Hospitals straddle a unique crossroads in terms of cybersecurity, crime and potentially, terror. In spite of a rapid shift to computerized prescriptions and electronic records, the hospital business is inherently complex, marked by privacy constraints as well as legacy IT infrastructure. In an era of cost cuts, hospital managers have also been tempted more by imaging scanners and surgical robots, rather than (invisible) firewalls and encryption systems.

by Ashutosh Sheshabalaya and Antonio Bras Monteiro

UCLA 2014: six years after Britney Spears, access still unhindered
As recently as 2014, after a massive hack, one of the world’s most prestigious hospitals, at the University of California Los Angeles (UCLA), acknowledged that its patient data was not encrypted.
At stake was data on 4.5 million patients, some dating to 1990. Six years previously, UCLA had paid out $865,000 ( Euro 778,000) after an employee stole medical data on celebrities including singer Britney Spears and actress Farah Fawcett, and put them up for sale.

Situation challenging in both US and Europe
Many hospitals are accepting they have a serious cybersecurity problem on their hands. This follows mounting public concern – especially in the US – about growth in hospital data theft.
Although American politicians have called for emulating some of Europe’s medical data security practices, the European situation hardly justifies complacence, as we shall see.

Data on 80 million patients hacked, 9.3 million offered for sale
In the broadest terms, healthcare lags other economic sectors in terms of information security. In the US, healthcare accounted for three of the top seven security breaches in 2015. During the year, just one hacking incident at insurer Anthem Inc. potentially compromised medical data on 80 million Americans.
The situation has since worsened. In June 2016, Baltimore-based privacy monitor Protenus reported a staggering 11 million patient records stolen in 29 incidents (24 at hospitals).
During the month, one hacker made two back-to-back online sale offers – for 655,000 medical records, followed a few weeks later by 9.3 million records. The numbers are of course impressive. However, as the hacker underlined to DarkNet news aggregator DeepDotWeb, this was only a start. ‘A lot more,’ he said, was still ‘to come.’

Identity theft – from drugs, explosives and insurance claims to duplicated you-and-me
One of the biggest risks is identity theft. Data on patients, including names, birth dates, social security and insurance policy numbers, diagnostic, treatment and credit card information, can be misused in several ways. Criminals also have an easy choice. If a target refuses to pay ransom, hackers can still sell the data.
Stolen IDs are used to buy drugs and equipment for resale, or to make insurance claims. Certain prescription medicines can be converted into synthetic addictive drugs, or especially potent explosives.
A basic identify kit sells for $1,500 ( Euro 1,350), though certain medical data can raise the price dramatically. This compares to the couple of dollars sought for basic credit card information. Identity kit data can be used to professionally forge follow-on credentials such as new credit cards and lines of credit, insurance and social security subscriptions, driving licenses, marriage certificates (for illegal immigrants) and passports.
Giving criminals the luxury of time, medical identity theft is seldom noticed quickly, again unlike credit cards. Personal medical information, moreover, can be tailored to follow up with blackmail and other kinds of demands.

A fast-growing and expensive problem
A February 2015 study by Ponemon Institute, a think-tank on data protection, shows US identity theft rising annually at about 20% since 2012. An estimated 2.3 million adults were affected by medical identity theft in 2014, up from 1.4 million in 2009.
The cost to patients is substantial. Ponemon found medical identity theft costing an average of $13,500 ( Euro 12,150)in out-of-pocket legal expenses and financial losses.

Endangering patients
Beyond costs lie other dangers. These are often exacerbated by delays in hospitals informing patients about medical data theft. As we shall see, such a lapse is hardly rare, and victims can end up with a thief’s health data incorporated into their own. A patient record may show a diabetic as being diabetes free, with other misinformation about allergies or blood type being potentially fatal.
Reversing this is not always straightforward.
In summer 2015, the Wall Street Journal’ reported an identity theft at Centerpoint Medical in Independence, Missouri, leading to erroneous billing about a non-existent injury. Although the error was pointed out to the hospital in January 2014, the hospital and a collections agency remained in hot pursuit until the year end for payments – and interest.
The intervention by the influential US newspaper led to Centerpoint dropping the bills and charges. However, when the (real) patient’s record was found to contain wrong information about an allergy, a review was not permitted, in order to protect the thief’s health information – covered by the privacy provisions of HIPAA (Health Insurance Portability and Accountability Act).

USBs, laptops – physical theft remains a major problem
In spite of such growing threat awareness, the risk management spectrum remains immature. Most hospitals lack protocols to prevent data transfer to small, high-capacity USB sticks and CD-ROMs, or control access for laptops. Indeed, Department of Health and Human Services (HHS) data show that over 40% of US medical data breaches involve portable media devices.
One good example is Chicago’s Advocate Medical Group where a laptop theft from an unmonitored’ room in 2013 led to the loss of data, including social security numbers, on 4 million people. Advocate Medical took one month to notify patients, although many faced a clear risk of identity theft.

No encryption, not even passwords
One year previously, Howard University Hospital notified 35,000 patients that their medical data had been compromised, after a contractor at the hospital downloaded files onto a personal laptop, which was then stolen. The data, included names, addresses, Social Security numbers and medical information. It was password-protected but unencrypted.
Several non-technical hospital staff, unfortunately, remain unaware about this crucial difference.
For example, at the end of 2013, Kaiser Permanente’s Anaheim Medical Center reported a breach of 49,000 records from an unencrypted, missing USB drive. A similar situation occurred again in May 2016 after 29,000 emergency room patient records were compromised at Indiana University’s Arnett Hospital, after being accidentally’ downloaded to a USB drive. This time the data was neither encrypted nor password protected.

Europe has similar problems as US
The situation in Europe, too, is hardly encouraging. As far back as 2007, Britain’s Nottingham University Hospitals Trust faced the theft of a USB stick with patient data from a doctor. The theft came to light after a whistle-blower wrote to the British Medical Journal’ and noted that it was common for doctors to carry patient data around on USB sticks in order to permit patient hand-overs. Although the Trust’s policy required confidential data storage on USB sticks to be limited to 128-bit encryption and be used solely on hospital computers, only the naive (continue to) believe that enforcing such a policy is possible.
One year later, a manager at Colchester Hospital in Essex was sacked after his laptop containing medical data was stolen by thieves who broke into his car while he holidayed in Edinburgh. At the time, the hospital’s CEO said the sacking was a clear endorsement about ‘how seriously’ he took ‘security and patient confidentiality.’ However, there was no explanation about why private medical data was present, and then too in an unencrypted form, on the laptop of a holidaying executive, when it could well have been accessed via a secure online network.

Theft of laptop with 8.3 million (unencrypted) UK records
The quantity of physical data theft from UK hospitals also continues to grow, even as security practices remain stuck. In 2011, an (unencrypted) laptop was stolen from an (unlocked) office in the headquarters of Central London NHS (National Health Service). The laptop contained hospital records of 8.3 million identifiable patients.
Overall, according to an investigation by Pulse’ magazine, 55 UK hospitals have reported breaches, including records dumped in public places, or provided to the wrong patients.
The lack of a risk management policy was demonstrated emphatically in April 2014. In spite of claims that the (massive) UK national records database ‘has never been compromised,’ Freedom of Information disclosures showed four serious medical data security breaches since 2009.

French hospitals: laconic about cybercrime
France, too, is in a similar quandary. It is implementing a single national medical database with information on 66 million residents. This complements an electronic medical record (known as DMP 2) with open architecture to make it easier for sharing data among hospitals and healthcare professionals.
In May 2016, the journal Le Nouvel Observateur’ noted though several French hospitals had been targeted by cybercriminals, there was a deafening silence about the issue. In addition, it said, there was little clarity about whether patients would be informed in case of a data breach. What was especially alarming was that only 50 experts were responsible for computer security at 1,000 French hospitals.

US Senate tightens the screws at end of 2012
In the US, meanwhile, although the privacy of medical health data is codified by HIPAA and reporting rules from 2009 require hospitals to notify both the authorities and the media if a data breach affects 500 or more patients, there are no requirements for criminal prosecution.
Until November 2012, in spite of more than 22,000 complaints about HIPAA privacy violations, the US government imposed just one fine. During that month, after a particularly feverish spell of attacks, the US Senate took HHS to task in a public hearing. By June 2013, HHS had made fines of over $1.5 million ( Euro 1.35 million).

Howard University hospital attacked twice in 2012
2012, the year of the Senate hearings, was clearly a turning point in US attention to medical data safety.
In May, prosecutors charged Laurie Napper, a technician at Howard University Hospital for using her position at the hospital to gain access to patients’ names, addresses and Medicare numbers and selling this information. This was barely a few months after the same hospital had notified 35,000 patients about their medical data being compromised.

US military medical records compromised
In November 2012, TRICARE, the health insurer for the US military, announced the theft of backup computer tapes with 5 million names, Social Security numbers, and, in some cases, clinical notes and lab test results. The fact that these records also contained the home addresses of military personnel added another category of security risk to the theft.

Whether due to larger fines for medical privacy violations and/or a fast-growing number of cybercriminals, Ponemon Institute found that 40% of US healthcare organizations reported a criminal cyber attack in 2013, twice the level of 20%
in 2009.

After Chinese attack, FBI heightens attention to hospital cybersecurity
One key development has been the FBI’s entry in 2014 into hospital cybersecurity. One of the trigger events was a theft by Chinese hackers of data on 4.5 million patients held by one of the US’ largest hospital operators, Community Health Systems Inc.
Soon after, as noted previously, US health insurance giant Anthem Inc. reported what may be the biggest medical record hack in the world. Anthem holds data on 80 million Americans, including names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as diagnostic and medical/surgical procedural data. Ironically, only a few weeks before, Anthem’s CEO announced that his company and the health insurance industry ranked at the end of the list in customer service.
The risk of attacks by hostile foreign interests was, however, not new. Indeed, in the tipping point year of 2012, Utah’s Department of Health reported that hackers from eastern Europe had stolen medical information on 800,000 people, or almost 25% of the State’s residents.

Shutting down a hospital: the problem of ransomware
Beyond medical identity theft lies ransomware, which may be the fastest growing security risk. Rather than stealing data, ransomware locks down systems and encrypts files. Typically, a pop-up screen then demands ransom in exchange for a key to decrypt files and return access to a user.
Ransomware offers one of the best risk-reward portfolios for criminals who target hospitals. The technology is relatively unsophisticated and versatile, and hackers can make money quickly via extortion rather than seeking to sell data on the black market.
In February 2016, Hollywood Presbyterian Medical Center called in the FBI after ransomware forced its IT systems offline. Physicians could not access electronic records or communicate via email. Some emergency patients were diverted to other hospitals while outpatients missed treatments. Although reports about a $3.6 million ( Euro 3.24 million) ransom payment were reduced to $17,000 ( Euro 15,300), the fact that ransom money was paid is likely to increase the risk of copycat cybercriminals. The FBI recommends organizations do not pay ransom.
At the end of March, MedStar Health, a ten-hospital group in Maryland with over 100 outpatient facilities and 30,000 staff, became the largest medical entity to be successfully attacked by ransomware. Though MedStar stated there was ‘no evidence of compromised information,’ the bulk of its electronic operations was shut down. This time too, the FBI, was called in.
By June 2016, at least a dozen US hospitals had been targeted by ransomware. The number is likely to grow.

Ransomware forces German hospital to use pen and paper, postpone surgeries
The threat of ransomware is also serious in Europe.
In February 2016, the respected German publication Deutsche Welle’ (DW) reported that a number of hospitals in the country had fallen prey to ransomware, disrupting core healthcare services and internal systems. DW named several leading hospitals, including the Lukas Hospital in Neuss and the Klinikum Arnsberg hospital in North Rhine-Westphalia.
The Lukas Hospital was forced to revert to phone calls, fax and pen-and-paper records for several weeks, with high-risk surgeries postponed until handwritten notes had been filed.
On the other hand, Klinikum Arnsberg fared far better. A quick response saved it after the ransomware, entering via email, was detected on one server. All other servers, some 200 in total, were switched off to prevent contagion.

From IP to terror: other cyber-risks associated with healthcare
The healthcare threat spectrum extends beyond hospitals.
In October 2013, the US Food and Drug Administration (FDA) reported an alarming security breach at its Center for Biologics Evaluation and Research. The hack compromised 14,000 accounts, including proprietary pharmaceutical company data.
Issues of intellectual property (drug formulae, manufacturing processes etc.) and trade secrets are of evident interest, to competitors, both at home and abroad. This is not a trifling matter, given the billions of dollars spent in developing and marketing a drug, and the billions more expected from its sale.
The interest in biologics in particular, shown by the hack at the FDA, has been of concern since several biologic products have recently begun to come off patent, while many more are expected to do so in the future.
Last but not least, biological products include vaccines – with all their attendant implications for terrorist attacks. At the end of May, one of France’s biggest hospitals, the Pitie-Salpetriere at Paris, was subject to a break-in at a laboratory storing bacteria. In November 2015, just after the Paris terrorist attacks, another city hospital, Necker, had reported the theft of Hazmat suits – which can be used to protect against bacteria/biowarfare agents. Whether there is a connection between the two is something one can only speculate about.
There will no doubt be other risks. For example, we know of one case of theft of a hospital’s fire safety plans. These identified storage areas for radioactive substances and hazardous waste. Here again, the authorities seem to be at a loose end.
Until hospitals and other actors in the healthcare industry develop and implement security best practices, the threat of disruptions, caused by petty criminals and ranging through to foreign corporate spies and terrorists, will clearly persist.

The authors
Ashutosh Sheshabalaya and Antonio Bras Monteiro
SolvX Solutions
Email: office@solvx.com

SolvX provides security and risk consulting services out of offices in Europe, the Middle East and Asia.

The medical device industry is continually improving diagnostic imaging systems in order to lower radiation dose without compromising image quality, and both company articles and studies by cardiologists published in peer-reviewed journals stress the benefits for patients. However, much less emphasis is given to radiation exposure of relevant healthcare workers, a problem that is particularly acute in the catheterization lab where the use of albeit low radiation dose imaging approaches has increased exponentially. Diagnostic procedures utilizing ionizing radiation, such as coronary angiography, are now standard, as are interventions such as coronary artery angioplasty and stenting. Interventions such as atrial fibrillation ablation can take several hours and require up to an hour’s screening time. And the huge growth in the number of trans-catheter aortic valve implantation (TAVI) procedures carried out in the cath lab also impacts on the cumulative radiation dose to which operators are exposed.
The potential hazards of operator exposure include skin erythema from hands being constantly within the primary beam, and damage to eyes. Relatively low radiation doses can irreversibly damage the lens; higher doses can affect the conjunctiva, iris, sclera and retina. And of most concern, increasing radiation exposure can result in irreversible damage to cellular DNA and carcinogenesis; the brain, thyroid and skin are most susceptible to cancers. A survey published earlier this year in the American heart association journal compared 466 healthcare personnel with an average of ten years cath lab experience with 280 personnel working in cardiology but without radiation exposure. The prevalence of skin lesions, cataracts and cancers were all significantly higher in the radiation-exposed group, as were hypertension and orthopedic problems such as back pain. But in the high stress environment of the cath lab, exacerbated because these healthcare workers are frequently on call’ after completing their regular shifts, it is understandable that monthly reports of radiation exposure are not scrutinized by staff, and that effective protective measures such as special glasses, thyroid collars, gloves and lead aprons- the wearing of which has been linked to lower back pain- are not always utilized.
So surely it is essential that hospitals provide intensive training in radiation protection for the whole cath lab team, ensure that all staff know the relevant protocols and adhere to them, and regularly examine shielding equipment for defects. In addition radiation protection supervisors should monitor exposure on a monthly basis, via operator badges and ideally by the systems available that can provide real-time data throughout every procedure involving ionizing radiation.

Liver disease is a growing problem across the world. It includes a large range of disorders, such as fatty liver disease (both alcoholic and non-alcoholic), drug-induced liver damage, primary biliary cirrhosis and hepatitis (viral and autoimmune).

Biopsy is gold standard for liver disease
Fibrosis is a relatively common consequence of chronic liver diseases, and its staging, alongside exclusion or confirmation of early compensated cirrhosis, are considered to be vital for surveillance and treatment decisions.
The gold standard for the confirmation of hepatic fibrosis is biopsy. However, biopsy of the liver has several disadvantages. First of all, it is invasive. It is also associated with rare but serious complications. Finally, it can sample only a small portion of the parenchyma (functional rather than connective tissue). This makes it vulnerable to sampling errors.

Non-invasive tests becoming norm
To overcome such constraints, a variety of non-invasive imaging and serological methodologies have been researched and developed for assessing fibrosis. Aside from staging, an ever-growing corpus of data from non-invasive liver tests is also yielding considerable insights for prognostic patient care.
Liver biopsy is now largely restricted to patients showing unexplained discordances in non-invasive testing or those where hepatologists suspect additional etiologies of the disease.
Indeed, non-invasive tests are fast becoming the norm in much of the world, outside the US, although there are several exceptions. The reasons for the lower penetration of non-invasive tests in the US are discussed later.

Ultrasound at forefront
New non-invasive methods for assessing liver fibrosis consists of ultrasound elastography, a diagnostic methodology to evaluate stiffness of tissue, magnetic resonance elastography and serologic testing.
To some of its proponents, elastography is simply a form of the centuries-old systems of diagnosing and assessing diseases via palpation, now extending beyond the scope of physical touch.
While a biopsy is invasive and carries bleeding and infection risks, elastography is seen as a way to get the data needed by clinicians to diagnose and stage liver diseases without the associated complications.

Ultrasound-based elastography is not only used as an alternative to liver biopsy for measuring fibrosis, but also to predict complications in patients with cirrhosis. Another advantage is that elastography, like other non-invasive imaging modalities, can be repeated as often as required to monitor disease progression. Due to their risks, this is simply not feasible with biopsy.

Strain elastography and shear wave elastography
The best-known commercial ultrasound-based techniques for assessing fibrosis include strain elastography and shear wave elastography (SWE). SWE is a real-time two-dimensional elastography technique which enables making quantitative estimates of tissue stiffness in kilopascals (kPa) by virtue of the shear wave speed.
Technologically, even though strain elastography predates SWE, the latter is more easily reproducible than strain elastography, and has rapidly gained interest as the preferred technique. The two are quite different, and outside the hepatology area, seem to have significant complementarities.
Broadly speaking, strain imaging is a qualitative/semi-quantitative method influenced by histotype and lesion size. The use of semi-quantitative indices does not improve performance. Neither does it reduce interoperator variability.

SWE provides accuracy, comparability
Shear wave, on the other hand, is a quantitative method which provides a more accurate and easily comparable assessment of spatial distribution of tissue stiffness.
Most practitioners see SWE as quick and easy to perform, and easily repeated to monitor liver disease progression and measure the effect of a particular treatment. An ultrasound shear wave propagates like ripples of water, as it spreads across tissue. A coherent pattern indicates that a pulse has been applied properly and that there are no artifacts (e.g. from vessels) that would provide erroneous results.
SWE systems provide variable depth of measurement. A depth of 5-6 cms may make it difficult to scan the liver in a large or obese patient, but depths of up to 8 cms are available in certain SWE systems. However, results are not reproducible at such depths, across commercial SWE vendors.

Ease of use not universally accepted
Nevertheless, not everyone agrees that the procedure is easy, especially if SWE results need to be matched against reproducible serological tests. The Society of Radiologists in Ultrasound notes the considerable training required for precision. SWE begins with the positioning of a patient in a left posterior oblique position with the arm raised. Patients need to also breathe slowly, and when asked, suspend breathing, since movement of the liver can reduce accuracy in measurement.

Liver is principal application for SWE
So far, SWE has been used to evaluate and quantify liver fibrosis/cirrhosis of multiple etiologies or with complicating co-morbidities, including chronic hepatitis, liver cancer, steatohepatitis, and biliary atresia. The two-dimensional shear wave elastographic technique offers better performance for assessing liver fibrosis as compared to conventional transient elastography, according to a May 2016 study in the Chinese publication, World Journal of Gastroenterology’.

SWE and hepatitis C
SWE practitioners see it as a tool to assist in earlier detection of conditions such as hepatitis C, and both fatty liver and alcoholic liver disease. Alongside lab studies, SWE offers a means to closely monitor the impact of treatment and assess if the liver will normalize. For many hepatologists, fighting a liver condition before Stage 4 cirrhosis provides a good chance of reversibility.
SWE can also provide information on which hepatitis C patients might benefit from viral therapy. There are numerous reports of patients who would not have been suspected of severe fibrosis or cirrhosis, based on traditional ultrasound grey scaling. At best, the latter provides indicators such as anomalies in the liver contour. However, it does not show signs of cirrhosis such as surface nodularity which are immediately apparent in elastography.

Guiding biopsies
Some clinicians have sought to use SWE to guide liver biopsies and in certain cases, avoid or postpone biopsy. As part of this process, they have addressed one of the major limitations of biopsy, namely restrictions to choice of affected areas, erroneous samples, or inadequacy in sample size enough for interpretation. SWE allows multiple sampling across the liver and generating a mean value. This reduces what in the past would have been a large number of unnecessary biopsies, and minimizes the morbidity of liver biopsy.

SWE in children
SWE has shown specific advantages in pediatric patients. Cincinnati Children’s Hospital Medical Center is gathering data on normal’ stiffness values in children, and on rates of progression, given that published data is almost wholly based on adults.
The study groups cover children with liver transplants, metabolic disorders, cystic fibrosis and those on prolonged intravenous feeding (TPN). One specific area for attention is biliary atresia, a rare but life-threatening condition where the bile ducts in an infant’s liver lack normal openings. The bile builds up and causes damage to the liver.
The pediatric data collection for SWE on newborns with jaundice or cholestasis makes ten measurements. This adds just 5 minutes to a typical ultrasound exam.
Nevertheless, pediatric SWE also has its limitations. According to Dr. Sara O’Hara, who heads the Ultrasound Department at Cincinnati Children’s Hospital, SWE can give variable results in areas such as children with non alcoholic steatohepatitis (NASH) and fatty liver disease.

Breast applications benefit from SWE-plus-strain elastography
In adults, aside from the liver, SWE is seen as a useful technique for evaluation of breast lesions and prostate imaging. In both cases, the technique seems to provide best results in combination with another elastography mode.
For instance, a literature review published in the Journal of Ultrasound’ in 2012 reported that SWE and strain elastography complement each other and overcome mutual limitations in the evaluation of breast lesions.
Clearly, when both types of elastography provide similar results, there is a greater degree of confidence – especially in terms of a near-total elimination of false negatives, which sharply cuts the need for breast biopsies which later prove unnecessary.
There are however some limitations which have been reported in measuring shear wave velocity in the stiffest of breast lesions. Here, rather than propagating through the tumour, the shear wave tends to bounce back. Nevertheless, ongoing improvements in SWE, which have been further reducing examination time and enhancing field of view, means that at some point it could be a tool for breast cancer screening.

Prostate applications benefit from SWE-plus-MR elastography
The use of SWE in prostate cancer, too, shows similar potential for benefits as with breast screening. The first factor is a reduction in biopsies, which prove to have been unnecessary post facto. Studies are under way which seek to correlate stiffness with abnormalities (as well as aggressiveness of tumours) and to assist urologists determine when patients with low-grade prostate cancer must start treatment.
As with SWE and strain elastography in the breast, best results in terms of the prostate are obtained by complementing SWE with another imaging modality – magnetic resonance (MR) elastography. Some findings reveal SWE significantly superior in detecting prostate cancer in the peripheral zone – which is where most tumours occur. However, MR seems to show greater promise in the anterior gland and transitional zone.
Again, as with the breast, the fusion of two modalities permits multiple sampling and tackles a major limitation of prostate biopsy, namely inconvenience and risk, as well as limited choice of affected areas. A few experimental procedures have also targeted fusing MR and SWE images to help guide biopsies.

Using SWE in other organs
SWE has also demonstrated considerable (if still early-stage) promise for evaluating thyroid nodules, indeterminate lymph nodes and uterine fibroids. Another area for investigating SWE include kidney transplants, in order to to avoid excessive biopsies. However, limitations to shear wave captured depth remains a technology challenge for manufacturers to address.

US remains laggard in ultrasound elastography
While most of the world’s regions (Europe, Asia and Latin America) are seeing growth in the use of ultrasound elastography (both SWE and strain), in the US neither is eligible for reimbursement, even in the largest application area – the liver. This is unlike transient elastography, although critics allege it is a blind methodology which neither directly measure fibrosis and often over-estimates it.
Currently, studies in both the US and other parts of the world are seeking to establish the clinical and economic benefits of SWE and strain elastography, including unnecessary invasive biopsies with their associated costs and complications. Eventually, the results of ongoing trials are expected to produce the data which will make ultrasound elastography eligible for reimbursement.
The most self-evident advantage of ultrasound elastography is its non-invasive nature. Unlike a biopsy, it is clearly more feasible to use SWE to screen for patients at greatest risk of chronic liver disease and in need of referral or treatment.