SlideShare a Scribd company logo

Patient Centric Cyber Monitoring with DocBox and Evolver

â€ĸ
â€ĸ
The Security of Things Forum
The Security of Things Forum

A presentation by Tracy Rausch, CEO of DocBox and Chip Block of Evolver Inc. on medical device security & patient monitoring. Presented at The Security of Things Forum on Sept. 10, 2015.

Technology
1 of 24
Download to read offline
Patient Centric Cyber Monitoring Tracy Rausch, CCE CEO and Founder DocBox Newton, MA tracy@docboxmed.com Chip Block Vice President Evolver, Inc. Reston, VA cblock@evolverinc.com
THREE TYPE OF DEVICES ī‚§ Devices with software on a general computing platform (Spirometers, Sleep Study, Devices as Software) ī‚§ Stationary devices on proprietary platform (MRI, CT, X-Ray) ī‚§ Medical devices with embedded software (Infusion Pumps, Ventilators, Multiparameter Monitors)
TURNING THE IOT SECURITY QUESTION UPSIDE DOWN
What machines are infected and what data is lost? TRADITIONAL ENTERPRISE SECURITY QUESTION
MEDICAL DEVICE SECURITY QUESTION What patients are affected?
WHY IS DEVICE SECURITY DIFFERENT? Traditional Enterprise Cyber Security Highly dynamic functionality Continuous software, information and communication changes User/computer centric Security systems are primarily network/perimeter focuses Medical Device Cyber Security Highly Static Functionality Legacy, seldom changing software code Patient centric Security paradigm still being developed
User/Machine (passwords) Server Authentication Data Access ī‚§ Primary focus is on which user accessed which application to get which data ī‚§ Malware / Anti-virus focuses on finding vulnerabilities that can used for widespread attack ī‚§ Major concern is on large scale infiltration and exploitation ī‚§ The possible outcomes of the attack are numerous based on the devices on the network and available data ī‚§ Reporting is on network device and user The primary question is what machines are affected and what data is at risk? ENTERPRISE CYBER SECURITY
Patient Outcome Devices Impacted ī‚§ Primary focus is on which patients may be affected by the attack ī‚§ The outcomes are limited as the device only does a limited number of functions ī‚§ Reporting is on which patients have been impacted and recovery ī‚§ Patient safety and security are interlinked The primary question is what is the impact on the patients? MEDICAL DEVICE SECURITY
MEDICAL DEVICE CYBER SECURITY APPROACH ī‚§Leverage the unique characteristics of medical devices for security ī‚§ Leverage static nature of device to gain greater security ī‚§ Develop patient centric security operations approach ī‚§ Support both existing device security and work with FDA and other standards group for increased security in new devices ī‚§ Utilize Integrated Clinical Environment (ICE) Architecture
WHAT IS “ICE”? 1. ICE = Integrated Clinical Environment 2. It is a vision that integration of medical and non-medical devices, data, and HIT in patient care environments can enable improvements in healthcare quality and safety that have been elusive until now 3. ICE is a published standard – ASTM F2761-09 4. ICE capabilities are being developed by academic and industry collaborators, seeded by substantial federal and private funding. See www.openice.info and mdpnp.org 5. ICE is a platform to enable the Medical Internet of Things 6. The ICE Alliance seeks to promote all of the above to deliver safe, secure, interoperable clinical environments
FUNCTIONAL ELEMENTS OF THE INTEGRATED CLINICAL ENVIRONMENT ASTM standard F2761-2009 Published January 2010 ICE SupervisorICE Supervisor Network Controller Network Controller ICE Interface Data Logger Data Logger External Interface External Interface Medical Device ICE Interface Other Equipment Integrated Clinical Environment (ICE) Clinician Patient
Data Warehouse ICE Systems Apps Clinical Documentation App CDS App 1 CDS App 3 CDS App 2 MD 1 MD 2 MD 3 MD n ICE Manager CDS App a CDS App n EMR ADT Other Enterprise ICE Systems Apps CDS App 2 CDS App n Clinical DocumentationCDS App 1 ICE Coordinator 1 2 3 MEDICAL IOT ARCHITECTURE Remote Monitoring ICE Data Bus ICE Coordinator Data Bus Single Patient DB and App Multiple Patient DB ICE System App ICE Clinical App Medical Device (MD) Hospital IT systems Interface
SCALABLE ARCHITECTURE Apps 1â€Ļn patients 1 patient per ICE 0â€Ļ.24 devices/sensors or therapeutic devices ICE Coordinator Data Cluster (HADOOP) 1 Coordinator per 250 beds EMR LAB PharmacyADT Hospital ICE System Network Across Hospital Network ICE Domain Hardware for ICE Manager Changes by Environment Other
TECHNOLOGY ī‚§Repurposed Technology for Healthcare ī‚§ DDS (Standard Communication Protocol) ī‚§ Mature Standard ī‚§ Used in Military, Internet of Things, Energy, Public Works. ī‚§ Platform to Build Clinical Apps ī‚§ Environmentally Agnostic (change hardware to match intended use and environment)
SECURITY AND SAFETY ī‚§ Traditional Security Approaches for IT will not meet the unique needs of the clinical environment. ī‚§ Security is required for patient safety. ī‚§ Security can’t impact patient safety or functionality of medical devices. ī‚§ Implementation of security must be evaluated for patient safety risks.
â€ĻN ī‚­ â€ĻN ī‚­ 3 ī‚­ 3 ī‚­ 2 ī‚­ 2 ī‚­ ICE SECURITY ARCHITECTURE ICE Coordinator Roll-based Login Firewall Anti-Virus / Anti-Malware Coordinator whitelists each Manager & External Systems ICE Coordinator Roll-based Login Firewall Anti-Virus / Anti-Malware Coordinator whitelists each Manager & External Systems ICE Manager Manager whitelists Coordinator Roll-Based Login Anti-Virus / Anti-Malware Device Authentication ICE Manager Manager whitelists Coordinator Roll-Based Login Anti-Virus / Anti-Malware Device Authentication 1 ī‚­ Coordinator Data Bus ICE Data Bus External Systems Comm Interface (Driver) Communication “Process Whitelist” Comm Interface (Driver) Communication “Process Whitelist” Physical Security: Hospital Data Center Data-Level Security (DDS) Data-Level Transport Security (DDS) Medical Device (Legacy) Medical Device (Legacy) Medical Device (ICE Compliant) “Process Whitelist” Medical Device (ICE Compliant) “Process Whitelist” App Whitelist Process Whitelist Utilize Rolls of Manager App Whitelist Process Whitelist Utilize Rolls of Manager ī‚­ Patient
SECURITY AND PRIVACY ī‚§ Defense in layers approach for ICE components and devices ī‚§ Process Whitelisting of Devices and Apps ī‚§ Unique Login and Password for Clinicians. ī‚§ Separate Devices Physically from Hospital Network (but not data). ī‚§ Virus and Malware, protection on Server and Coordinator, consider traditional medical devices similar to IoT sensors ī‚§ Implement DDS Security encryption and security individual data points at levels required. (not a one size solution for all data values or data paths). ī‚§ Blackbox recording of data at bedside similar to aviation. ī‚§ Encrypt all communications with PHI, use ICE patient session ID on devices not PHI on roaming devices.
Note: The ICE Alliance is hosted by the IEEE-ISTO The ICE Alliance is a non-profit program committed to establishing healthcare environments that are safe, secure, and interoperable www.icealliance.org
WHAT WILL THE ICE ALLIANCE DELIVER? Many Deliverables are already in progress through MD PnP Program + Collaborators ī‚§ Medical and Health IT equipment procurement language for use by healthcare delivery organizations (MD FIRE http://mdpnp.org/mdfire.php ) ī‚§ Clinical Needs Assessment and Descriptions – by HDOs ī‚§ System Requirements Specifications – elaborated by MD PnP program ī‚§ Use Case and Clinical Scenario Library – maintained by MD PnP ī‚§ ICE reference implementations, including safety and security requirements, and test tools – Started by MD PnP, see http://www.openice.info ī‚§ Feedback to Standards Development Organizations (SDOs) to help standards conform to ICE requirements – currently performed by MD PnP ī‚§ Regulatory science analysis related to submission http://mdpnp.org/ MD_PnP_Program___MDISWG.html interoperable medical devices and systems (FDA Pre-submission bit.ly/mdiswg ) ī‚§ Elaboration of requirements for EMR inclusion of device data
MEMBERSHIP IN THE ICE ALLIANCE ī‚§ The IEEE-ISTO manages the IA ī‚§ Membership is free to individuals, non-profit organizations and federal agencies ī‚§ For-profit organizational membership ranges from $1000 to $10,000 annually ī‚§ Seed funding has been provided by HDOs, Manufacturers, and medical societies. Contributions are welcome. ī‚§ Specific projects are funded separately from annual membership ī‚§ Questions may be directed to jmgoldman@partners.org
NOTE – NOT ALL PENDING MEMBERS ARE SHOWN ICE ALLIANCE FOUNDING MEMBERS* Founding Members Liaison Members *As of 7/25/15 Additional founding memberships in process
CONCLUSION ī‚§ Turn the security monitoring question upside down, patient focused, not device focused, monitoring ī‚§ Leverage unique features of devices to gain security ī‚§ Utilized Integrated Clinical Environment architecture to gain security through separation of devices and network
THANK YOU

Recommended

Securing the Fog
Securing the FogSecuring the Fog
Securing the FogThe Security of Things Forum
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of ThingsThe Security of Things Forum
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Security of Things Forum
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
N018138696
N018138696N018138696
N018138696IOSR Journals
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthrcnossen
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 

Recommended

Securing the Fog
Securing the FogSecuring the Fog
Securing the FogThe Security of Things Forum
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of ThingsThe Security of Things Forum
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Security of Things Forum
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
N018138696
N018138696N018138696
N018138696IOSR Journals
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthrcnossen
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
The Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDThe Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDJanel Heilbrunn
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornEric Andresen
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetDevaraj Sl
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Paper4
Paper4Paper4
Paper4Kestone
 
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina ResearchMatt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina ResearchBusiness of Software Conference
 
Advancing Medical Device Interoperability (MDI)
Advancing Medical Device Interoperability (MDI)Advancing Medical Device Interoperability (MDI)
Advancing Medical Device Interoperability (MDI)Brandon Lock
 
Harnessing DDS in Next Generation Healthcare Systems
Harnessing DDS in Next Generation Healthcare SystemsHarnessing DDS in Next Generation Healthcare Systems
Harnessing DDS in Next Generation Healthcare SystemsADLINK Technology IoT
 
Machina research big data and IoT
Machina research big data and IoTMachina research big data and IoT
Machina research big data and IoTBusiness of Software Conference
 
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical DevicesExtreme Networks
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 

More Related Content

What's hot

Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
The Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDThe Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDJanel Heilbrunn
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornEric Andresen
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetDevaraj Sl
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Paper4
Paper4Paper4
Paper4Kestone
 

What's hot (16)

Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
The Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDThe Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMD
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheet
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security Webinar
 
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
Paper4
Paper4Paper4
Paper4
 

Viewers also liked

Matt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina ResearchMatt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina ResearchBusiness of Software Conference
 
Advancing Medical Device Interoperability (MDI)
Advancing Medical Device Interoperability (MDI)Advancing Medical Device Interoperability (MDI)
Advancing Medical Device Interoperability (MDI)Brandon Lock
 
Harnessing DDS in Next Generation Healthcare Systems
Harnessing DDS in Next Generation Healthcare SystemsHarnessing DDS in Next Generation Healthcare Systems
Harnessing DDS in Next Generation Healthcare SystemsADLINK Technology IoT
 
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical DevicesExtreme Networks
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Cybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUCybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUErik Vollebregt
 
Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016Bernard Moon
 

Viewers also liked (8)

Matt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina ResearchMatt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
Matt Hatton - 7 Numbers You Need to Know about IoT - Machina Research
 
Advancing Medical Device Interoperability (MDI)
Advancing Medical Device Interoperability (MDI)Advancing Medical Device Interoperability (MDI)
Advancing Medical Device Interoperability (MDI)
 
Harnessing DDS in Next Generation Healthcare Systems
Harnessing DDS in Next Generation Healthcare SystemsHarnessing DDS in Next Generation Healthcare Systems
Harnessing DDS in Next Generation Healthcare Systems
 
Machina research big data and IoT
Machina research big data and IoTMachina research big data and IoT
Machina research big data and IoT
 
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Cybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUCybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EU
 
Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016
 

Similar to Patient Centric Cyber Monitoring with DocBox and Evolver

Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsEMMAIntl
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfICS
 
IRJET- Hiding Sensitive Medical Data using Encryption
IRJET- Hiding Sensitive Medical Data using EncryptionIRJET- Hiding Sensitive Medical Data using Encryption
IRJET- Hiding Sensitive Medical Data using EncryptionIRJET Journal
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devicesAjay Ohri
 
IRJET-A Survey on provide security to wireless medical sensor data
IRJET-A Survey on provide security to wireless medical sensor dataIRJET-A Survey on provide security to wireless medical sensor data
IRJET-A Survey on provide security to wireless medical sensor dataIRJET Journal
 
A Survey on provide security to wireless medical sensor data
A Survey on provide security to wireless medical sensor dataA Survey on provide security to wireless medical sensor data
A Survey on provide security to wireless medical sensor dataIRJET Journal
 
E-Health Care Cloud Solution
E-Health Care Cloud SolutionE-Health Care Cloud Solution
E-Health Care Cloud SolutionIRJET Journal
 
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...IRJET Journal
 
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life
 
Medical Records on the Run: Protecting Patient Data with Device Control and...
Medical Records on the Run: Protecting Patient Data with Device Control and...Medical Records on the Run: Protecting Patient Data with Device Control and...
Medical Records on the Run: Protecting Patient Data with Device Control and...Lumension
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 
Workflow Process Management and Enterprise Application Integration in Healthcare
Workflow Process Management and Enterprise Application Integration in HealthcareWorkflow Process Management and Enterprise Application Integration in Healthcare
Workflow Process Management and Enterprise Application Integration in HealthcareAmit Sheth
 
OmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance InfoOmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance InfoJonathan Eubanks
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Walt Maclay
 
Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Sterling Medical Devices
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 

Similar to Patient Centric Cyber Monitoring with DocBox and Evolver (20)

Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical Devices
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdf
 
IRJET- Hiding Sensitive Medical Data using Encryption
IRJET- Hiding Sensitive Medical Data using EncryptionIRJET- Hiding Sensitive Medical Data using Encryption
IRJET- Hiding Sensitive Medical Data using Encryption
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devices
 
IRJET-A Survey on provide security to wireless medical sensor data
IRJET-A Survey on provide security to wireless medical sensor dataIRJET-A Survey on provide security to wireless medical sensor data
IRJET-A Survey on provide security to wireless medical sensor data
 
A Survey on provide security to wireless medical sensor data
A Survey on provide security to wireless medical sensor dataA Survey on provide security to wireless medical sensor data
A Survey on provide security to wireless medical sensor data
 
E-Health Care Cloud Solution
E-Health Care Cloud SolutionE-Health Care Cloud Solution
E-Health Care Cloud Solution
 
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
 
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
 
Medical Records on the Run: Protecting Patient Data with Device Control and...
Medical Records on the Run: Protecting Patient Data with Device Control and...Medical Records on the Run: Protecting Patient Data with Device Control and...
Medical Records on the Run: Protecting Patient Data with Device Control and...
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
 
Workflow Process Management and Enterprise Application Integration in Healthcare
Workflow Process Management and Enterprise Application Integration in HealthcareWorkflow Process Management and Enterprise Application Integration in Healthcare
Workflow Process Management and Enterprise Application Integration in Healthcare
 
OmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance InfoOmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance Info
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
 
Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
 

Recently uploaded

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Patient Centric Cyber Monitoring with DocBox and Evolver

  • 1. Patient Centric Cyber Monitoring Tracy Rausch, CCE CEO and Founder DocBox Newton, MA tracy@docboxmed.com Chip Block Vice President Evolver, Inc. Reston, VA cblock@evolverinc.com
  • 2. THREE TYPE OF DEVICES ī‚§ Devices with software on a general computing platform (Spirometers, Sleep Study, Devices as Software) ī‚§ Stationary devices on proprietary platform (MRI, CT, X-Ray) ī‚§ Medical devices with embedded software (Infusion Pumps, Ventilators, Multiparameter Monitors)
  • 3.
  • 4. TURNING THE IOT SECURITY QUESTION UPSIDE DOWN
  • 5. What machines are infected and what data is lost? TRADITIONAL ENTERPRISE SECURITY QUESTION
  • 6. MEDICAL DEVICE SECURITY QUESTION What patients are affected?
  • 7. WHY IS DEVICE SECURITY DIFFERENT? Traditional Enterprise Cyber Security Highly dynamic functionality Continuous software, information and communication changes User/computer centric Security systems are primarily network/perimeter focuses Medical Device Cyber Security Highly Static Functionality Legacy, seldom changing software code Patient centric Security paradigm still being developed
  • 8. User/Machine (passwords) Server Authentication Data Access ī‚§ Primary focus is on which user accessed which application to get which data ī‚§ Malware / Anti-virus focuses on finding vulnerabilities that can used for widespread attack ī‚§ Major concern is on large scale infiltration and exploitation ī‚§ The possible outcomes of the attack are numerous based on the devices on the network and available data ī‚§ Reporting is on network device and user The primary question is what machines are affected and what data is at risk? ENTERPRISE CYBER SECURITY
  • 9. Patient Outcome Devices Impacted ī‚§ Primary focus is on which patients may be affected by the attack ī‚§ The outcomes are limited as the device only does a limited number of functions ī‚§ Reporting is on which patients have been impacted and recovery ī‚§ Patient safety and security are interlinked The primary question is what is the impact on the patients? MEDICAL DEVICE SECURITY
  • 10. MEDICAL DEVICE CYBER SECURITY APPROACH ī‚§Leverage the unique characteristics of medical devices for security ī‚§ Leverage static nature of device to gain greater security ī‚§ Develop patient centric security operations approach ī‚§ Support both existing device security and work with FDA and other standards group for increased security in new devices ī‚§ Utilize Integrated Clinical Environment (ICE) Architecture
  • 11. WHAT IS “ICE”? 1. ICE = Integrated Clinical Environment 2. It is a vision that integration of medical and non-medical devices, data, and HIT in patient care environments can enable improvements in healthcare quality and safety that have been elusive until now 3. ICE is a published standard – ASTM F2761-09 4. ICE capabilities are being developed by academic and industry collaborators, seeded by substantial federal and private funding. See www.openice.info and mdpnp.org 5. ICE is a platform to enable the Medical Internet of Things 6. The ICE Alliance seeks to promote all of the above to deliver safe, secure, interoperable clinical environments
  • 12. FUNCTIONAL ELEMENTS OF THE INTEGRATED CLINICAL ENVIRONMENT ASTM standard F2761-2009 Published January 2010 ICE SupervisorICE Supervisor Network Controller Network Controller ICE Interface Data Logger Data Logger External Interface External Interface Medical Device ICE Interface Other Equipment Integrated Clinical Environment (ICE) Clinician Patient
  • 13. Data Warehouse ICE Systems Apps Clinical Documentation App CDS App 1 CDS App 3 CDS App 2 MD 1 MD 2 MD 3 MD n ICE Manager CDS App a CDS App n EMR ADT Other Enterprise ICE Systems Apps CDS App 2 CDS App n Clinical DocumentationCDS App 1 ICE Coordinator 1 2 3 MEDICAL IOT ARCHITECTURE Remote Monitoring ICE Data Bus ICE Coordinator Data Bus Single Patient DB and App Multiple Patient DB ICE System App ICE Clinical App Medical Device (MD) Hospital IT systems Interface
  • 14. SCALABLE ARCHITECTURE Apps 1â€Ļn patients 1 patient per ICE 0â€Ļ.24 devices/sensors or therapeutic devices ICE Coordinator Data Cluster (HADOOP) 1 Coordinator per 250 beds EMR LAB PharmacyADT Hospital ICE System Network Across Hospital Network ICE Domain Hardware for ICE Manager Changes by Environment Other
  • 15. TECHNOLOGY ī‚§Repurposed Technology for Healthcare ī‚§ DDS (Standard Communication Protocol) ī‚§ Mature Standard ī‚§ Used in Military, Internet of Things, Energy, Public Works. ī‚§ Platform to Build Clinical Apps ī‚§ Environmentally Agnostic (change hardware to match intended use and environment)
  • 16. SECURITY AND SAFETY ī‚§ Traditional Security Approaches for IT will not meet the unique needs of the clinical environment. ī‚§ Security is required for patient safety. ī‚§ Security can’t impact patient safety or functionality of medical devices. ī‚§ Implementation of security must be evaluated for patient safety risks.
  • 17. â€ĻN ī‚­ â€ĻN ī‚­ 3 ī‚­ 3 ī‚­ 2 ī‚­ 2 ī‚­ ICE SECURITY ARCHITECTURE ICE Coordinator Roll-based Login Firewall Anti-Virus / Anti-Malware Coordinator whitelists each Manager & External Systems ICE Coordinator Roll-based Login Firewall Anti-Virus / Anti-Malware Coordinator whitelists each Manager & External Systems ICE Manager Manager whitelists Coordinator Roll-Based Login Anti-Virus / Anti-Malware Device Authentication ICE Manager Manager whitelists Coordinator Roll-Based Login Anti-Virus / Anti-Malware Device Authentication 1 ī‚­ Coordinator Data Bus ICE Data Bus External Systems Comm Interface (Driver) Communication “Process Whitelist” Comm Interface (Driver) Communication “Process Whitelist” Physical Security: Hospital Data Center Data-Level Security (DDS) Data-Level Transport Security (DDS) Medical Device (Legacy) Medical Device (Legacy) Medical Device (ICE Compliant) “Process Whitelist” Medical Device (ICE Compliant) “Process Whitelist” App Whitelist Process Whitelist Utilize Rolls of Manager App Whitelist Process Whitelist Utilize Rolls of Manager ī‚­ Patient
  • 18. SECURITY AND PRIVACY ī‚§ Defense in layers approach for ICE components and devices ī‚§ Process Whitelisting of Devices and Apps ī‚§ Unique Login and Password for Clinicians. ī‚§ Separate Devices Physically from Hospital Network (but not data). ī‚§ Virus and Malware, protection on Server and Coordinator, consider traditional medical devices similar to IoT sensors ī‚§ Implement DDS Security encryption and security individual data points at levels required. (not a one size solution for all data values or data paths). ī‚§ Blackbox recording of data at bedside similar to aviation. ī‚§ Encrypt all communications with PHI, use ICE patient session ID on devices not PHI on roaming devices.
  • 19. Note: The ICE Alliance is hosted by the IEEE-ISTO The ICE Alliance is a non-profit program committed to establishing healthcare environments that are safe, secure, and interoperable www.icealliance.org
  • 20. WHAT WILL THE ICE ALLIANCE DELIVER? Many Deliverables are already in progress through MD PnP Program + Collaborators ī‚§ Medical and Health IT equipment procurement language for use by healthcare delivery organizations (MD FIRE http://mdpnp.org/mdfire.php ) ī‚§ Clinical Needs Assessment and Descriptions – by HDOs ī‚§ System Requirements Specifications – elaborated by MD PnP program ī‚§ Use Case and Clinical Scenario Library – maintained by MD PnP ī‚§ ICE reference implementations, including safety and security requirements, and test tools – Started by MD PnP, see http://www.openice.info ī‚§ Feedback to Standards Development Organizations (SDOs) to help standards conform to ICE requirements – currently performed by MD PnP ī‚§ Regulatory science analysis related to submission http://mdpnp.org/ MD_PnP_Program___MDISWG.html interoperable medical devices and systems (FDA Pre-submission bit.ly/mdiswg ) ī‚§ Elaboration of requirements for EMR inclusion of device data
  • 21. MEMBERSHIP IN THE ICE ALLIANCE ī‚§ The IEEE-ISTO manages the IA ī‚§ Membership is free to individuals, non-profit organizations and federal agencies ī‚§ For-profit organizational membership ranges from $1000 to $10,000 annually ī‚§ Seed funding has been provided by HDOs, Manufacturers, and medical societies. Contributions are welcome. ī‚§ Specific projects are funded separately from annual membership ī‚§ Questions may be directed to jmgoldman@partners.org
  • 22. NOTE – NOT ALL PENDING MEMBERS ARE SHOWN ICE ALLIANCE FOUNDING MEMBERS* Founding Members Liaison Members *As of 7/25/15 Additional founding memberships in process
  • 23. CONCLUSION ī‚§ Turn the security monitoring question upside down, patient focused, not device focused, monitoring ī‚§ Leverage unique features of devices to gain security ī‚§ Utilized Integrated Clinical Environment architecture to gain security through separation of devices and network