Connected Medical Devices

Similar documents
European Union Agency for Network and Information Security

FDA & Medical Device Cybersecurity

Internet of Things Toolkit for Small and Medium Businesses

Secure Product Design Lifecycle for Connected Vehicles

INTERNET OF THINGS. Presented By Erin Bosman & Julie Park, Morrison & Foerster LLP ACC 14th ANNUAL GC ROUNDTABLE AND ALL DAY MCLE

LBI Public Information. Please consider the impact to the environment before printing this.

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018

HIPAA Security and Privacy Policies & Procedures

HIPAA-HITECH: Privacy & Security Updates for 2015

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

The Twenty- Sixth National HIPAA Summit. HIPAA Summit Day II Morning Plenary Session: HIPAA Security

2015 HFMA What Healthcare Can Learn from the Banking Industry

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210

Designated Cyber Security Protection Solution for Medical Devices

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

The Internet of Things. Presenter: John Balk

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

Webcast title in Verdana Regular

Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim. Michael Overly and Chanley Howell.

Security and Privacy Governance Program Guidelines

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Cybersecurity and Data Protection Developments

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Managing Cybersecurity Risk

Cybersecurity Auditing in an Unsecure World

EU General Data Protection Regulation (GDPR) Achieving compliance

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Avanade s Approach to Client Data Protection

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Professor Christoph Thuemmler, PhD Edinburgh Napier University School of Computing 06. NOV 2017 C.Thuemmler, DET ETISKE RÅD

2018 THALES DATA THREAT REPORT

CYBER SECURITY AIR TRANSPORT IT SUMMIT

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

The simplified guide to. HIPAA compliance

14th AMC Security & Privacy Conference June 12, 2018

CIPT Certified Information Privacy Technologist

All Aboard the HIPAA Omnibus An Auditor s Perspective

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

mhealth SECURITY: STATS AND SOLUTIONS

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

HIPAA Compliance is not a Cybersecurity Strategy

Cyber Risk and Networked Medical Devices

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

HIPAA Compliance & Privacy What You Need to Know Now

IoT and Smart Infrastructure efforts in ENISA

Accelerate GDPR compliance with the Microsoft Cloud

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

and Privacy HIPAA-Compliance Checklist

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Medical Device Vulnerability Management

Cloud Communications for Healthcare

Executive Insights. Protecting data, securing systems

The Next Frontier in Medical Device Security

Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

CYBER SECURITY AND MITIGATING RISKS

Security Audit What Why

Healthcare HIPAA and Cybersecurity Update

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Medical Device Cybersecurity: FDA Perspective

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites

National Institute of Standards and Technology

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

The ABCs of HIPAA Security

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

Not Just Another Day of HIPAA

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance

Cybersecurity and Nonprofit

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

Layer Security White Paper

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Secure HIPAA Compliant Cloud Computing

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Copyright 2018 by Boston Scientific, Inc.. Permission granted to INCOSE to publish and use. #hwgsec

The Etihad Journey to a Secure Cloud

for the Dental Industry

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

The HUMANE roadmaps towards future human-machine networks Oxford, UK 21 March 2017

Defensible and Beyond

The New Healthcare Economy is rising up

building a security culture to counter emerging cybersecurity threats

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

HIPAA & Privacy Compliance Update

Transcription:

Connected Medical Devices How to Reduce Risks Inherent in an Internet of Things that Can Help or Harm Laura Clark Fey, Esq., Principal, Fey LLC Agenda Overview of the Internet of Things for Healthcare lh How the Internet of Things Can Help or Harm Current Regulatory Environment for Connected Medical Devices Tips to Reduce Internet of Things Risks 2 1

OVERVIEW OF THE INTERNET OF THINGS FOR HEALTHCARE 3 What is the IoT? The Internet of Things (IoT) refers to any object or device that connects to the Internet to automatically send and receive data Definitions What is an IoT Device? A device that is: Aware (gathers information using sensors) Autonomous (automatically transmits information to other machines when certain conditions met) Actionable (interfaces with cloud applications to use the collected data) 4 2

IoT Examples Medical Device Examples Include: Heart Monitors Blood Sugar Monitors Pacemakers Gartner predicts Insulin Pumps that by 2020, there will be over 26 billion connected devices in the IoT Asthma Inhalers Thermometers Wheelchairs Other Types of Connected Devices Include: Cell Phones Coffee Makers Washing Machines Headphones Lamps Baby Monitors Thermostats Cars 5 Categories of IoT Medical Devices Consumer-Based (e.g., fitness tracking devices) Wearable, External Devices (e.g., insulin pumps) Internally Embedded d Devices (e.g., pacemakers) Stationary Devices (e.g., IV pumps, homemonitoring devices) 6 3

Areas of Healthcare into which IoT is Integrated Patient monitoring i and diagnostics i Information and data transfer, storage, and collaboration Intelligent healthcare devices and tools Connected emergency units, response vehicles, and hospitals 7 HOW THE INTERNET OF THINGS CAN HELP OR HARM 8 4

Healthcare Benefits of IoT Improved patient monitoring, patient engagement, and patient care Improved understanding of diseases, disease risk factors, and treatment options Improved operational efficiency Reduced healthcare costs 9 Potential Harm: Security Concerns with Healthcare IoT Significant ifi Patient Safety Sf Risks: ik Hackers could potentially disrupt devices (e.g., pacemakers), and cause serious injury or death Insecure, Outdated Devices: Devices become more vulnerable over time with no easy update process Increased Surface Areas for Attack: Remote services and functions that are part of IoT can be used to breach other systems 10 5

Potential Harm: Privacy Concerns with Healthcare IoT Notice/Consent: IoT devices, often small and operating in the background, create new challenges for notice and consent Ability to Use Data for Variety of Purposes: Data collected for medical purposes can be easily repurposed for marketing or other purposes Perceived Privacy Loss: Consumers may be creeped out by surveillance capabilities of IoT 11 CURRENT REGULATORY ENVIRONMENT FOR CONNECTED MEDICAL DEVICES 12 6

Overview of Regulations Governing Connected Medical Devices FDA Safety Regulations Protected Health Information Privacy and Security Regulations Children s Online Privacy Protection Act Federal and State Data Privacy and Security Regulations 13 TIPS TO REDUCE INTERNET OF THINGS RISKS 14 7

Top 5 Tips for Healthcare Organizations to Implement IoT Governance Collaborate with IT, information security, legal, compliance, and business units Leverage existing privacy and security governance, management, and operations for IoT use cases Designate IoT experts to aid business units in technology selection, risk assessment, and planning Develop business case, and obtain additional i funding for information security Incorporate IoT considerations into security incident response plan 15 Top 5 Tips for Healthcare Organizations to Select Secure IoT Technology Evaluate security requirements for incoming i technologies in context of IoT ecosystem Perform due diligence, including review of vendor privacy and security practices Build privacy and security requirements into vendor contracts Require annual audit reports All else being equal, prefer newer technology from wellestablished vendors 16 8

Additional Tips for Healthcare Organizations to Implement IoT Security and Privacy Address network security Use strong passwords Require encryption in transit and at rest Keep devices updated dtd Provide notice to patients/users regarding use and disclosure of PHI 17 FTC IoT Security Recommendations Security by Design Culture of Security Third Party Service Providers Defense in Depth Strategy AccessControl Measures Monitor Products Data Minimization 18 9

Top 10 Security Tips for Manufacturers and Developers Implement security by default df Take security by design approach Analyze risks and mitigation strategies Develop and implement secure update process Mandate secure authentication practices 19 Top 10 Security Tips for Manufacturers and Developers Develop secure web, cloud, and mobile interfaces Implement encryption for data in transit and at rest Design and manufacture physically secure devices Ensure sufficient security configurability Implement strong organizational and service provider security practices 20 10

Top 5 Privacy Tips for Manufacturers and Developers Dt Determine legal lrequirements for privacy and security that apply to your target market Develop compliant privacy policy, and enforce it Provide choice to users before collecting and using personal data Anonymize and de identify data Consider data minimization, where practical 21 Any questions? 22 11

Thank you for attending! Laura Clark Fey, Esq., CIPP/US, CIPP/E, CIPM Principal, Fey LLC E Mail: lfey@feyllc.com Direct: 913.948.6301 Mobile: 816.518.6554 23 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback