second thing is the Patient Help Information. It’s very important that we maintain confidentiality for all patients, in any of these systems. Diagnostics, their personal information, all need to be protected.

LN: These devices, they have PHI, they also have, they also are involved with the generation of electronic medical records, known as EMR, that feed into the various hospital systems that are used to provide and deliver healthcare to users. As it relates to this, what are some of the top concerns that you try to address as it pertains to safety for your clients?

KH: Well, when it comes to information or command and control that can be done remotely on a device, it’s again important to maintain the integrity of those communications, and to protect everything there. One of the hardest aspects, I would say, is integrating a medical device into a larger hospital system. We may have control over the confidentiality of the information, and of the commands that are sent and received within a device, but as soon as we connect to an external system we lose control of that data. So, it becomes a unique challenge to try and make sure we are protecting, and not only in our system but also in any system ours might integrate with.

LN: Yeah, and there’s such a myriad of ways devices connect, Bluetooth, wifi–

KH: Yes.

LN: I’m not sure if medical devices use infrared or–

KH: Yes.

LN: Near band communication, but there are all these vectors of communication that create new threats and potentials for compromise.

KH: And typically medical hardware is pretty cutting edge, you know, some of the things that they’re trying to treat now still can’t. So all of these things that you’re bringing up, all exist in medical, all need to be protected.

LN: Great, so in our next segment we’ll be talking a little bit more about the FDA, the certification process, and some of the standards that devices might undergo to help ensure adoption by the FDA, and to make them commercially viable to be sold in the United States. And then, in our third segment, we’ll talk more about protecting devices against cyber compromise, the firmware and software that gets embedded into these devices, and other things that should be done to help keep medical devices safe and secure. Thanks for being on the show today.

KH: Thanks again for having me, Lee.

Related Materials on Medical Malpractice

Forensic Imaging

See more about Sterling Medical Devices on their website.

https://sterlingmedicaldevices.com/

See other related websites for more information about Medical Device security.

FDA ISO Standards

https://www.iso.org/standards.html

FDA Medical Device Cybersecurity Guidelines

https://www.fda.gov/medical-devices/digital-health/cybersecurity

Please follow and like us: