Connected Medical Devices

Size: px
Start display at page:

Download "Connected Medical Devices"

Transcription

1 Connected Medical Devices How to Reduce Risks Inherent in an Internet of Things that Can Help or Harm Laura Clark Fey, Esq., Principal, Fey LLC Agenda Overview of the Internet of Things for Healthcare lh How the Internet of Things Can Help or Harm Current Regulatory Environment for Connected Medical Devices Tips to Reduce Internet of Things Risks 2 1

2 OVERVIEW OF THE INTERNET OF THINGS FOR HEALTHCARE 3 What is the IoT? The Internet of Things (IoT) refers to any object or device that connects to the Internet to automatically send and receive data Definitions What is an IoT Device? A device that is: Aware (gathers information using sensors) Autonomous (automatically transmits information to other machines when certain conditions met) Actionable (interfaces with cloud applications to use the collected data) 4 2

3 IoT Examples Medical Device Examples Include: Heart Monitors Blood Sugar Monitors Pacemakers Gartner predicts Insulin Pumps that by 2020, there will be over 26 billion connected devices in the IoT Asthma Inhalers Thermometers Wheelchairs Other Types of Connected Devices Include: Cell Phones Coffee Makers Washing Machines Headphones Lamps Baby Monitors Thermostats Cars 5 Categories of IoT Medical Devices Consumer-Based (e.g., fitness tracking devices) Wearable, External Devices (e.g., insulin pumps) Internally Embedded d Devices (e.g., pacemakers) Stationary Devices (e.g., IV pumps, homemonitoring devices) 6 3

4 Areas of Healthcare into which IoT is Integrated Patient monitoring i and diagnostics i Information and data transfer, storage, and collaboration Intelligent healthcare devices and tools Connected emergency units, response vehicles, and hospitals 7 HOW THE INTERNET OF THINGS CAN HELP OR HARM 8 4

5 Healthcare Benefits of IoT Improved patient monitoring, patient engagement, and patient care Improved understanding of diseases, disease risk factors, and treatment options Improved operational efficiency Reduced healthcare costs 9 Potential Harm: Security Concerns with Healthcare IoT Significant ifi Patient Safety Sf Risks: ik Hackers could potentially disrupt devices (e.g., pacemakers), and cause serious injury or death Insecure, Outdated Devices: Devices become more vulnerable over time with no easy update process Increased Surface Areas for Attack: Remote services and functions that are part of IoT can be used to breach other systems 10 5

6 Potential Harm: Privacy Concerns with Healthcare IoT Notice/Consent: IoT devices, often small and operating in the background, create new challenges for notice and consent Ability to Use Data for Variety of Purposes: Data collected for medical purposes can be easily repurposed for marketing or other purposes Perceived Privacy Loss: Consumers may be creeped out by surveillance capabilities of IoT 11 CURRENT REGULATORY ENVIRONMENT FOR CONNECTED MEDICAL DEVICES 12 6

7 Overview of Regulations Governing Connected Medical Devices FDA Safety Regulations Protected Health Information Privacy and Security Regulations Children s Online Privacy Protection Act Federal and State Data Privacy and Security Regulations 13 TIPS TO REDUCE INTERNET OF THINGS RISKS 14 7

8 Top 5 Tips for Healthcare Organizations to Implement IoT Governance Collaborate with IT, information security, legal, compliance, and business units Leverage existing privacy and security governance, management, and operations for IoT use cases Designate IoT experts to aid business units in technology selection, risk assessment, and planning Develop business case, and obtain additional i funding for information security Incorporate IoT considerations into security incident response plan 15 Top 5 Tips for Healthcare Organizations to Select Secure IoT Technology Evaluate security requirements for incoming i technologies in context of IoT ecosystem Perform due diligence, including review of vendor privacy and security practices Build privacy and security requirements into vendor contracts Require annual audit reports All else being equal, prefer newer technology from wellestablished vendors 16 8

9 Additional Tips for Healthcare Organizations to Implement IoT Security and Privacy Address network security Use strong passwords Require encryption in transit and at rest Keep devices updated dtd Provide notice to patients/users regarding use and disclosure of PHI 17 FTC IoT Security Recommendations Security by Design Culture of Security Third Party Service Providers Defense in Depth Strategy AccessControl Measures Monitor Products Data Minimization 18 9

10 Top 10 Security Tips for Manufacturers and Developers Implement security by default df Take security by design approach Analyze risks and mitigation strategies Develop and implement secure update process Mandate secure authentication practices 19 Top 10 Security Tips for Manufacturers and Developers Develop secure web, cloud, and mobile interfaces Implement encryption for data in transit and at rest Design and manufacture physically secure devices Ensure sufficient security configurability Implement strong organizational and service provider security practices 20 10

11 Top 5 Privacy Tips for Manufacturers and Developers Dt Determine legal lrequirements for privacy and security that apply to your target market Develop compliant privacy policy, and enforce it Provide choice to users before collecting and using personal data Anonymize and de identify data Consider data minimization, where practical 21 Any questions? 22 11

12 Thank you for attending! Laura Clark Fey, Esq., CIPP/US, CIPP/E, CIPM Principal, Fey LLC E Mail: lfey@feyllc.com Direct: Mobile:

European Union Agency for Network and Information Security

European Union Agency for Network and Information Security Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency

More information

FDA & Medical Device Cybersecurity

FDA & Medical Device Cybersecurity FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

Secure Product Design Lifecycle for Connected Vehicles

Secure Product Design Lifecycle for Connected Vehicles Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards

More information

INTERNET OF THINGS. Presented By Erin Bosman & Julie Park, Morrison & Foerster LLP ACC 14th ANNUAL GC ROUNDTABLE AND ALL DAY MCLE

INTERNET OF THINGS. Presented By Erin Bosman & Julie Park, Morrison & Foerster LLP ACC 14th ANNUAL GC ROUNDTABLE AND ALL DAY MCLE Friday, January 27 th, 2017 INTERNET OF THINGS Presented By Erin Bosman & Julie Park, Morrison & Foerster LLP ACC 14th ANNUAL GC ROUNDTABLE AND ALL DAY MCLE This Talk s Objectives What is the Internet

More information

LBI Public Information. Please consider the impact to the environment before printing this.

LBI Public Information. Please consider the impact to the environment before printing this. LBI Public Information. Please consider the impact to the environment before printing this. DGPC Framework People Executive management commitment Engaged management team Integrated governance organization

More information

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH MEDICAL DEVICE CYBERSECURITY: FDA APPROACH CYBERMED SUMMIT JUNE 9TH, 2017 SUZANNE B. SCHWARTZ, MD, MBA ASSOCIATE DIRECTOR FOR SCIENCE & STRATEGIC PARTNERSHIPS CENTER FOR DEVICES AND RADIOLOGICAL HEALTH

More information

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

Legal Issues Surrounding the Internet of Things and Other Emerging Technology Legal Issues Surrounding the Internet of Things and Other Emerging Technology ACC Houston Chapter Meeting September 12, 2017 Jonathan Ishee Vorys Sater Seymour and Pease, LLP Dean Fisher RigNet Overview

More information

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne Schwartz, Assoc. Dir., CDRH, FDA Denise Anderson, MBA, President,

More information

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018 Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA-HITECH: Privacy & Security Updates for 2015 South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site

More information

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, 2017 14TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS 1 Fact vs. Myth Let s Play: Fact vs. Myth The FDA is the federal entity

More information

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities

More information

The Twenty- Sixth National HIPAA Summit. HIPAA Summit Day II Morning Plenary Session: HIPAA Security

The Twenty- Sixth National HIPAA Summit. HIPAA Summit Day II Morning Plenary Session: HIPAA Security The Twenty- Sixth National HIPAA Summit HIPAA Summit Day II Morning Plenary Session: HIPAA Security March 30, 2017 John Parmigiani Summit Co-Chair President John C. Parmigiani & Associates, LLC Agenda

More information

2015 HFMA What Healthcare Can Learn from the Banking Industry

2015 HFMA What Healthcare Can Learn from the Banking Industry 2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical

More information

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210 12. Mobile Devices and the Internet of Things Blase Ur, May 3 rd, 2017 CMSC 23210 / 33210 1 Today s class Security and privacy for: mobile devices the IoT safety-critical devices Discuss midterm 2 Mobile

More information

Designated Cyber Security Protection Solution for Medical Devices

Designated Cyber Security Protection Solution for Medical Devices Designated Cyber Security Protection Solution for Medical s The Challenge Types of Cyber Attacks Against In recent years, cyber threats have become Medical s increasingly sophisticated in terms of attack

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

The Internet of Things. Presenter: John Balk

The Internet of Things. Presenter: John Balk The Internet of Things Presenter: John Balk Internet of Things What is IoT? IoT Data / Predictions IoT Players Cyber Threats Why is it Important to You? 2 What is IoT? Linking smart objects to the Internet

More information

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved. Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations

More information

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY SEPTEMBER 11 13, 2017 BOSTON, MA REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY HealthcareSecurityForum.com/Boston/2017 #HITsecurity Brian Selfridge Partner, Meditology Services https://www.meditologyservices.com/

More information

Webcast title in Verdana Regular

Webcast title in Verdana Regular Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell

More information

Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim. Michael Overly and Chanley Howell.

Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim. Michael Overly and Chanley Howell. Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim Michael Overly and Chanley Howell February 29, 2016 Attorney Advertising Prior results do not guarantee a similar

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11 AUDITING ROBOTICS AND THE INTERNET OF THINGS (IOT) APRIL 9, 2018 PRESENTERS Kara Nagel Manager, Information Security Accenture Ryan Hopkins Assistant Director, Internal Audit Services Packaging Corp. of

More information

Cybersecurity and Data Protection Developments

Cybersecurity and Data Protection Developments Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB

More information

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

Managing Cybersecurity Risk

Managing Cybersecurity Risk Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health 1 Speaker Introduction Tom Stafford, Vice President & CIO Education: Bachelors

More information

Avanade s Approach to Client Data Protection

Avanade s Approach to Client Data Protection White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Professor Christoph Thuemmler, PhD Edinburgh Napier University School of Computing 06. NOV 2017 C.Thuemmler, DET ETISKE RÅD

Professor Christoph Thuemmler, PhD Edinburgh Napier University School of Computing 06. NOV 2017 C.Thuemmler, DET ETISKE RÅD What role will wearables play in future healthcare? Professor Christoph Thuemmler, PhD Edinburgh Napier University School of Computing c.thuemmler@napier.ac.uk 06. NOV 2017 C.Thuemmler, DET ETISKE RÅD

More information

2018 THALES DATA THREAT REPORT

2018 THALES DATA THREAT REPORT 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. HEALTHCARE EDITION www.thales-esecurity.com 2018 THALES DATA THREAT REPORT NOW IN ITS SIXTH YEAR SWEDEN NETHERLANDS U.S. U.K.

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches

More information

The simplified guide to. HIPAA compliance

The simplified guide to. HIPAA compliance The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act

More information

14th AMC Security & Privacy Conference June 12, 2018

14th AMC Security & Privacy Conference June 12, 2018 Emerging Security & Privacy Issues Arising From the Proliferation of Devices in the Health Care Workplace 14th AMC Security & Privacy Conference June 12, 2018 SPEAKERS 2 Robert C. Van Arnam Partner & Chair,

More information

CIPT Certified Information Privacy Technologist

CIPT Certified Information Privacy Technologist CIPT Certified Information Privacy Technologist Course Description SecureNinja s IAPP CIPT (2) two day training and certification boot camp in Washington DC, San Diego, CA and Live Online provides a foundational

More information

All Aboard the HIPAA Omnibus An Auditor s Perspective

All Aboard the HIPAA Omnibus An Auditor s Perspective All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

mhealth SECURITY: STATS AND SOLUTIONS

mhealth SECURITY: STATS AND SOLUTIONS mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported

More information

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created

More information

HIPAA Compliance is not a Cybersecurity Strategy

HIPAA Compliance is not a Cybersecurity Strategy HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft

More information

Cyber Risk and Networked Medical Devices

Cyber Risk and Networked Medical Devices Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with

More information

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

HIPAA Compliance & Privacy What You Need to Know Now

HIPAA  Compliance & Privacy What You Need to Know Now HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry

More information

IoT and Smart Infrastructure efforts in ENISA

IoT and Smart Infrastructure efforts in ENISA IoT and Smart Infrastructure efforts in ENISA Dr. Dan Tofan IoT workshop BEREC 01.02.2017, Brussels European Union Agency for Network and Information Security Everything becomes connected Manufacturers

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP

More information

and Privacy HIPAA-Compliance Checklist

and Privacy HIPAA-Compliance Checklist Email and Privacy HIPAA-Compliance Checklist TBHI Checklist Copyright 2017 Telebehavioral Health Institute All rights reserved. Telebehavioral Health Institute www.telehealth.org No part of this publication

More information

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within

More information

Medical Device Vulnerability Management

Medical Device Vulnerability Management Medical Device Vulnerability Management MDISS / NH-ISAC Process Draft Dale Nordenberg, MD June 2015 Market-based public health: collaborative acceleration Objectives Define a trusted and repeatable process

More information

Cloud Communications for Healthcare

Cloud Communications for Healthcare Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization

More information

Executive Insights. Protecting data, securing systems

Executive Insights. Protecting data, securing systems Executive Insights Protecting data, securing systems February 2018 Protecting data, securing systems Product and information security is a combination of education, policies and procedures, physical security

More information

The Next Frontier in Medical Device Security

The Next Frontier in Medical Device Security The Next Frontier in Medical Device Security Session #76, February 21, 2017 Denise Anderson, President, NH-ISAC Dr. Dale Nordenberg, Executive Director, MDISS 1 Speaker Introduction Denise Anderson, MBA

More information

Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security

More information

CYBER SECURITY AND MITIGATING RISKS

CYBER SECURITY AND MITIGATING RISKS CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY

More information

Security Audit What Why

Security Audit What Why What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,

More information

Healthcare HIPAA and Cybersecurity Update

Healthcare HIPAA and Cybersecurity Update Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity

More information

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Agenda Principal Obligations Under GDPR Key U.S. Privacy & Cybersecurity Laws E.U.

More information

Medical Device Cybersecurity: FDA Perspective

Medical Device Cybersecurity: FDA Perspective Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological

More information

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into

More information

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association

More information

EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites

EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR For Viewer Sites Agenda 1 Introduction and EHR Security Policies Background 2 EHR Security Policy Overview 3 EHR Security Policy Assessment

More information

National Institute of Standards and Technology

National Institute of Standards and Technology National Institute of Standards and Technology April 2017 1 ITL Mission ITL promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through

More information

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2.

More information

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2.

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute June 21, 2016 6/21/2016 1 1 Disclaimer

More information

The ABCs of HIPAA Security

The ABCs of HIPAA Security The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield

More information

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor, The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology 1 Speaker

More information

Not Just Another Day of HIPAA

Not Just Another Day of HIPAA Not Just Another Day of HIPAA Presented by: Patti Klingel, PhD, CPHQ, CRM, CHC Director of Corporate Compliance & Organizational Ethics United Church Homes, Inc. Disclosure I have no vested interest in

More information

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos Cloud Security Alliance, 2015 Agenda 1. Defining the IoT 2. New Challenges introduced by the IoT 3. IoT Privacy Threats

More information

Layer Security White Paper

Layer Security White Paper Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY

More information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security

More information

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips

More information

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits

More information

Secure HIPAA Compliant Cloud Computing

Secure HIPAA Compliant Cloud Computing Business White Paper Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment ClearDATA Customer Success Story

More information

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement

More information

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is

More information

Copyright 2018 by Boston Scientific, Inc.. Permission granted to INCOSE to publish and use. #hwgsec

Copyright 2018 by Boston Scientific, Inc.. Permission granted to INCOSE to publish and use. #hwgsec Balancing Safety, Security and Usability in the Design of Secure Medical Devices Ken Hoyme Director, Product Security Boston Scientific Ken.hoyme@bsci.com Copyright 2018 by Boston Scientific, Inc.. Permission

More information

The Etihad Journey to a Secure Cloud

The Etihad Journey to a Secure Cloud SESSION ID: CCS-T07 The Etihad Journey to a Secure Cloud Georges de Moura Head of Group Information Security, Risk & Compliance Etihad Aviation Group History: Before The Cloud Devolved IT Decision-Making

More information

for the Dental Industry

for the Dental Industry for the Dental Industry If you re practicing dentistry, you ll also need to be an expert on email encryption and patient privacy. Dental practices are among the fastest growing adopters of cloud email

More information

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber

More information

The HUMANE roadmaps towards future human-machine networks Oxford, UK 21 March 2017

The HUMANE roadmaps towards future human-machine networks Oxford, UK 21 March 2017 The HUMANE roadmaps towards future human-machine networks Oxford, UK 21 March 2017 Eva Jaho, ATC e.jaho@atc.gr 1 Outline HMNs Trends: How are HMNs evolving? The need for future-thinking and roadmaps of

More information

Defensible and Beyond

Defensible and Beyond TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial

More information

The New Healthcare Economy is rising up

The New Healthcare Economy is rising up The New Healthcare Economy is rising up February 2017 The ever-rising costs of healthcare are fostering innovative solutions and disruptive business models Cybersecurity concerns come to medical technology

More information

building a security culture to counter emerging cybersecurity threats

building a security culture to counter emerging cybersecurity threats Academic Medical Center Security and Privacy Conference June 2017 building a security culture to counter emerging cybersecurity threats Chuck Kesler, MBA, CISSP, CISM Chief Information Security Officer

More information

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS AGENDA SIRN / FirstNet

More information

HIPAA & Privacy Compliance Update

HIPAA & Privacy Compliance Update HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com

More information