SlideShare uma empresa Scribd logo

How to Secure Your Medical Devices

SecurityMetrics
SecurityMetrics

Did you know your organization's medical devices could potentially be hacked? Learn how you can secure your medical devices and protect your data.

Saúde
1 de 9
Baixar para ler offline
HOW TO SECURE YOUR MEDICAL DEVICES ARE YOUR MEDICAL DEVICES BEING HACKED? White Paper © 2016 SecurityMetrics
HOW TO SECURE YOUR MEDICAL DEVICES | 1 HOW TO SECURE YOUR MEDICAL DEVICES ARE YOUR MEDICAL DEVICES BEING HACKED? INTRODUCTION Attackers are increasingly targeting medical devices; the reason—PHI. This attack is called medical device jacking or medjacking. Targeted medical devices consist of four types: 1. Consumer health monitoring (e.g., FitBits, smart watch, etc.) 2. Wearable (e.g., portable insulin pumps, continuous glucose monitor, etc.) 3. Embedded (e.g., pacemakers, defibrillators, etc.) 4. Stationary (e.g., MRI machines, CT scanners, etc.) Vulnerabilities have existed within many medical devices for years, but recently there have been increased attacks and awareness of these vulnerabilities. For example, the U.S. Food and Drug Administration (FDA) announced yet another medical device vulnerability, this time with a widely used infusion pump.
HOW TO SECURE YOUR MEDICAL DEVICES | 2 DANGERS OF MEDICAL DEVICES The FDA said medical devices “can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device.” Although internally embedded medical devices like pace- makers can be hacked, most attackers are more interested in stealing large amounts of patient data. Medical data (e.g., social security numbers, insurance information, etc.) is worth 10 times more than credit card data. Not only do these vulnerabilities exist, but they will increasingly grow worse as more and more devices become interconnected. For example, stationary medical devices are often connected via Wi-Fi or Ethernet, but in some cases, they can connect to a business associate. In general, stationary medical devices are the most at risk because within a few steps, criminals can gain access to electronic medical records (EMR) systems. The following are common stationary medical devices: • Medical x-ray scanner • MRI machine • CT scanners • Chemotherapy dispensing stations • Dialysis machines • LASIK surgical machines • Homecare cardio-monitoring • Bedside infusion pump • Anesthesia apparatuses • Medical ventilators • Picture archiving and communication system • Blood gas analyzer MEDICAL DATA IS WORTH 10 TIMES MORE THAN CREDIT CARD DATA.
HOW TO SECURE YOUR MEDICAL DEVICES | 3 HOW DO MEDICAL DEVICES GET COMPROMISED? Medjacking attacks are designed to quickly infiltrate medical devices, establish control, and then use them as pivot points to compromise and exfiltrate data from across the healthcare organization. Once an attacker gets into the network and bypasses existing security, they can infect a medical device and establish a backdoor within the device for later access. Why does this problem exist? It starts with manufacturing. According to the FDA, manufacturers are responsible for “remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity.” Medical device manufacturers are supposed to take responsibility for securing their devices with appropriate security controls (e.g., user authentication, strong pass- word protection, physical locks, card readers). They should also develop strategies for active security protection and “timely deployment of routine, validated security patches and methods to restrict software or firmware updates to authenticated code.” Unfortunately, most manufacturers don’t take this responsibility seriously. Some medical device manufacturers limit their cyber- security efforts due to low budgets or time-require- ments, necessitating the use of open source code for security solutions. Joshua Corman, CTO at Sonatye, describes this process as “a shared attack surface and a shared risk” across the manufacturing sphere. The problem is healthcare IT teams typically don’t have access to a medical device’s system. Users can’t install further security tools on network connected medical device systems because most security tools don’t run within the actual medical device. Also, any software applied by the entity might be considered tampering with the device and have a negative impact on FDA approval.
HOW TO SECURE YOUR MEDICAL DEVICES | 4 HOW TO PREVENT MEDJACKING The ongoing responsibility of managing patient data throughout an organization requires an organized ap- proach to risk management. As the guardian of patient data, it’s up to each healthcare organization to learn and understand the basic features of their IT assets and medical devices, what security mechanisms are in place, and how to use them. STEP ONE: FIX CURRENT MEDICAL DEVICES If you have networked medical devices, prepare for the worst. You likely have HIPAA violations on your hands because these devices are potentially vulnerable to leaking patient data. If there are any known vulnerabili- ties, remediate your existing devices immediately. Con- tact medical device manufacturers to find any required updates or available patches. Add this to your policies and document everything. Software and hardware updates take time. Plan ahead for ways to integrate all necessary fixes provided by the medical device manufacturer. Once again, make sure you document all of your manufacturers’ changes. Make sure all medical devices have a secure password. Secure passwords should have a minimum of eight char- acters, and must contain numeric, alphabetic, and special characters. In practice, the more character formats used, the more difficult a password will be to guess. This also applies to attackers trying to use a brute force applica- tion to obtain a password: the longer and more complex the password, the longer it will take to discover.
HOW TO SECURE YOUR MEDICAL DEVICES | 5 STEP TWO: REVISE YOUR PROCESS Most importantly, consider only buying from medical device vendors that value cybersecurity. Some device manufacturers favor passwords built into the system that can’t be changed. When making purchase decisions, you should be able to modify your own passwords. Vendors should also offer frequent updates on their systems and be willing to conduct quarterly reviews on their systems. Manage physical access to medical devices, if possible. Medical devices with USB ports are particularly prone to compromise and additional procedures for these devices (such as strict rules for used USBs) are a must. For example, employees should never use USB sticks found on the ground or lying around the facility. If devices no longer receive manufacturers’ updates, get rid of them. It’s better to be safe than risk patient data being stolen. Remember in the disposal process to securely erase or destroy any patient data on these devices. Limit access to PHI by segmenting devices inside your network. Protect these devices with strict firewall rules allowing access to only specific services and IP addresses. Train your employees at least annually. One of your organization’s biggest weak- nesses can be your workforce because they don’t understand their responsibility to protect PHI and medical devices. Train them about social engineering and how often individuals pose as janitors, IT, new hires, or fake nurses to access patient data. SEGMENT DEVICES INSIDE YOUR NETWORK TO LIMIT ACCESS TO PHI. In your social engineering training, teach employees to: • Challenge strangers • Verify their identification • Never use USB thumb drives found around the premises • Always wear an identification badge Ensure you protect your patient’s data. You need to adequately document where PHI enters your environment, what hap- pens once PHI enters, where it’s stored, and how it exits your organization. Then you need to implement the necessary encryption, industry best practice is to use AES-128, Triple DES, AES-256, or better.
HOW TO SECURE YOUR MEDICAL DEVICES | 6 STEP THREE: UNDERSTAND YOUR SECURITY STATUS It’s difficult, if not impossible to find every weakness in your organization on your own. To take your security to the next level and to avoid weaknesses in your IT system, consider implementing additional services such as: • Internal and external vulnerability scans—automated testing for weaknesses inside and outside your network • Penetration tests—live, hands-on testing of your system’s weaknesses and vulnerabilities • Gap analysis—consultation on where your gaps in security and compliance exist and what steps need to occur next • Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS)—a monitoring system for network security appliances and report malicious activity • File Integrity Monitoring (FIM)—a way of checking software, systems, and applications in order to warn of potential malicious activity
HOW TO SECURE YOUR MEDICAL DEVICES | 7 STEP FOUR: IMPLEMENT HIPAA COMPLIANCE If you haven’t already, designate a HIPAA compliance officer or team member. Clearly and specifically lay out their responsibilities, as well as for anyone involved with HIPAA compliance. Privacy and security concerns are key when it comes to HIPAA, but it’s also important to be sure your organization as a whole is protected. It’s critical to ensure all systems containing patient data is protected. Here are common places data is stored intentionally and unintentionally: • EHR/EMR systems • Databases • Workstations • Filing cabinets • Servers • Laptops • Security appliances • Email system • Data warehouse • Files shares • Ticketing systems • Mobile devices (i.e., smart phones, tablets) Conduct an annual HIPAA Risk Analysis. A Risk Analysis helps you to know your vulnerabilities, threats, and risks. The HHS states, “Conducting a Risk Analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implemen- tation specifications in the Security Rule. Therefore, a Risk Analysis is foundational.” Start by identifying your organi- zation’s top weaknesses, and begin to resolve these issues, and then repeat the process for medium and low risks. Set aside time either daily or weekly to work on HIPAA compliance and security. Keep HIPAA in the forefront of employees’ minds by holding regular training about PHI security practices. IF YOUR MEDICAL DEVICES AREN’T SECURE YOUR ORGANIZATION IS NOT HIPAA COMPLIANT.
HOW TO SECURE YOUR MEDICAL DEVICES | 8 CONCLUSION Update all medical devices with any available security patches. Work with manufacturers at least once a quarter to make sure your device is secure. If you haven’t already, start HIPAA compliance and protect your patient’s data. Don’t let obstacles stop your progress on the security and compliance journey. Make securing medical devices a standard procedure after they get fixed. This process helps protect your organization and your patient’s data from getting hacked. HOW VULNERABLE IS YOUR PATIENT DATA? Join over 800,000 organizations and let SecurityMetrics help protect your patient data. consulting@securitymetrics.com 801.705.5656

Recomendados

How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 

Recomendados

How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Securing the Fog
Securing the FogSecuring the Fog
Securing the FogThe Security of Things Forum
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of ThingsThe Security of Things Forum
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsEMMAIntl
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessmentsJose Ivan Delgado, Ph.D.
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 

Mais conteúdo relacionado

Mais procurados

Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsEMMAIntl
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 

Mais procurados (20)

Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security Webinar
 
Securing the Fog
Securing the FogSecuring the Fog
Securing the Fog
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and Evolver
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
Incident Response
Incident Response Incident Response
Incident Response
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle Management
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 

Semelhante a How to Secure Your Medical Devices

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfJacob Li
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...IT Network marcus evans
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningBlack Duck by Synopsys
 
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity PerspectiveEMMAIntl
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare ApplicationCitiusTech
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfSparity1
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsKristie Allison
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsESET North America
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devicesAjay Ohri
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxssuserf9c51d
 

Semelhante a How to Secure Your Medical Devices (20)

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical Devices
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
 
Cyber security
Cyber securityCyber security
Cyber security
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on Cloud
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
 
Securing Wearable Device Data
Securing Wearable Device DataSecuring Wearable Device Data
Securing Wearable Device Data
 
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devices
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 

Mais de SecurityMetrics

Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementSecurityMetrics
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisSecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA AuditSecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesSecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? SecurityMetrics
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data BreachSecurityMetrics
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeSecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptSecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkSecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationSecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken MalwareSecurityMetrics
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsSecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?SecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessSecurityMetrics
 
Mobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data CompromiseMobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data CompromiseSecurityMetrics
 

Mais de SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 
Mobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data CompromiseMobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data Compromise
 

Último

Back care and back massage. powerpoint presentation
Back care and back massage. powerpoint presentationBack care and back massage. powerpoint presentation
Back care and back massage. powerpoint presentationpratiksha ghimire
 
Learn Tips for Managing Chemobrain or Mental Fogginess
Learn Tips for Managing Chemobrain or Mental FogginessLearn Tips for Managing Chemobrain or Mental Fogginess
Learn Tips for Managing Chemobrain or Mental Fogginessbkling
 
Lipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptx
Lipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptxLipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptx
Lipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptxRajendra Dev Bhatt
 
CROHNS DISEASE.pptx by Dr. Chayanika Das
CROHNS DISEASE.pptx by Dr. Chayanika DasCROHNS DISEASE.pptx by Dr. Chayanika Das
CROHNS DISEASE.pptx by Dr. Chayanika DasChayanika Das
 
ANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGY
ANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGYANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGY
ANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGYDrmayuribhise
 
Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...
Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...
Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...Dr. David Greene Arizona
 
Preventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdf
Preventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdfPreventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdf
Preventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdfAditiAlishetty
 
Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...
Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...
Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...The Lifesciences Magazine
 
Exploring the Integration of Homeopathy and Allopathy in Healthcare.pdf
Exploring the Integration of Homeopathy and Allopathy in Healthcare.pdfExploring the Integration of Homeopathy and Allopathy in Healthcare.pdf
Exploring the Integration of Homeopathy and Allopathy in Healthcare.pdfDharma Homoeopathy
 
Immediate care of newborn, midwifery and obstetrical nursing
Immediate care of newborn, midwifery and obstetrical nursingImmediate care of newborn, midwifery and obstetrical nursing
Immediate care of newborn, midwifery and obstetrical nursingNursing education
 
Field exchange, Issue 72 April 2024 FEX-72.pdf
Field exchange, Issue 72 April 2024 FEX-72.pdfField exchange, Issue 72 April 2024 FEX-72.pdf
Field exchange, Issue 72 April 2024 FEX-72.pdfMohamed Miyir
 
Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...
Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...
Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...Oleg Kshivets
 
Evidence-based resources -2023-PRUH SS.pptx
Evidence-based resources -2023-PRUH SS.pptxEvidence-based resources -2023-PRUH SS.pptx
Evidence-based resources -2023-PRUH SS.pptxMrs S Sen
 
2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...
2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...
2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...Compliatric Where Compliance Happens
 
Understanding Cholera: Epidemiology, Prevention, and Control.pdf
Understanding Cholera: Epidemiology, Prevention, and Control.pdfUnderstanding Cholera: Epidemiology, Prevention, and Control.pdf
Understanding Cholera: Epidemiology, Prevention, and Control.pdfSasikiranMarri
 
Text Neck Syndrome and its probable way out.pptx
Text Neck Syndrome and its probable way out.pptxText Neck Syndrome and its probable way out.pptx
Text Neck Syndrome and its probable way out.pptxProf. Satyen Bhattacharyya
 
Enhancing Health Through Personalized Nutrition
Enhancing Health Through Personalized NutritionEnhancing Health Through Personalized Nutrition
Enhancing Health Through Personalized NutritionNeighborhood Trainer
 
arpita 1-1.pptx management of nursing service and education
arpita 1-1.pptx management of nursing service and educationarpita 1-1.pptx management of nursing service and education
arpita 1-1.pptx management of nursing service and educationNursing education
 

Último (20)

Back care and back massage. powerpoint presentation
Back care and back massage. powerpoint presentationBack care and back massage. powerpoint presentation
Back care and back massage. powerpoint presentation
 
Coping with Childhood Cancer - How Does it Hurt Today
Coping with Childhood Cancer - How Does it Hurt TodayCoping with Childhood Cancer - How Does it Hurt Today
Coping with Childhood Cancer - How Does it Hurt Today
 
Learn Tips for Managing Chemobrain or Mental Fogginess
Learn Tips for Managing Chemobrain or Mental FogginessLearn Tips for Managing Chemobrain or Mental Fogginess
Learn Tips for Managing Chemobrain or Mental Fogginess
 
Lipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptx
Lipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptxLipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptx
Lipid Profile test & Cardiac Markers for MBBS, Lab. Med. and Nursing.pptx
 
CROHNS DISEASE.pptx by Dr. Chayanika Das
CROHNS DISEASE.pptx by Dr. Chayanika DasCROHNS DISEASE.pptx by Dr. Chayanika Das
CROHNS DISEASE.pptx by Dr. Chayanika Das
 
ANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGY
ANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGYANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGY
ANTIGEN- SECTION IMMUNOLOGY DEPARTMENT OF MICROBIOLOGY
 
Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...
Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...
Innovations in Nephrology by Dr. David Greene Stem Cell Potential and Progres...
 
Preventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdf
Preventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdfPreventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdf
Preventing Common Nutritional Deficiencies In Poultry Flocks (PPT).pdf
 
Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...
Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...
Importance of Assessing Level of Consciousness in Medical Care | The Lifescie...
 
Exploring the Integration of Homeopathy and Allopathy in Healthcare.pdf
Exploring the Integration of Homeopathy and Allopathy in Healthcare.pdfExploring the Integration of Homeopathy and Allopathy in Healthcare.pdf
Exploring the Integration of Homeopathy and Allopathy in Healthcare.pdf
 
Immediate care of newborn, midwifery and obstetrical nursing
Immediate care of newborn, midwifery and obstetrical nursingImmediate care of newborn, midwifery and obstetrical nursing
Immediate care of newborn, midwifery and obstetrical nursing
 
Field exchange, Issue 72 April 2024 FEX-72.pdf
Field exchange, Issue 72 April 2024 FEX-72.pdfField exchange, Issue 72 April 2024 FEX-72.pdf
Field exchange, Issue 72 April 2024 FEX-72.pdf
 
Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...
Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...
Local Advanced Esophageal Cancer (T3-4N0-2M0): Artificial Intelligence, Syner...
 
Evidence-based resources -2023-PRUH SS.pptx
Evidence-based resources -2023-PRUH SS.pptxEvidence-based resources -2023-PRUH SS.pptx
Evidence-based resources -2023-PRUH SS.pptx
 
2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...
2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...
2024 Compliatric Webinar Series - OSV Overview and Panel Discussion April 202...
 
Kidney Transplant At Hiranandani Hospital
Kidney Transplant At Hiranandani HospitalKidney Transplant At Hiranandani Hospital
Kidney Transplant At Hiranandani Hospital
 
Understanding Cholera: Epidemiology, Prevention, and Control.pdf
Understanding Cholera: Epidemiology, Prevention, and Control.pdfUnderstanding Cholera: Epidemiology, Prevention, and Control.pdf
Understanding Cholera: Epidemiology, Prevention, and Control.pdf
 
Text Neck Syndrome and its probable way out.pptx
Text Neck Syndrome and its probable way out.pptxText Neck Syndrome and its probable way out.pptx
Text Neck Syndrome and its probable way out.pptx
 
Enhancing Health Through Personalized Nutrition
Enhancing Health Through Personalized NutritionEnhancing Health Through Personalized Nutrition
Enhancing Health Through Personalized Nutrition
 
arpita 1-1.pptx management of nursing service and education
arpita 1-1.pptx management of nursing service and educationarpita 1-1.pptx management of nursing service and education
arpita 1-1.pptx management of nursing service and education
 

How to Secure Your Medical Devices

  • 1. HOW TO SECURE YOUR MEDICAL DEVICES ARE YOUR MEDICAL DEVICES BEING HACKED? White Paper © 2016 SecurityMetrics
  • 2. HOW TO SECURE YOUR MEDICAL DEVICES | 1 HOW TO SECURE YOUR MEDICAL DEVICES ARE YOUR MEDICAL DEVICES BEING HACKED? INTRODUCTION Attackers are increasingly targeting medical devices; the reason—PHI. This attack is called medical device jacking or medjacking. Targeted medical devices consist of four types: 1. Consumer health monitoring (e.g., FitBits, smart watch, etc.) 2. Wearable (e.g., portable insulin pumps, continuous glucose monitor, etc.) 3. Embedded (e.g., pacemakers, defibrillators, etc.) 4. Stationary (e.g., MRI machines, CT scanners, etc.) Vulnerabilities have existed within many medical devices for years, but recently there have been increased attacks and awareness of these vulnerabilities. For example, the U.S. Food and Drug Administration (FDA) announced yet another medical device vulnerability, this time with a widely used infusion pump.
  • 3. HOW TO SECURE YOUR MEDICAL DEVICES | 2 DANGERS OF MEDICAL DEVICES The FDA said medical devices “can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device.” Although internally embedded medical devices like pace- makers can be hacked, most attackers are more interested in stealing large amounts of patient data. Medical data (e.g., social security numbers, insurance information, etc.) is worth 10 times more than credit card data. Not only do these vulnerabilities exist, but they will increasingly grow worse as more and more devices become interconnected. For example, stationary medical devices are often connected via Wi-Fi or Ethernet, but in some cases, they can connect to a business associate. In general, stationary medical devices are the most at risk because within a few steps, criminals can gain access to electronic medical records (EMR) systems. The following are common stationary medical devices: • Medical x-ray scanner • MRI machine • CT scanners • Chemotherapy dispensing stations • Dialysis machines • LASIK surgical machines • Homecare cardio-monitoring • Bedside infusion pump • Anesthesia apparatuses • Medical ventilators • Picture archiving and communication system • Blood gas analyzer MEDICAL DATA IS WORTH 10 TIMES MORE THAN CREDIT CARD DATA.
  • 4. HOW TO SECURE YOUR MEDICAL DEVICES | 3 HOW DO MEDICAL DEVICES GET COMPROMISED? Medjacking attacks are designed to quickly infiltrate medical devices, establish control, and then use them as pivot points to compromise and exfiltrate data from across the healthcare organization. Once an attacker gets into the network and bypasses existing security, they can infect a medical device and establish a backdoor within the device for later access. Why does this problem exist? It starts with manufacturing. According to the FDA, manufacturers are responsible for “remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity.” Medical device manufacturers are supposed to take responsibility for securing their devices with appropriate security controls (e.g., user authentication, strong pass- word protection, physical locks, card readers). They should also develop strategies for active security protection and “timely deployment of routine, validated security patches and methods to restrict software or firmware updates to authenticated code.” Unfortunately, most manufacturers don’t take this responsibility seriously. Some medical device manufacturers limit their cyber- security efforts due to low budgets or time-require- ments, necessitating the use of open source code for security solutions. Joshua Corman, CTO at Sonatye, describes this process as “a shared attack surface and a shared risk” across the manufacturing sphere. The problem is healthcare IT teams typically don’t have access to a medical device’s system. Users can’t install further security tools on network connected medical device systems because most security tools don’t run within the actual medical device. Also, any software applied by the entity might be considered tampering with the device and have a negative impact on FDA approval.
  • 5. HOW TO SECURE YOUR MEDICAL DEVICES | 4 HOW TO PREVENT MEDJACKING The ongoing responsibility of managing patient data throughout an organization requires an organized ap- proach to risk management. As the guardian of patient data, it’s up to each healthcare organization to learn and understand the basic features of their IT assets and medical devices, what security mechanisms are in place, and how to use them. STEP ONE: FIX CURRENT MEDICAL DEVICES If you have networked medical devices, prepare for the worst. You likely have HIPAA violations on your hands because these devices are potentially vulnerable to leaking patient data. If there are any known vulnerabili- ties, remediate your existing devices immediately. Con- tact medical device manufacturers to find any required updates or available patches. Add this to your policies and document everything. Software and hardware updates take time. Plan ahead for ways to integrate all necessary fixes provided by the medical device manufacturer. Once again, make sure you document all of your manufacturers’ changes. Make sure all medical devices have a secure password. Secure passwords should have a minimum of eight char- acters, and must contain numeric, alphabetic, and special characters. In practice, the more character formats used, the more difficult a password will be to guess. This also applies to attackers trying to use a brute force applica- tion to obtain a password: the longer and more complex the password, the longer it will take to discover.
  • 6. HOW TO SECURE YOUR MEDICAL DEVICES | 5 STEP TWO: REVISE YOUR PROCESS Most importantly, consider only buying from medical device vendors that value cybersecurity. Some device manufacturers favor passwords built into the system that can’t be changed. When making purchase decisions, you should be able to modify your own passwords. Vendors should also offer frequent updates on their systems and be willing to conduct quarterly reviews on their systems. Manage physical access to medical devices, if possible. Medical devices with USB ports are particularly prone to compromise and additional procedures for these devices (such as strict rules for used USBs) are a must. For example, employees should never use USB sticks found on the ground or lying around the facility. If devices no longer receive manufacturers’ updates, get rid of them. It’s better to be safe than risk patient data being stolen. Remember in the disposal process to securely erase or destroy any patient data on these devices. Limit access to PHI by segmenting devices inside your network. Protect these devices with strict firewall rules allowing access to only specific services and IP addresses. Train your employees at least annually. One of your organization’s biggest weak- nesses can be your workforce because they don’t understand their responsibility to protect PHI and medical devices. Train them about social engineering and how often individuals pose as janitors, IT, new hires, or fake nurses to access patient data. SEGMENT DEVICES INSIDE YOUR NETWORK TO LIMIT ACCESS TO PHI. In your social engineering training, teach employees to: • Challenge strangers • Verify their identification • Never use USB thumb drives found around the premises • Always wear an identification badge Ensure you protect your patient’s data. You need to adequately document where PHI enters your environment, what hap- pens once PHI enters, where it’s stored, and how it exits your organization. Then you need to implement the necessary encryption, industry best practice is to use AES-128, Triple DES, AES-256, or better.
  • 7. HOW TO SECURE YOUR MEDICAL DEVICES | 6 STEP THREE: UNDERSTAND YOUR SECURITY STATUS It’s difficult, if not impossible to find every weakness in your organization on your own. To take your security to the next level and to avoid weaknesses in your IT system, consider implementing additional services such as: • Internal and external vulnerability scans—automated testing for weaknesses inside and outside your network • Penetration tests—live, hands-on testing of your system’s weaknesses and vulnerabilities • Gap analysis—consultation on where your gaps in security and compliance exist and what steps need to occur next • Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS)—a monitoring system for network security appliances and report malicious activity • File Integrity Monitoring (FIM)—a way of checking software, systems, and applications in order to warn of potential malicious activity
  • 8. HOW TO SECURE YOUR MEDICAL DEVICES | 7 STEP FOUR: IMPLEMENT HIPAA COMPLIANCE If you haven’t already, designate a HIPAA compliance officer or team member. Clearly and specifically lay out their responsibilities, as well as for anyone involved with HIPAA compliance. Privacy and security concerns are key when it comes to HIPAA, but it’s also important to be sure your organization as a whole is protected. It’s critical to ensure all systems containing patient data is protected. Here are common places data is stored intentionally and unintentionally: • EHR/EMR systems • Databases • Workstations • Filing cabinets • Servers • Laptops • Security appliances • Email system • Data warehouse • Files shares • Ticketing systems • Mobile devices (i.e., smart phones, tablets) Conduct an annual HIPAA Risk Analysis. A Risk Analysis helps you to know your vulnerabilities, threats, and risks. The HHS states, “Conducting a Risk Analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implemen- tation specifications in the Security Rule. Therefore, a Risk Analysis is foundational.” Start by identifying your organi- zation’s top weaknesses, and begin to resolve these issues, and then repeat the process for medium and low risks. Set aside time either daily or weekly to work on HIPAA compliance and security. Keep HIPAA in the forefront of employees’ minds by holding regular training about PHI security practices. IF YOUR MEDICAL DEVICES AREN’T SECURE YOUR ORGANIZATION IS NOT HIPAA COMPLIANT.
  • 9. HOW TO SECURE YOUR MEDICAL DEVICES | 8 CONCLUSION Update all medical devices with any available security patches. Work with manufacturers at least once a quarter to make sure your device is secure. If you haven’t already, start HIPAA compliance and protect your patient’s data. Don’t let obstacles stop your progress on the security and compliance journey. Make securing medical devices a standard procedure after they get fixed. This process helps protect your organization and your patient’s data from getting hacked. HOW VULNERABLE IS YOUR PATIENT DATA? Join over 800,000 organizations and let SecurityMetrics help protect your patient data. consulting@securitymetrics.com 801.705.5656