SlideShare una empresa de Scribd logo

Cybersecurity in Smart Medical Devices

Zühlke
Zühlke

Key learnings from the medical device service provider perspective. The slides were presented by Dr. Stefan Weiss at the "Digital Transformation in Pharma" workshop of the House of Pharma MBA Program in Frankfurt.

Atención sanitaria
1 de 24
Descargar para leer sin conexión
© Zühlke 2019Slide 1 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Cybersecurity in smart medical devices – Key learnings from the medical device service provider perspective
© Zühlke 2019Slide 2 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke EHRs are traded for up to $1000 – it is the most comprehensive identity record What is the dark net price of your data? EHR: Electronic health record Source: Adapted from https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/ Fake MBA degree $100 - $400$5 Credit Card with CVV up to $1000 Electronic Health Record up to $2000 US passport
© Zühlke 2019Slide 3 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Cybersecurity
© Zühlke 2019Slide 4 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Cybersecurity is a fundamental dimension of medical device development and maintenance What is cybersecurity? Privacy How to protect my health information? Safety How to protect my health and the environment from injury? Cybersecurity How to protect medical devices from being manipulated?
© Zühlke 2019Slide 5 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Why do we need better cybersecurity for medical devices?
© Zühlke 2019Slide 6 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Innovative, digital products and services also for healthy people drive market growth Medical devices become a prominent part of our daily lives Digital innovation 20% 0% 40% 100% 60% 80% 2023 31B € 2017 2028 100% 11B € 20B € Digital products and services revenue on total German medical device market CAGR: +16% SaMD: Software as a medical device SaMD Source: Adapted from Roland Berger – Gesundheit 4.0, 2018
© Zühlke 2019Slide 7 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Connectivity and standardization are shaping development Big data from new devices require cloud-based analytics Source: Philipps Medical devices become connected by default Standardized software platforms are used Mobile Apps become essential part of a medical device system
© Zühlke 2019Slide 8 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Numerous stakeholders can access our EHRs and medical device information Our health data is aggregated on platforms EHR Vaccination certificates Medical reports Appointments Emergency passport Laboratory values Medication pass Patient’s devices Echocardiography / radiographs Source: Adapted from McKinsey - Digitizing healthcare – opportunities for Germany, 2018
© Zühlke 2019Slide 9 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Healthcare cyberattacks cause the highest costs per stolen data set across industries Medical cyberattacks rise and cause high financial damage 365 0 50 100 150 200 250 300 350 400 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 $408 $206 $181 $174 $170 $167 Financial Health Services Pharmaceutical Technology Energy Average costs per stolen data setUS health breaches Anthem Inc.: >80M stolen data sets Source: IBM & Ponemon Cost of a Data Breach Report, 2018Source: Adapted from HIPAA Journal Healthcare Data Breach Statistics, 2018
© Zühlke 2019Slide 10 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Ransomware causes high damage also in clinics, without needing a direct internet connection Example 1: WannaCry - Medical device security in hospitals • Unpatched Windows Systems • > 200 countries, 48 hospital trusts affected • Devices included: • MRI Control Stations • Blood storage refrigerators • 19,000 cancelled appointments • £92m overall costs for the NHS Source: Adapted from https://www.forbes.com/sites/thomasbrewster/2017/05/17/wannacry-ransomware-hit-real-medical-devices/
© Zühlke 2019Slide 11 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke • Leaky wireless protocols and lack of authentication • Affected devices include: • Heart defibrillators • Pacemaker • Insulin pumps • More than 750.000 affected devices A high personal threat for patients and a reputation disaster for device manufacturers Example 2: Hackable implanted medical devices
© Zühlke 2019Slide 12 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Typical pitfalls of our customers Security is often managed like a visit to the dentist – needed but hated Management mindset Offline asset perspective Security kills usability A final wrapper will fix it Security kills agility Believed competence
© Zühlke 2019Slide 13 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Believed competence Conscious competence Incounscious competence Incounscious incompetence Conscious incompetence Believed competence – a key pitfall Example: Security is considered during development, but not throughout the product life cycle
© Zühlke 2019Slide 14 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | How can we achieve better cybersecurity?
© Zühlke 2019Slide 15 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Medical device development follows cybersecurity gold standard goals CIA are the three crucial goals for cybersecurity Confidentiality attacks: • Corporate espionage • Stealing EHRs Mitigation: • Data encryption & anonymization • Access control and authentication concepts Availability attacks: • Withholding data including ransomware and DDoS attacks Mitigation: • Frequent system updates • Regular backups
© Zühlke 2019Slide 16 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke We recommend a holistic approach considering the legal, project and personal level To achieve CIA, security has to be managed on several levels Legal Project Personal
© Zühlke 2019Slide 17 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke ISO/IEC 29147 ISO/IEC 30111 NIST SP 800-53 NIST SP 800-37 IEC 80001-1 ISO 14971 IEC 62443-1-1 IEC 62443-2-1 IEC 62443-3-1 AAMI TIR57 NIST SP 800-30 FDA Postmarket Cybersecurity G. FDA Cybersecurity for … OTS G. FDA Wireless Medical Devices G. FDA Premarket Cybersecurity G. NIST Framework for Improving Critical Infrastructure Cybersecurity IEC TIR 80001-2-2 IEC TR 80001-2-1 The existing medical device guidance for security is complex, but insufficiently detailed Legal: Regulatory compliance is mandatory
© Zühlke 2019Slide 18 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Security and safety mgmt. are based on the same process but with different perspectives Safety risk management plan Safety risk analysis Safety risk evaluation Safety risk control Evaluation of residual risk Safety risk management report (Post-)Production information Security risk management plan Security risk analysis Security risk evaluation Security risk control Evaluation of residual risk Security risk management report (Post-)Production information Legal: AAMI TIR57 offers a high-level best practise
© Zühlke 2019Slide 19 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Assets: Definition of the most sensitive information on a medical device Project: Our cybersecurity management approach • Patient information • Core functions (e.g. measurements, drug application, alarms) • Core IP (e.g. machine learning models) Assets Threat & threat analysis Security objectives
© Zühlke 2019Slide 20 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Threats: Identification of attacking personas, their motivation and resulting threats Thief: Profit-driven theft Assets Threat & threat analysis Security objectives Spy: Observe users Saboteur: Reduce availability Mercenary: Machine hijacking Extortionist: Blackmailing Project: Our cybersecurity management approach
© Zühlke 2019Slide 21 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Security objectives: Specific actions on system and environment level Project: Our cybersecurity management approach Assets Threat & threat analysis Security objectives System objectives: • Data encryption & anonymization • Layered access control concepts Environment objectives: • Network encryption • System diversity (Windows + Linux) • Redundant systems
© Zühlke 2019Slide 22 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Source: https://hpi.de/pressemitteilungen/2016/die-top-ten-deutscher-passwoerter.html Can you describe your first date with these words?  Personal: Avoid the top 10 used passwords in Germany 6. qwertz 7. arschloch 8. schatz 9. hallo1 10.ficken 1. hallo_ 2. passwort 3. hallo123 4. schalke04 5. passwort1
© Zühlke 2019Slide 23 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Successful with a strategic, balanced approach between convenience and security Our 5 key learnings to develop secure medical devices Secure medical device solution Continuous management throughout life cycle Security by design and default Discrete safety and security analysis Security is a strategic business topic Regular training of the “human component”
© Zühlke 2019Slide 24 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Your Partner for Digital Business Innovation Dr. Stefan Weiss Business Innovation Consultant Pharma & Medtech +49 6196 777 54 426 Stefan.Weiss@zuehlke.com

Recomendados

Return to office post covid 19
Return to office post covid 19Return to office post covid 19
Return to office post covid 19Denise Bailey
 
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Quarles & Brady
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoGlen Koskela
 
Andy-Bridden-IoMT-Canterburyv1.pptx
Andy-Bridden-IoMT-Canterburyv1.pptxAndy-Bridden-IoMT-Canterburyv1.pptx
Andy-Bridden-IoMT-Canterburyv1.pptxsafsda1
 
How Vulnerable Is Your Industry to Cyber Crime?
How Vulnerable Is Your Industry to Cyber Crime?How Vulnerable Is Your Industry to Cyber Crime?
How Vulnerable Is Your Industry to Cyber Crime?David Hunt
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 

Recomendados

Return to office post covid 19
Return to office post covid 19Return to office post covid 19
Return to office post covid 19Denise Bailey
 
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Quarles & Brady
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoGlen Koskela
 
Andy-Bridden-IoMT-Canterburyv1.pptx
Andy-Bridden-IoMT-Canterburyv1.pptxAndy-Bridden-IoMT-Canterburyv1.pptx
Andy-Bridden-IoMT-Canterburyv1.pptxsafsda1
 
How Vulnerable Is Your Industry to Cyber Crime?
How Vulnerable Is Your Industry to Cyber Crime?How Vulnerable Is Your Industry to Cyber Crime?
How Vulnerable Is Your Industry to Cyber Crime?David Hunt
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
Security economics
Security economicsSecurity economics
Security economicsYansi Keim
 
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
 
B'IMPRESS: References in Health & MedTech _v2312
B'IMPRESS: References in Health & MedTech _v2312B'IMPRESS: References in Health & MedTech _v2312
B'IMPRESS: References in Health & MedTech _v2312BIMPRESS
 
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...SG Analytics
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxMarket iT
 
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...Insight
 
Digital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyDigital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyPaul Gulbin
 
CFS November
CFS NovemberCFS November
CFS NovemberAndrew Tang, CISSP
 
Post covid 19 era new age of cyber security
Post covid 19 era new age of cyber securityPost covid 19 era new age of cyber security
Post covid 19 era new age of cyber securityIgnitec Inc
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
Data Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementData Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementClinosolIndia
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 
Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Adrian Boucek
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Larry Levine
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Data Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPData Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPJoseph Lopez, M.ISM
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcareJUGAL GANDHI
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...CBIZ, Inc.
 
From stars to road – Realizing voice-controlled medical chatbots
From stars to road – Realizing voice-controlled medical chatbotsFrom stars to road – Realizing voice-controlled medical chatbots
From stars to road – Realizing voice-controlled medical chatbotsZühlke
 
Digitalization in pharma Handout
Digitalization in pharma HandoutDigitalization in pharma Handout
Digitalization in pharma HandoutZühlke
 

Más contenido relacionado

Similar a Cybersecurity in Smart Medical Devices

Security economics
Security economicsSecurity economics
Security economicsYansi Keim
 
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
 
B'IMPRESS: References in Health & MedTech _v2312
B'IMPRESS: References in Health & MedTech _v2312B'IMPRESS: References in Health & MedTech _v2312
B'IMPRESS: References in Health & MedTech _v2312BIMPRESS
 
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...SG Analytics
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxMarket iT
 
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...Insight
 
Digital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyDigital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyPaul Gulbin
 
Post covid 19 era new age of cyber security
Post covid 19 era new age of cyber securityPost covid 19 era new age of cyber security
Post covid 19 era new age of cyber securityIgnitec Inc
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Data Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementData Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementClinosolIndia
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 
Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Adrian Boucek
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Larry Levine
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Data Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPData Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPJoseph Lopez, M.ISM
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcareJUGAL GANDHI
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...CBIZ, Inc.
 

Similar a Cybersecurity in Smart Medical Devices (20)

Security economics
Security economicsSecurity economics
Security economics
 
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
 
B'IMPRESS: References in Health & MedTech _v2312
B'IMPRESS: References in Health & MedTech _v2312B'IMPRESS: References in Health & MedTech _v2312
B'IMPRESS: References in Health & MedTech _v2312
 
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicaux
 
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
An Ounce of Prevention: How Healthcare Organizations Can Stop Cybercrime in I...
 
Digital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyDigital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences July
 
CFS November
CFS NovemberCFS November
CFS November
 
Post covid 19 era new age of cyber security
Post covid 19 era new age of cyber securityPost covid 19 era new age of cyber security
Post covid 19 era new age of cyber security
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Cyber
Cyber Cyber
Cyber
 
Data Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementData Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data Management
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
 
Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Print Security - Are Business Complacent?
Print Security - Are Business Complacent?
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Data Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPData Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEP
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcare
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
 

Más de Zühlke

From stars to road – Realizing voice-controlled medical chatbots
From stars to road – Realizing voice-controlled medical chatbotsFrom stars to road – Realizing voice-controlled medical chatbots
From stars to road – Realizing voice-controlled medical chatbotsZühlke
 
Digitalization in pharma Handout
Digitalization in pharma HandoutDigitalization in pharma Handout
Digitalization in pharma HandoutZühlke
 
A digital tsunami is on its way. Either you surf it or you are possibly going...
A digital tsunami is on its way. Either you surf it or you are possibly going...A digital tsunami is on its way. Either you surf it or you are possibly going...
A digital tsunami is on its way. Either you surf it or you are possibly going...Zühlke
 
Über den Nutzen eines Unternehmensökosystems in einer vernetzten Welt
Über den Nutzen eines Unternehmensökosystems in einer vernetzten WeltÜber den Nutzen eines Unternehmensökosystems in einer vernetzten Welt
Über den Nutzen eines Unternehmensökosystems in einer vernetzten WeltZühlke
 
Augmented reality as next UI Challenge
Augmented reality as next UI ChallengeAugmented reality as next UI Challenge
Augmented reality as next UI ChallengeZühlke
 
Die naechste Welle der Digitalisierung
Die naechste Welle der DigitalisierungDie naechste Welle der Digitalisierung
Die naechste Welle der DigitalisierungZühlke
 

Más de Zühlke (6)

From stars to road – Realizing voice-controlled medical chatbots
From stars to road – Realizing voice-controlled medical chatbotsFrom stars to road – Realizing voice-controlled medical chatbots
From stars to road – Realizing voice-controlled medical chatbots
 
Digitalization in pharma Handout
Digitalization in pharma HandoutDigitalization in pharma Handout
Digitalization in pharma Handout
 
A digital tsunami is on its way. Either you surf it or you are possibly going...
A digital tsunami is on its way. Either you surf it or you are possibly going...A digital tsunami is on its way. Either you surf it or you are possibly going...
A digital tsunami is on its way. Either you surf it or you are possibly going...
 
Über den Nutzen eines Unternehmensökosystems in einer vernetzten Welt
Über den Nutzen eines Unternehmensökosystems in einer vernetzten WeltÜber den Nutzen eines Unternehmensökosystems in einer vernetzten Welt
Über den Nutzen eines Unternehmensökosystems in einer vernetzten Welt
 
Augmented reality as next UI Challenge
Augmented reality as next UI ChallengeAugmented reality as next UI Challenge
Augmented reality as next UI Challenge
 
Die naechste Welle der Digitalisierung
Die naechste Welle der DigitalisierungDie naechste Welle der Digitalisierung
Die naechste Welle der Digitalisierung
 

Último

Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort ServiceCall Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Servicenarwatsonia7
 
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service GoaRussian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goanarwatsonia7
 
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...ggsonu500
 
Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...
Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...
Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...Era University , Lucknow
 
Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...sandeepkumar69420
 
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...narwatsonia7
 
Russian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment Booking
Russian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment BookingRussian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment Booking
Russian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdfSARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdfDolisha Warbi
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949ps5894268
 
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...satishsharma69855
 
Call Girls Ghaziabad 9999965857 Cheap and Best with original Photos
Call Girls Ghaziabad 9999965857 Cheap and Best with original PhotosCall Girls Ghaziabad 9999965857 Cheap and Best with original Photos
Call Girls Ghaziabad 9999965857 Cheap and Best with original Photosparshadkalavatidevi7
 
Russian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availableRussian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availablesandeepkumar69420
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...ggsonu500
 
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbersHi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbersnarwatsonia7
 
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment BookingModels Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...sandeepkumar69420
 
College Call Girls Mumbai Alia 9910780858 Independent Escort Service Mumbai
College Call Girls Mumbai Alia 9910780858 Independent Escort Service MumbaiCollege Call Girls Mumbai Alia 9910780858 Independent Escort Service Mumbai
College Call Girls Mumbai Alia 9910780858 Independent Escort Service Mumbaisonalikaur4
 
Call Girls in Adil Nagar 7001305949 Free Delivery at Your Door Model
Call Girls in Adil Nagar 7001305949 Free Delivery at Your Door ModelCall Girls in Adil Nagar 7001305949 Free Delivery at Your Door Model
Call Girls in Adil Nagar 7001305949 Free Delivery at Your Door ModelCall Girls Lucknow
 

Último (20)

Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort ServiceCall Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
Call Girls Hsr Layout Whatsapp 7001305949 Independent Escort Service
 
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service GoaRussian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
 
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
Gurgaon DLF Phase 5 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Fe...
 
Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...
Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...
Disaster Management Cycle (DMC)| Ms. Pooja Sharma , Department of Hospital A...
 
Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Ajmeri Gate | 9711199171 | High Profile -New Model -Availa...
 
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
Call Girls Nandini Layout - 7001305949 Escorts Service with Real Photos and M...
 
Russian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment Booking
Russian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment BookingRussian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment Booking
Russian Call Girls Sadashivanagar | 7001305949 At Low Cost Cash Payment Booking
 
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdfSARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
SARS (SEVERE ACUTE RESPIRATORY SYNDROME).pdf
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949
 
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
 
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Delhi Cantt | 9711199171 | High Profile -New Model -Availa...
 
Call Girls Ghaziabad 9999965857 Cheap and Best with original Photos
Call Girls Ghaziabad 9999965857 Cheap and Best with original PhotosCall Girls Ghaziabad 9999965857 Cheap and Best with original Photos
Call Girls Ghaziabad 9999965857 Cheap and Best with original Photos
 
Russian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availableRussian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service available
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
 
Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 68 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
 
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbersHi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
Hi,Fi Call Girl In Marathahalli - 7001305949 with real photos and phone numbers
 
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment BookingModels Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
 
Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...
Russian Call Girls Mohan Nagar | 9711199171 | High Profile -New Model -Availa...
 
College Call Girls Mumbai Alia 9910780858 Independent Escort Service Mumbai
College Call Girls Mumbai Alia 9910780858 Independent Escort Service MumbaiCollege Call Girls Mumbai Alia 9910780858 Independent Escort Service Mumbai
College Call Girls Mumbai Alia 9910780858 Independent Escort Service Mumbai
 
Call Girls in Adil Nagar 7001305949 Free Delivery at Your Door Model
Call Girls in Adil Nagar 7001305949 Free Delivery at Your Door ModelCall Girls in Adil Nagar 7001305949 Free Delivery at Your Door Model
Call Girls in Adil Nagar 7001305949 Free Delivery at Your Door Model
 

Cybersecurity in Smart Medical Devices

  • 1. © Zühlke 2019Slide 1 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Cybersecurity in smart medical devices – Key learnings from the medical device service provider perspective
  • 2. © Zühlke 2019Slide 2 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke EHRs are traded for up to $1000 – it is the most comprehensive identity record What is the dark net price of your data? EHR: Electronic health record Source: Adapted from https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/ Fake MBA degree $100 - $400$5 Credit Card with CVV up to $1000 Electronic Health Record up to $2000 US passport
  • 3. © Zühlke 2019Slide 3 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Cybersecurity
  • 4. © Zühlke 2019Slide 4 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Cybersecurity is a fundamental dimension of medical device development and maintenance What is cybersecurity? Privacy How to protect my health information? Safety How to protect my health and the environment from injury? Cybersecurity How to protect medical devices from being manipulated?
  • 5. © Zühlke 2019Slide 5 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Why do we need better cybersecurity for medical devices?
  • 6. © Zühlke 2019Slide 6 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Innovative, digital products and services also for healthy people drive market growth Medical devices become a prominent part of our daily lives Digital innovation 20% 0% 40% 100% 60% 80% 2023 31B € 2017 2028 100% 11B € 20B € Digital products and services revenue on total German medical device market CAGR: +16% SaMD: Software as a medical device SaMD Source: Adapted from Roland Berger – Gesundheit 4.0, 2018
  • 7. © Zühlke 2019Slide 7 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Connectivity and standardization are shaping development Big data from new devices require cloud-based analytics Source: Philipps Medical devices become connected by default Standardized software platforms are used Mobile Apps become essential part of a medical device system
  • 8. © Zühlke 2019Slide 8 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Numerous stakeholders can access our EHRs and medical device information Our health data is aggregated on platforms EHR Vaccination certificates Medical reports Appointments Emergency passport Laboratory values Medication pass Patient’s devices Echocardiography / radiographs Source: Adapted from McKinsey - Digitizing healthcare – opportunities for Germany, 2018
  • 9. © Zühlke 2019Slide 9 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Healthcare cyberattacks cause the highest costs per stolen data set across industries Medical cyberattacks rise and cause high financial damage 365 0 50 100 150 200 250 300 350 400 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 $408 $206 $181 $174 $170 $167 Financial Health Services Pharmaceutical Technology Energy Average costs per stolen data setUS health breaches Anthem Inc.: >80M stolen data sets Source: IBM & Ponemon Cost of a Data Breach Report, 2018Source: Adapted from HIPAA Journal Healthcare Data Breach Statistics, 2018
  • 10. © Zühlke 2019Slide 10 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Ransomware causes high damage also in clinics, without needing a direct internet connection Example 1: WannaCry - Medical device security in hospitals • Unpatched Windows Systems • > 200 countries, 48 hospital trusts affected • Devices included: • MRI Control Stations • Blood storage refrigerators • 19,000 cancelled appointments • £92m overall costs for the NHS Source: Adapted from https://www.forbes.com/sites/thomasbrewster/2017/05/17/wannacry-ransomware-hit-real-medical-devices/
  • 11. © Zühlke 2019Slide 11 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke • Leaky wireless protocols and lack of authentication • Affected devices include: • Heart defibrillators • Pacemaker • Insulin pumps • More than 750.000 affected devices A high personal threat for patients and a reputation disaster for device manufacturers Example 2: Hackable implanted medical devices
  • 12. © Zühlke 2019Slide 12 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Typical pitfalls of our customers Security is often managed like a visit to the dentist – needed but hated Management mindset Offline asset perspective Security kills usability A final wrapper will fix it Security kills agility Believed competence
  • 13. © Zühlke 2019Slide 13 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Believed competence Conscious competence Incounscious competence Incounscious incompetence Conscious incompetence Believed competence – a key pitfall Example: Security is considered during development, but not throughout the product life cycle
  • 14. © Zühlke 2019Slide 14 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | How can we achieve better cybersecurity?
  • 15. © Zühlke 2019Slide 15 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Medical device development follows cybersecurity gold standard goals CIA are the three crucial goals for cybersecurity Confidentiality attacks: • Corporate espionage • Stealing EHRs Mitigation: • Data encryption & anonymization • Access control and authentication concepts Availability attacks: • Withholding data including ransomware and DDoS attacks Mitigation: • Frequent system updates • Regular backups
  • 16. © Zühlke 2019Slide 16 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke We recommend a holistic approach considering the legal, project and personal level To achieve CIA, security has to be managed on several levels Legal Project Personal
  • 17. © Zühlke 2019Slide 17 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke ISO/IEC 29147 ISO/IEC 30111 NIST SP 800-53 NIST SP 800-37 IEC 80001-1 ISO 14971 IEC 62443-1-1 IEC 62443-2-1 IEC 62443-3-1 AAMI TIR57 NIST SP 800-30 FDA Postmarket Cybersecurity G. FDA Cybersecurity for … OTS G. FDA Wireless Medical Devices G. FDA Premarket Cybersecurity G. NIST Framework for Improving Critical Infrastructure Cybersecurity IEC TIR 80001-2-2 IEC TR 80001-2-1 The existing medical device guidance for security is complex, but insufficiently detailed Legal: Regulatory compliance is mandatory
  • 18. © Zühlke 2019Slide 18 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Security and safety mgmt. are based on the same process but with different perspectives Safety risk management plan Safety risk analysis Safety risk evaluation Safety risk control Evaluation of residual risk Safety risk management report (Post-)Production information Security risk management plan Security risk analysis Security risk evaluation Security risk control Evaluation of residual risk Security risk management report (Post-)Production information Legal: AAMI TIR57 offers a high-level best practise
  • 19. © Zühlke 2019Slide 19 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Assets: Definition of the most sensitive information on a medical device Project: Our cybersecurity management approach • Patient information • Core functions (e.g. measurements, drug application, alarms) • Core IP (e.g. machine learning models) Assets Threat & threat analysis Security objectives
  • 20. © Zühlke 2019Slide 20 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Threats: Identification of attacking personas, their motivation and resulting threats Thief: Profit-driven theft Assets Threat & threat analysis Security objectives Spy: Observe users Saboteur: Reduce availability Mercenary: Machine hijacking Extortionist: Blackmailing Project: Our cybersecurity management approach
  • 21. © Zühlke 2019Slide 21 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Security objectives: Specific actions on system and environment level Project: Our cybersecurity management approach Assets Threat & threat analysis Security objectives System objectives: • Data encryption & anonymization • Layered access control concepts Environment objectives: • Network encryption • System diversity (Windows + Linux) • Redundant systems
  • 22. © Zühlke 2019Slide 22 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Source: https://hpi.de/pressemitteilungen/2016/die-top-ten-deutscher-passwoerter.html Can you describe your first date with these words?  Personal: Avoid the top 10 used passwords in Germany 6. qwertz 7. arschloch 8. schatz 9. hallo1 10.ficken 1. hallo_ 2. passwort 3. hallo123 4. schalke04 5. passwort1
  • 23. © Zühlke 2019Slide 23 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke © Zühlke Successful with a strategic, balanced approach between convenience and security Our 5 key learnings to develop secure medical devices Secure medical device solution Continuous management throughout life cycle Security by design and default Discrete safety and security analysis Security is a strategic business topic Regular training of the “human component”
  • 24. © Zühlke 2019Slide 24 |Cybersecurity in smart medical devices | Dr. Stefan Weiss03 August 2019 Public | Your Partner for Digital Business Innovation Dr. Stefan Weiss Business Innovation Consultant Pharma & Medtech +49 6196 777 54 426 Stefan.Weiss@zuehlke.com