Clinical and ICT Cybersecurity Overview and Cases A242-3

Similar documents
Clinical Engineering, ehealth, and ICT Global Overview A242-1

Designing Secure Medical Devices

Mobile-as-a-Medical-Device (Security) David Kleidermacher Chief Security Officer, BlackBerry

Copyright 2018 by Boston Scientific, Inc.. Permission granted to INCOSE to publish and use. #hwgsec

INTERNET OF THINGS. Presented By Erin Bosman & Julie Park, Morrison & Foerster LLP ACC 14th ANNUAL GC ROUNDTABLE AND ALL DAY MCLE

The Next Frontier in Medical Device Security

IEEE-SA Internet of Things - Security & Standards

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Internet of Medical Things (IoMT)

Aged Care Security Solutions. security.gallagher.com

Connected Medical Devices

PULSE TAKING THE PHYSICIAN S

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

Cybersecurity and Hospitals: A Board Perspective

FDA & Medical Device Cybersecurity

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210

Nuts-n-Bolts of Product Testing and Certification Session #112, March 7, 2018 Steven Posnack MS MHS, Dir. Office of Standards and Technology, ONC, US

INDUSTRY-LED COLLABORATION

Executive Insights. Protecting data, securing systems

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

Addressing the elephant in the operating room: a look at medical device security programs

Cyber Risk and Networked Medical Devices

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington

Integrating the Healthcare Enterprise Patient Care Devices

NARRATOR: Welcome to the RSA Conference 2016 StoryCorps. podcasts. Please enjoy this discussion between fellow

Medical Device Cybersecurity: FDA Perspective

Designated Cyber Security Protection Solution for Medical Devices

Information Governance, the Next Evolution of Privacy and Security

JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.

Securing Medical Devices Using Adaptive Testing Methodologies

Personal Cybersecurity

Securing Biomedical Devices. IT Challenges - A View from the Trenches

The Great Sensor Debate: The Truth about Smart Cities, from Success to the Dark Side of Automation

3/3/2017. Medical device security The transition from patient privacy to patient safety. Scott Erven. Who i am. What we ll be covering today

Medical device security The transition from patient privacy to patient safety

Journey to HIMSS18: Privacy, Security and Cybersecurity

Medical Device Safety in a Connected World

Clinical Segmentation done right with Avaya SDN Fx for Healthcare

14th AMC Security & Privacy Conference June 12, 2018

Effectively Meeting the Cyber Security Challenge: Strategies, Tips and Tactics

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

Addressing Cybersecurity in Infusion Devices

Modeling Factors Associated with Healthcare Data Breaches. Session #155, March 3, 2018 Dr. Alex McLeod, Dr. Diane Dolezel, Texas State University

Cyber Surveillance and Threat Intelligence Sharing

Agile IoT Solution Driving Digital Transformation of Transportation

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

WELCOME. October 19, 2017 The Mandarin Oriental Washington, DC

FDA CDRH perspective on new technologies in inhaler products

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Cybersecurity in Healthcare

DOD Medical Device Cybersecurity Considerations

A SMART PORT CITY IN THE INTERNET OF EVERYTHING (IOE) ERA VERNON THAVER, CTO, CISCO SYSTEMS SOUTH AFRICA

Cyber Security in Smart Commercial Buildings 2017 to 2021

Medical Devices Cybersecurity? Introduction to the Cybersecurity Landscape in Healthcare

Information Technology (CCHIT): Report on Activities and Progress

Wireless Sensors for IOT s

Network and Connectivity

Professor Christoph Thuemmler, PhD Edinburgh Napier University School of Computing 06. NOV 2017 C.Thuemmler, DET ETISKE RÅD

Mike Muller Chief Technology Officer. Judge Business School Feb 2016

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Lessons Learned from the Medical Device Interoperability Program (MD PnP) at Partners HealthCare / Mass. Gen Hosp

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

HEALTHCARE IT NETWORK SURVEY REPORT

AI Application and Development in ehealth Field. MIN Dong

REAL-TIME LOCATING SYSTEM. RTLS Hardware

HIPAA-HITECH: Privacy & Security Updates for 2015

Regulators & Manufacturers (Ken) Hackers & Security Officers (Jon) Providers & Patients (Angel)

Medigate and Palo Alto Networks Integration

technology Catalyst For connected CARE Per Ljungberg Director, System and Technology Group Function Technology and Emerging Business Ericsson

Enabling Breakthroughs in Medical Electronics. Karthik Vasanth, Ph.D General Manager, Medical and High Reliability Business Unit

INSPIRING IOT INNOVATION: MARKET EVOLUTION TO REMOVE BARRIERS. Mark Chen Taiwan Country Manager, Senior Director, Sales of Broadcom

Introducing the TrustSense Patient ID Printing Solution. PDC Healthcare Media is Optimized for The TrustSense Patient ID Printing Solution

Breaking the Blockchain: Real-World Use Cases, Opportunities and Challenges

European Union Agency for Network and Information Security

MEDICAL DEVICE SECURITY. A Focus on Patient Safety February, 2018

Telemedicine: The way to the future for healthcare management

!"# $ # # $ $ % $ &% $ '"# $ ()&*&)+(( )+(( )

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

DECT and ULE Addressing the requirements of IMT2020

Meaningful Use or Meltdown: Is Your Electronic Health Record System Secure?

Consumer Opinions and Habits A XIRRUS STUDY

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

CYBERSECURITY OF MEDICAL DEVICES AND UL 2900

Medical Device Innovations: Welcome to the Future

When your registration has been completed, you will receive an invitation to create your account.

WIRELESS MOBILE MEDICAL DEVICES

Wireless Best Kept Secret For Now

AUTHORIZATION TO RELEASE HEALTH INFORMATION

Cybersecurity and Patient Safety: A Literature Review

Behavioral Health Information Network of Arizona (BHINAZ)

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

Compliant. Secure. Dependable.

e-health in Austria Experiences from Implementation of EHR and Supplemental Applications

Learning About Dexcom Share. Setting up the 7 CHAPTER ONE 36 CHAPTER TWO. Table of Contents

Creating Solutions for Health through Technology Innovation

Real estate predictions 2017 What changes lie ahead?

Introducing the TrustSense Patient ID Printing Solution. Print wristbands and labels on demand from the same printer almost anywhere that s smart!

Security Analysis of Emerging Remote Obstetrics Monitoring Systems

Transcription:

Clinical and ICT Cybersecurity Overview and Cases A242-3 Elliot B. Sloane, PhD, CCE - Elected Fellow of ACCE, AIMBE, and HIMSS President and Founder Center for Healthcare Information Research and Policy, USA Disclosure: I have no conflict of interest with the materials provided. Third WHO Global Forum on Medical Devices 1

2

Medical Device and ICT convergence issues emerging from Dr. Nobel s First Law: The Conservation of Trouble! Enhancement of integrated medical and ICT devices to automate data capture and improve patient safety introduces new troubles squeezing out elsewhere: simultaneously expanding complexity of wired/wireless network, storage, and security problems in addition to clinical device safety!. In 2016, over half of US hospitals experienced ransomware attacks! (The other half may not know, AND the problems are being 3 seen in Europe, too )

Other Conservation of Trouble ahead? Mobility has created Where in the World is The Patient?? I can use my new Vonage phone service anywhere on the planet, but Al Gore s Internet 411 services think I am in Florida, even if I am actually in Shanghai! Internet of Things (IoT) EXPLOSION of smart light bulbs, outlets, thermostats in the extended environment of care, all chattering via wireless and wired networks Opportunities? Light bulbs (and virtually any powered object) can serve as wireless access point for adaptive mesh networks, replace wi-fi clutter Sentient Hospital, where some safety monitoring is built into the environmental systems 4

The traditional C.I.A. Cybersecurity Triad is NOT enough for healthcare; Clinical security needs SAFETY assurance! Danger Zone e.g., Inconsistent or incomplete drug interaction libraries, or wrong dosing rules (a la Dennis Quaid s children). Danger Zone e.g., EMR system that cannot notify if a ventilator sensitivity setting is too low, turned off for too long, OR multi-vendor device message mapping is defective. Medical Device/System Safe Zone of Operation Danger Zone e.g., Alarms that cannot reliably get through a wireless network fast enough, or if the network is compromised, reconfigured, etc. April, 2009 5 ebsloane.org

New frontiers create new problems. e.g. Li-Fi wireless communication (From Discovery News) Unlike Wi-Fi, which can potentially broadcast patient information far and wide, Li-Fi signals can be directed at a single user, which in turn helps keep their activity more private. And because it s easy to restrict, it could be used in locations like hospitals or schools. Laboratory tests have found that Li-Fi can transmit information at almost unbelievable speeds, over 200 gigabytes per second. That s fast enough to download 23 DVDs worth of information in the literal blink of an eye. 6

As prices crash, how long before they are easily installed in lobbies, clinics, and hospitals As the price point topples for IoT devices, how will we even know where IoT devices are in a hospital or clinic, or home?? 7

Case examples 1. Medical devices (including radiology, cardiology, lab, and others) in US and Europe have been hacked to attack entire hospital systems! 2. EU is working on projects using wearable pollution sensors and medical devices to detect patient risks and intervent BEFORE emergency, but device and data security is not yet robust. 3. Implanted defibrillators, pacemakers, and insulin pumps have ALL been hacked remotely. 1. SOME users, and communities of users, have hacked their own or their children s pumps to improve individual care! Open source program repositories exist for these jailbroken medical devices! 4. Deutsche Telekom s Internet service for millions of users was shut down by a massive IoT device attack in early 2017! Third WHO Global Forum on Medical Devices 8

Open discussion forum! How are you and your colleagues preparing for these challenges, and what education/training/tools do you need? What computerized inventory and management tool enhancements are needed? How does cybersecurity and privacy fit into the whole picture? What new regulations and standards are needed? Third WHO Global Forum on Medical Devices 9

THANK YOU! Elliot B. Sloane, PhD, CCE Center for Healthcare Information Research and Policy Villanova University & South University ebsloane@gmail.com www.linkedin.com/in/ebsloane Third WHO Global Forum on Medical Devices 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback