SlideShare una empresa de Scribd logo

Network Connected Medical Devices - A Case Study

Descargar como PPTX, PDF
S
SophiaPalmira

In this session, we welcome Shankar Somasundaram, CEO of Asimily, Priyanka Upendra, Quality Compliance Director at Banner Health, and Carrie Whysall. Director of Managed Security Services at CynergisTek. Together, they will discuss medical device security, covering all you need to know from medical device assessments to remediation efforts. Attendees will leave this session knowing how to apply what they have learned about medical device security in real life.

Empresariales
1 de 28
CTEK SUMMIT 2020
CTEK SUMMIT 2020 2 Medical Device Security Services Overview
CTEK SUMMIT 2020 3 Priya Upendra, Quality &Compliance Director Banner Health • 1 • 2 • 3
CTEK SUMMIT 2020 4 Shankar Somasundaram, CEO Asimily • Asimily is a company focused on Healthcare, Medical and Connected Device Inventory, Cybersecurity, and Operational Management working with Health systems across the country • Shankar has been involved on the topic of medical devices since 2011. • Shankar has been a contributor and part of many industry frameworks like NIST, TIR 57 and more!
CTEK SUMMIT 2020 5 Carrie Whysall, Director, Managed Security Services CynergisTek • Carrie has over 24 years of experience in healthcare information services over half of which are focused in security. • In her role as Director of Managed Security Services, Carrie is responsible for executing strategic business initiatives and driving CynergisTek's growth strategies for security services including Vendor Security Management (VSM), Managed Security Services (MSS), and Medical Device Security. • Prior to joining CTEK, Carrie served as a Senior Director of Security for Ascension Information Services.
CTEK SUMMIT 2020 Agenda 6 • Effective Risk Management Solutions • Medical Device Security Services & Challenges • Vulnerability Management • Taking Steps to Apply Concepts • Wrap-Up/Q&A
CTEK SUMMIT 2020 Medical Device Security Services and Challenges 7
CTEK SUMMIT 2020 8 Insufficient Visibility • Lack accurate connected medical device inventory Medical Device Ecosystem is Complex • Significant number of vendors, device types & software platforms • Device managed across a maze of ownership and support Unable to Update • Medical devices can rarely be patched • Updates often not available Legacy Systems • Many devices have Windows 95 98, 2000, XP, & 7 • Longer life expectancy Culture • Communication gap between CE/IT • Limited training and knowledge Technical & Operational Dependencies • Proprietary networks • Wireless requirements • Computer hardware Medical Devices are Proprietary • Highly specialized • Automated microprocessor driven • Store and collect sensitive information Lack of Tools • Limited tools and lack of knowledge of tools to inventory connected medical devices • Cannot actively scan medical devices Lack of Security Controls • Standard IT technical security controls don’t apply • Administrative controls can impede clinical care • Physical controls are difficult to manage Medical Device Security Challenges
CTEK SUMMIT 2020 Why Medical Device Security Services? • Medical devices are increasingly connected to the internet and have limited control over access • Most HDO’s do not have accurate connected medical device inventory • Between 10-15 connected medical devices per hospital bed / 300%-400% more medical equipment than IT devices • Average of 6.2 Vulnerabilities per medical device • 60% of all medical devices are un- patchable • Most connected medical devices are unmanaged • Risk of breach due to devices holding large amounts of PHI • An attack has the potential to cause patient harm • Attacks affect device availability and organization reputation 9
CTEK SUMMIT 2020 10 Stage 1 Risk Assessment Stage 2 Program Development Stage 3 Program Management Provides a blueprint for: • Implementing organizational medical device security practices • Remediating vulnerable network connected medical devices • Reducing organizational risk through increased governance and oversight This includes recommendations for developing a comprehensive medical device security program. Develop security best practices into ongoing medical device management processes: • Improved asset management processes including inventory validation • Consistent medical device risk assessment procedures • Standardized implementation and configuration processes • Formal incident response protocols and documentation Continuous support and management: • Assisting with the medical device procurement process • Managing ongoing vulnerability reporting and remediation planning • Providing medical device security training and awareness presentations • Facilitating incident response and formal device disposition processes Medical Device Security Services
CTEK SUMMIT 2020 11 Stage 1: Risk Assessment The Medical Device Security Risk Assessment provides the organization with a one-time assessment to identify and categorize medical device risk management strategies. Medical Device Security Program Evaluation:  Documentation Review  Onsite Data Collection  Remediation Recommendations  Level of Effort Summary  Lifecycle Management Integration Passive Network Discovery Tool Results:  Passive Network Scanning  Device Inventory Attributes  Security & Network Data  Vulnerability Identification  Remediation Recommendations Medical Device Security Risk Classification:  Risk Criteria Identification  Device Specific Risk Categories  Remediation Strategies by Risk Category  Recommended Remediation Plan 1Program Assessment Technical Assessment Risk Mgmt. Strategy2 3
CTEK SUMMIT 2020 12 Stage 2 & 3: Program Development & Management Medical Device Procurement Medical Device Installation and Inventory Management Medical Device Continuous Support/Maintenance Medical Device Incident Response Management Medical Device Disposition/Retirement Procurement Management - New Medical Device Security Assessment - Vendor/Third-Party Service Provider Risk Assessment - Risk Acknowledgment Documentation Installation & Inventory Management - Standardized Implementation Workflow - Inventory Gap Analysis - Inventory Validation & Reconciliation Process Continuous Support & Maintenance - Network Tool Monitoring & Reporting - Internal Security Posture Review - Biomed Specific Security Training Incident Response Management - Threat Notifications - Medical Device Security Incident Consultation Disposition/Retirement - Media Sanitization Assurance - Recommendations for Replacement/Retirement Lifecycle Management Approach Organizational medical device support and management utilizing processes to ensure the safe and full functionality of the device at each stage of a medical device’s lifecycle.
CTEK SUMMIT 2020 Effective Risk Management Solutions 13
CTEK SUMMIT 2020 14 Identifying All Risk Vectors
CTEK SUMMIT 2020 • Scores vulnerabilities using medical device context • Provides granular recommendations to mitigate risk Key Capabilities of an Effective Risk Management Solution 15 • Identify devices and parametersInventory • Baseline device behavior • Highlight when a device is not behaving as expected Vulnerability Management • Proactively identifies vulnerabilities • Narrow down vulnerabilities posing a threat to the network Vulnerability Scoring and Risk Assessment Intrusion Detection Containment and Micro- segmentation Forensic analysis • Block or quarantine a device as necessary • Segment or micro-segment a device as required • Understand how, where, when device is communicating • Identify the root cause of the problem IDENTIFY DETECT PROTECT RESPOND
CTEK SUMMIT 2020 Multi-Dimensional Approach 16 MEDICAL (& NON-MEDICAL) DEVICE MASTER DATA RECORD  IT parameters  Medical device parameters  Cyber-security parameters  Network asset utilization DEVICE RELATIONSHIPS  Device inter-relationships  Data flows  Ability to navigate network CONTEXUAL RISK Prioritized list of devices and alternatives to patching PATCH AND MITIGATION PRIORITIZATION  Vulnerabilities  Configuration  Vulnerability Exploit Vectors  Impact to patient care, data privacy and operations RISK MONITORING, REMEDIATION AND PREVENTION  Device baselines and device profiles  Security anomalies  Operational anomalies  Segmentation of devices based on device context  Blocking or quarantine at network
CTEK SUMMIT 2020 Medical Device Vulnerability Management 17
CTEK SUMMIT 2020 Vulnerability Management • Not all devices have the same risk • Even across devices with the same legacy operating system, risks could be different • Whether an unpatched vulnerability affects a device is dependent on many factors: • Exploitability of the vulnerability for that device in that environment • Impact of the vulnerability • How the device is connected • Security capabilities of the device • Any other mitigating security controls • Several factors have to be taken into account before deciding whether a vulnerability is exploitable and high impact and then if the vulnerability is high risk, high impact vulnerability, then a workaround can be implemented 18
CTEK SUMMIT 2020 Same Model, Same Mfg , Same OS Different risks 19
CTEK SUMMIT 2020 High Risk High Impact Windows_7 Embedded Ultrasound with Mitigation 20
CTEK SUMMIT 2020 Recommendation for a vulnerability 21
CTEK SUMMIT 2020 Medical Device Security - Taking Steps to Apply These Concepts 22
CTEK SUMMIT 2020 Identify The Drivers to CE-IT Convergence • Integrating the Healthcare Enterprise (IHE) • Patient Safety and Quality Outcomes Management • Tele Health • Increasing application of: • RFID, DICOM, Bluetooth, WiFi • Increased Government/Industry Focus • FDA, MDS2, other initiatives • Information Security – integrity, availability, confidentiality • Cybersecurity, Privacy, Disruption (ransomware, DDoS) 23
CTEK SUMMIT 2020 Demonstrate That You Have a Problem Conduct a litmus test to identify the extent of the problem 1. Ask for a copy of the Could Not Locate (CNL) list for previous 12 months 2. Determine if any devices on the list can create and store ePHI 3. For devices identified in #2 above, ask if you have reported (or will report) a breach or have a documented “low probability of compromise” in your files 4. For all remaining devices, ask how any technical vulnerabilities have been remediated 24
CTEK SUMMIT 2020 Adopt a Framework • Good security hygiene and awareness are key… • But, there is no one-size-fits-all answer, this is unique to each org. • Key factors that make the difference: • Leadership style • Leaderships risk tolerance • Corporate/practice culture • The message needs to be delivered in a way the recipient can understand, in their terms • Training materials you find or get from outside need to be customized 25
CTEK SUMMIT 2020 Develop Management Solutions • Biomedical devices are not just hardware • Treat them as computing endpoints • Treat them as if they contain patient data – many do! • Protect them from unauthorized physical and network access • You must presume a breach if lost, stolen, or even out of your control • Addressing biomedical risks is a management problem • Accountability stops w/CEO, but departments share responsibility • The CISO and compliance must act as a team to assess these risks • Look at tools that can passively scan • These also interface with the common CMMS applications • Consider outsourcing the security management to address talent gaps 26
CTEK SUMMIT 2020 Key Takeaways • Assessment • Assess your inventory with an eye towards risk • Assess your program or lack thereof • Don’t forget to include life cycle management • Remediation Efforts • Even the same device model can require different strategies • Be sure to identify all pertinent risk vectors • Apply what you have learned • Pick a tool that can help you with your use case • Partnership is the key CE & IT need to plan together • Long term strategies are the key to success 27
CTEK SUMMIT 2020 THANK YOU • priyanka.upendra@bannerhealth.com • shankar@asimily.com • carrie.whysall@cynergistek.com 28

Recomendados

[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 
Hacking Into Medical Devices
Hacking Into Medical DevicesHacking Into Medical Devices
Hacking Into Medical DevicesJane Wang
 

Recomendados

[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 
Hacking Into Medical Devices
Hacking Into Medical DevicesHacking Into Medical Devices
Hacking Into Medical DevicesJane Wang
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Security of Things Forum
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Securing the Fog
Securing the FogSecuring the Fog
Securing the FogThe Security of Things Forum
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of ThingsThe Security of Things Forum
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 Great Bay Software
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack Medigate
 
Medical device security_anirudh
Medical device security_anirudhMedical device security_anirudh
Medical device security_anirudhanirudh duggal
 
Why Medical Devices Are So Vulnerable
Why Medical Devices Are So VulnerableWhy Medical Devices Are So Vulnerable
Why Medical Devices Are So VulnerableMedigate
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxMarket iT
 
Information technology in health care management
Information technology in health care managementInformation technology in health care management
Information technology in health care managementmohamedmoosa2
 
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...Intermountain Clinical Instrumentation Society
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead ForumHealth IT Conference – iHT2
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 
How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxShandevinda
 
Clinical Risk Management
Clinical Risk Management Clinical Risk Management
Clinical Risk Management Medigate
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 

Más contenido relacionado

La actualidad más candente

Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 Great Bay Software
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack Medigate
 
Medical device security_anirudh
Medical device security_anirudhMedical device security_anirudh
Medical device security_anirudhanirudh duggal
 
Why Medical Devices Are So Vulnerable
Why Medical Devices Are So VulnerableWhy Medical Devices Are So Vulnerable
Why Medical Devices Are So VulnerableMedigate
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxMarket iT
 
Information technology in health care management
Information technology in health care managementInformation technology in health care management
Information technology in health care managementmohamedmoosa2
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 

La actualidad más candente (19)

Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow Movers
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and Evolver
 
Securing the Fog
Securing the FogSecuring the Fog
Securing the Fog
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack
 
Medical device security_anirudh
Medical device security_anirudhMedical device security_anirudh
Medical device security_anirudh
 
Why Medical Devices Are So Vulnerable
Why Medical Devices Are So VulnerableWhy Medical Devices Are So Vulnerable
Why Medical Devices Are So Vulnerable
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicaux
 
Information technology in health care management
Information technology in health care managementInformation technology in health care management
Information technology in health care management
 
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
 

Similar a Network Connected Medical Devices - A Case Study

How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxShandevinda
 
Clinical Risk Management
Clinical Risk Management Clinical Risk Management
Clinical Risk Management Medigate
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayIvanti
 
Understanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical DevicesUnderstanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical DevicesKeerthi Gunasekaran
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfJacob Li
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandHighervista
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...IT Network marcus evans
 
Use of mobile device in health care setting
Use of mobile device in health care settingUse of mobile device in health care setting
Use of mobile device in health care settingDr. Samir Sawli
 
7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptxnichal3
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfICS
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...Health IT Conference – iHT2
 
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...JustinFinch11
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)OnRamp
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 

Similar a Network Connected Medical Devices - A Case Study (20)

How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptx
 
Clinical Risk Management
Clinical Risk Management Clinical Risk Management
Clinical Risk Management
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
 
Understanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical DevicesUnderstanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical Devices
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarland
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
Use of mobile device in health care setting
Use of mobile device in health care settingUse of mobile device in health care setting
Use of mobile device in health care setting
 
7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdf
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
 
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 

Más de SophiaPalmira

Privacy Threats in Healthcare - It Could Happen to You
Privacy Threats in Healthcare - It Could Happen to YouPrivacy Threats in Healthcare - It Could Happen to You
Privacy Threats in Healthcare - It Could Happen to YouSophiaPalmira
 
What Has Changed Since COVID-19?
What Has Changed Since COVID-19?What Has Changed Since COVID-19?
What Has Changed Since COVID-19?SophiaPalmira
 
Final Thoughts: Yours, Mine, & Ours
Final Thoughts: Yours, Mine, & OursFinal Thoughts: Yours, Mine, & Ours
Final Thoughts: Yours, Mine, & OursSophiaPalmira
 
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...SophiaPalmira
 
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondThe Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondSophiaPalmira
 
Say What!? Yes, Security & Privacy Can Work Together
Say What!? Yes, Security & Privacy Can Work TogetherSay What!? Yes, Security & Privacy Can Work Together
Say What!? Yes, Security & Privacy Can Work TogetherSophiaPalmira
 
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...SophiaPalmira
 

Más de SophiaPalmira (8)

Privacy Threats in Healthcare - It Could Happen to You
Privacy Threats in Healthcare - It Could Happen to YouPrivacy Threats in Healthcare - It Could Happen to You
Privacy Threats in Healthcare - It Could Happen to You
 
What Has Changed Since COVID-19?
What Has Changed Since COVID-19?What Has Changed Since COVID-19?
What Has Changed Since COVID-19?
 
Final Thoughts: Yours, Mine, & Ours
Final Thoughts: Yours, Mine, & OursFinal Thoughts: Yours, Mine, & Ours
Final Thoughts: Yours, Mine, & Ours
 
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
 
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondThe Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
 
Ted's Talk
Ted's TalkTed's Talk
Ted's Talk
 
Say What!? Yes, Security & Privacy Can Work Together
Say What!? Yes, Security & Privacy Can Work TogetherSay What!? Yes, Security & Privacy Can Work Together
Say What!? Yes, Security & Privacy Can Work Together
 
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
 

Último

Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 

Último (20)

Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 

Network Connected Medical Devices - A Case Study

  • 2. CTEK SUMMIT 2020 2 Medical Device Security Services Overview
  • 3. CTEK SUMMIT 2020 3 Priya Upendra, Quality &Compliance Director Banner Health • 1 • 2 • 3
  • 4. CTEK SUMMIT 2020 4 Shankar Somasundaram, CEO Asimily • Asimily is a company focused on Healthcare, Medical and Connected Device Inventory, Cybersecurity, and Operational Management working with Health systems across the country • Shankar has been involved on the topic of medical devices since 2011. • Shankar has been a contributor and part of many industry frameworks like NIST, TIR 57 and more!
  • 5. CTEK SUMMIT 2020 5 Carrie Whysall, Director, Managed Security Services CynergisTek • Carrie has over 24 years of experience in healthcare information services over half of which are focused in security. • In her role as Director of Managed Security Services, Carrie is responsible for executing strategic business initiatives and driving CynergisTek's growth strategies for security services including Vendor Security Management (VSM), Managed Security Services (MSS), and Medical Device Security. • Prior to joining CTEK, Carrie served as a Senior Director of Security for Ascension Information Services.
  • 6. CTEK SUMMIT 2020 Agenda 6 • Effective Risk Management Solutions • Medical Device Security Services & Challenges • Vulnerability Management • Taking Steps to Apply Concepts • Wrap-Up/Q&A
  • 7. CTEK SUMMIT 2020 Medical Device Security Services and Challenges 7
  • 8. CTEK SUMMIT 2020 8 Insufficient Visibility • Lack accurate connected medical device inventory Medical Device Ecosystem is Complex • Significant number of vendors, device types & software platforms • Device managed across a maze of ownership and support Unable to Update • Medical devices can rarely be patched • Updates often not available Legacy Systems • Many devices have Windows 95 98, 2000, XP, & 7 • Longer life expectancy Culture • Communication gap between CE/IT • Limited training and knowledge Technical & Operational Dependencies • Proprietary networks • Wireless requirements • Computer hardware Medical Devices are Proprietary • Highly specialized • Automated microprocessor driven • Store and collect sensitive information Lack of Tools • Limited tools and lack of knowledge of tools to inventory connected medical devices • Cannot actively scan medical devices Lack of Security Controls • Standard IT technical security controls don’t apply • Administrative controls can impede clinical care • Physical controls are difficult to manage Medical Device Security Challenges
  • 9. CTEK SUMMIT 2020 Why Medical Device Security Services? • Medical devices are increasingly connected to the internet and have limited control over access • Most HDO’s do not have accurate connected medical device inventory • Between 10-15 connected medical devices per hospital bed / 300%-400% more medical equipment than IT devices • Average of 6.2 Vulnerabilities per medical device • 60% of all medical devices are un- patchable • Most connected medical devices are unmanaged • Risk of breach due to devices holding large amounts of PHI • An attack has the potential to cause patient harm • Attacks affect device availability and organization reputation 9
  • 10. CTEK SUMMIT 2020 10 Stage 1 Risk Assessment Stage 2 Program Development Stage 3 Program Management Provides a blueprint for: • Implementing organizational medical device security practices • Remediating vulnerable network connected medical devices • Reducing organizational risk through increased governance and oversight This includes recommendations for developing a comprehensive medical device security program. Develop security best practices into ongoing medical device management processes: • Improved asset management processes including inventory validation • Consistent medical device risk assessment procedures • Standardized implementation and configuration processes • Formal incident response protocols and documentation Continuous support and management: • Assisting with the medical device procurement process • Managing ongoing vulnerability reporting and remediation planning • Providing medical device security training and awareness presentations • Facilitating incident response and formal device disposition processes Medical Device Security Services
  • 11. CTEK SUMMIT 2020 11 Stage 1: Risk Assessment The Medical Device Security Risk Assessment provides the organization with a one-time assessment to identify and categorize medical device risk management strategies. Medical Device Security Program Evaluation:  Documentation Review  Onsite Data Collection  Remediation Recommendations  Level of Effort Summary  Lifecycle Management Integration Passive Network Discovery Tool Results:  Passive Network Scanning  Device Inventory Attributes  Security & Network Data  Vulnerability Identification  Remediation Recommendations Medical Device Security Risk Classification:  Risk Criteria Identification  Device Specific Risk Categories  Remediation Strategies by Risk Category  Recommended Remediation Plan 1Program Assessment Technical Assessment Risk Mgmt. Strategy2 3
  • 12. CTEK SUMMIT 2020 12 Stage 2 & 3: Program Development & Management Medical Device Procurement Medical Device Installation and Inventory Management Medical Device Continuous Support/Maintenance Medical Device Incident Response Management Medical Device Disposition/Retirement Procurement Management - New Medical Device Security Assessment - Vendor/Third-Party Service Provider Risk Assessment - Risk Acknowledgment Documentation Installation & Inventory Management - Standardized Implementation Workflow - Inventory Gap Analysis - Inventory Validation & Reconciliation Process Continuous Support & Maintenance - Network Tool Monitoring & Reporting - Internal Security Posture Review - Biomed Specific Security Training Incident Response Management - Threat Notifications - Medical Device Security Incident Consultation Disposition/Retirement - Media Sanitization Assurance - Recommendations for Replacement/Retirement Lifecycle Management Approach Organizational medical device support and management utilizing processes to ensure the safe and full functionality of the device at each stage of a medical device’s lifecycle.
  • 13. CTEK SUMMIT 2020 Effective Risk Management Solutions 13
  • 15. CTEK SUMMIT 2020 • Scores vulnerabilities using medical device context • Provides granular recommendations to mitigate risk Key Capabilities of an Effective Risk Management Solution 15 • Identify devices and parametersInventory • Baseline device behavior • Highlight when a device is not behaving as expected Vulnerability Management • Proactively identifies vulnerabilities • Narrow down vulnerabilities posing a threat to the network Vulnerability Scoring and Risk Assessment Intrusion Detection Containment and Micro- segmentation Forensic analysis • Block or quarantine a device as necessary • Segment or micro-segment a device as required • Understand how, where, when device is communicating • Identify the root cause of the problem IDENTIFY DETECT PROTECT RESPOND
  • 16. CTEK SUMMIT 2020 Multi-Dimensional Approach 16 MEDICAL (& NON-MEDICAL) DEVICE MASTER DATA RECORD  IT parameters  Medical device parameters  Cyber-security parameters  Network asset utilization DEVICE RELATIONSHIPS  Device inter-relationships  Data flows  Ability to navigate network CONTEXUAL RISK Prioritized list of devices and alternatives to patching PATCH AND MITIGATION PRIORITIZATION  Vulnerabilities  Configuration  Vulnerability Exploit Vectors  Impact to patient care, data privacy and operations RISK MONITORING, REMEDIATION AND PREVENTION  Device baselines and device profiles  Security anomalies  Operational anomalies  Segmentation of devices based on device context  Blocking or quarantine at network
  • 18. CTEK SUMMIT 2020 Vulnerability Management • Not all devices have the same risk • Even across devices with the same legacy operating system, risks could be different • Whether an unpatched vulnerability affects a device is dependent on many factors: • Exploitability of the vulnerability for that device in that environment • Impact of the vulnerability • How the device is connected • Security capabilities of the device • Any other mitigating security controls • Several factors have to be taken into account before deciding whether a vulnerability is exploitable and high impact and then if the vulnerability is high risk, high impact vulnerability, then a workaround can be implemented 18
  • 19. CTEK SUMMIT 2020 Same Model, Same Mfg , Same OS Different risks 19
  • 20. CTEK SUMMIT 2020 High Risk High Impact Windows_7 Embedded Ultrasound with Mitigation 20
  • 22. CTEK SUMMIT 2020 Medical Device Security - Taking Steps to Apply These Concepts 22
  • 23. CTEK SUMMIT 2020 Identify The Drivers to CE-IT Convergence • Integrating the Healthcare Enterprise (IHE) • Patient Safety and Quality Outcomes Management • Tele Health • Increasing application of: • RFID, DICOM, Bluetooth, WiFi • Increased Government/Industry Focus • FDA, MDS2, other initiatives • Information Security – integrity, availability, confidentiality • Cybersecurity, Privacy, Disruption (ransomware, DDoS) 23
  • 24. CTEK SUMMIT 2020 Demonstrate That You Have a Problem Conduct a litmus test to identify the extent of the problem 1. Ask for a copy of the Could Not Locate (CNL) list for previous 12 months 2. Determine if any devices on the list can create and store ePHI 3. For devices identified in #2 above, ask if you have reported (or will report) a breach or have a documented “low probability of compromise” in your files 4. For all remaining devices, ask how any technical vulnerabilities have been remediated 24
  • 25. CTEK SUMMIT 2020 Adopt a Framework • Good security hygiene and awareness are key… • But, there is no one-size-fits-all answer, this is unique to each org. • Key factors that make the difference: • Leadership style • Leaderships risk tolerance • Corporate/practice culture • The message needs to be delivered in a way the recipient can understand, in their terms • Training materials you find or get from outside need to be customized 25
  • 26. CTEK SUMMIT 2020 Develop Management Solutions • Biomedical devices are not just hardware • Treat them as computing endpoints • Treat them as if they contain patient data – many do! • Protect them from unauthorized physical and network access • You must presume a breach if lost, stolen, or even out of your control • Addressing biomedical risks is a management problem • Accountability stops w/CEO, but departments share responsibility • The CISO and compliance must act as a team to assess these risks • Look at tools that can passively scan • These also interface with the common CMMS applications • Consider outsourcing the security management to address talent gaps 26
  • 27. CTEK SUMMIT 2020 Key Takeaways • Assessment • Assess your inventory with an eye towards risk • Assess your program or lack thereof • Don’t forget to include life cycle management • Remediation Efforts • Even the same device model can require different strategies • Be sure to identify all pertinent risk vectors • Apply what you have learned • Pick a tool that can help you with your use case • Partnership is the key CE & IT need to plan together • Long term strategies are the key to success 27
  • 28. CTEK SUMMIT 2020 THANK YOU • priyanka.upendra@bannerhealth.com • shankar@asimily.com • carrie.whysall@cynergistek.com 28

Notas del editor

  1. Shankar to discuss how Asimily features align with what’s needed to meet NIST CSF requirements and HIPAA regs