\\\[BrieFing\\\]
  API opens Medicare claims data
   ReadMe
What: The National Institute of Standards and Technology’s draft “Interagency Report on Status
of International Cybersecurity Standardization for the Internet of Things.”
Why: Given its power to transform nearly all aspects of modern society, IoT “brings cybersecurity risks that pose a signi cant threat to the nation,” the NIST report states. It seeks to help policymakers, managers and organizations develop and standardize IoT components, systems and services.
Findings: Among other things, NIST recommends:
• De ning IoT as a concept based on components that interact with the physical world and have data storage, networking, processing and sensing capabilities.
• Listing and summarizing core areas of cybersecurity, including encryption, digital signatures, hardware assurance, identity and access management, network security, security automation and continuous monitoring, and supply chain risk management.
• Describing IoT cybersecurity objectives, risks and threats.
• Presenting a matrix of the status of the major IoT cybersecurity standards and how they map to the core areas and applications.
* Listing several possible standards gaps, such as applying blockchain technology to IoT security and best practices for avoiding malware in software and  rmware.
Full report: is.gd/GCN_NIST
BY ADAM MAZMANIAN
A new application programming interface will allow Medicare beneficiaries to easily download and share their health data.
The Centers for Medicare and Medicaid Services’ Blue Button 2.0 features an API that lets program beneficiaries choose to share their patient data with vetted apps that track medical visits, drug effectiveness, fitness and more. They can also
share their information with medical researchers, potentially providing access to data on a significant share of Medicare’s 53 million patients.
The first iteration of Blue Button allowed participating patients to
download claims data as flat files.
In October 2017, CMS previewed Blue
Button API using synthetic data. Since then, it has been vetting developers
to build integrations that use Blue Button data in health apps. Inaugural participants include Google’s Verily
Life Sciences, the genetic testing firm 23andMe and online pharmacy PillPack.
The siloed nature of medical
record systems makes it hard for health practitioners to be sure they are getting a patient’s entire medical history. Niall Brennan, former chief data officer at CMS, said the Medicare claims API is a game-changer because it offers a solution to the persistent problem of electronic health records interoperability. •
Using smartphone photos for authentication
BY MATT LEONARD
A new authentication option for smartphones could defeat three of
the most common tactics used by cybercriminals: fingerprint forgery, man-in-the-middle and replay attacks.
Every smartphone camera has unique digital fingerprints that it leaves behind on photos. Researchers at the University at Buffalo are using that photo-response non-uniformity (PRNU) information to identify smartphones by examining just one photo taken by the device.
The researchers found the process to be 99.5 percent accurate in tests involving 16,000 images.
To use the technique, users
would register their smartphone by providing a photo to a site they want to securely access — for example, for online banking or shopping. To authenticate their identity during
a transaction, users would open an app and take a picture of a QR code displayed on an ATM screen or other device so that the organization could compare it with the PRNU component of the original photograph.
Although the technology is not yet publicly available, it was presented at the 2018 Network and Distributed System Security Symposium. •
 10 GCN FEBRUARY/MARCH 2018 • GCN.COM
UNIVERSITY OF BUFFALO