SlideShare a Scribd company logo

Killed by code - mobile medical devices

Download as PPTX, PDF
Flaskdata.io
Flaskdata.io

There is a perfect storm of consumer electronics, mobile communications and customer need - the need to help people manage chronic disease like Parkinson, diabetes and MSA and sustain life with pacemakers and ICDs

BusinessTechnology
1 of 22
Mob Sec Mobile Security Conference 4/11/2010 Herzliya Danny Lieberman – Software Associates. v6
Agenda  Mobile medical is hot  Applications  Threat scenarios  A threat model framework for secure code  Summary
Mobilemedicaldevices arehot Mobile consumer electronics creates potential for life-saving applications that are cheaper and more accessible than any other alternative. The FDA is not there yet. Neither is traditional IT security. Applications Threat scenarios Countermeasures
Datatracking Who: Patients, care-givers, doctors What: Data acquisition Why: Controlling symptoms of chronic illness requires tracking data over long periods of time. • Glucose • Heart rate • Blood pressure • Dosage (insulin, dopamine …) • ... Platforms : Smart-phones, data & location-based services. Diabetes Parkinson/MSA Alzheimer Asthma
Life-sustaining Who: Patients What: Implanted devices for cardiac pacing, defibrillation, drug delivery… Why: Sustain life Platforms : Embedded devices with mobile connectivity for remote monitoring & programming. Chronic heart disease Epilepsy Diabetes Depression “…the latest technology in a full complement of patient-focused CRM products”
Threatscenariotemplate An attacker may exploit vulnerabilities to cause damage to assets. Security countermeasures mitigate vulnerabilities and reduce risk. Asset Vulnerability Attacker
Radioattackscenario Patient with ICD Clear text protocol Threat T1 – A malicious attacker may exploit a clear text protocol and instruct an ICD to deliver a shock that would cause sudden cardiac death. Vulnerability V1 – Clear text communications protocol Countermeasure C1 – Encrypt network link Countermeasure C2 – Validate messages using secure tokens. Attacker
Implantable CardioverterDefibrillators In 2008, approximately 350,000 pacemakers and 140,000 ICDs were implanted in the US. Forecasted to $48BN in 2014. Proof of concept attack: • Reverse-engineered commands • Intercepted vital signs, history • Reprogrammed therapy settings • DoS to deplete battery • Directed the ICD to deliver 137V shocks that would induce ventricular fibrillation in a patient. 2008 ICD vulnerability study
Devicedefectattackscenario Patient Life Software defects Device malfunction Threat T2 – An internal short circuit is undetected by the device control software and may be fatal. Vulnerability V2 – Software doesn’t monitor hardware malfunctions Countermeasure C3 – Notify customer service when hardware issue identified. Countermeasure C4 – Implement fail-safe function
FDAdevicerecalls The FDA issued 23 recalls of defective devices in H1/2010. All were “Class 1” : “reasonable probability that use of these products will cause serious adverse health consequences or death.” At least 6 recalls were probably caused by software defects.
Maliciouscodeattackscenario ePHI Weak or well- known passwords Software defects OS vulnerabilities Malware Threat T3 – Malicious code may be used in order to exploit multiple vulnerabilities and obtain patient information Vulnerability V3 – USB, and/or Internet access enabled Countermeasure C4 – Hardware toggle USB Countermeasure C5 – Network isolation Countermeasure C6 – Software security assessment
Mobileclinicalassistants Mobile imaging analysis devices used by hospital radiologists had unplanned Internet access. Over 300 devices infected by Conficker and taken out of service. Regulatory requirements mandated that the impacted hospitals would have to wait 90 days before the systems could be modified to remove the infections and vulnerabilities.
WhereistheFDA? The FDA has refocused regulation from patient safety to auditing manufacturers’ compliance with their own standards. If the FDA has approved a medical device, consumers cannot sue. “Riegel v. Medtronic “, 2008
Athreatmodelsecurityframework
Objectives  Assess product risk  Understand what threats count  Prioritize countermeasures.  Drive profits Audit medical device manufacturer safety/security standards.
Assessproductrisk
Understandwhatthreatscount
Prioritizecountermeasures Product management has 1 dollar in their pocket:  Countermeasure C1 – Encrypt network link to ICD Countermeasure C21 – Validate POST requests with secure tokens.  Countermeasure C3 – Wearable “cloaker” to ensure that only authorized programmers can interact with the device.
Driveprofits Transparency means more eyeballs can look at issues. More eyeballs reduces cost. More eyeballs means safer devices. Safer devices means more revenue. Medical device threat models are transparent.
Sources  Riegel v. Medtronic, Inc. http://www.law.cornell.edu/supct/html/06-179.ZS.html  Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. Daniel Halperin et al. Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, May 2008. http://www.secure-medicine.org/icd-study/icd-study.pdf  Software transparency in imbedded medical devices http://www.softwarefreedom.org/resources/2010/transparent-medical- devices.html  Prof. Nir Giladi,Tel Aviv Souraski Hospital Neurology Department, personal communication on data tracking for MSA patients  Biotronik – cellular pacemaker, http://www.biotronik.com/en/us/19412

Recommended

Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 

Recommended

Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
Hacking Into Medical Devices
Hacking Into Medical DevicesHacking Into Medical Devices
Hacking Into Medical DevicesJane Wang
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)innovation9
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Security of Things Forum
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack Medigate
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityDr Dev Kambhampati
 
07.09.02
07.09.0207.09.02
07.09.02Mohammad Al-Ubaydli
 
Wireless Medical Devices
Wireless Medical DevicesWireless Medical Devices
Wireless Medical DevicesEMMAIntl
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Mobile Medicine 20 [5 Cr3 1330 Paton]
Mobile Medicine 20 [5 Cr3 1330 Paton]Mobile Medicine 20 [5 Cr3 1330 Paton]
Mobile Medicine 20 [5 Cr3 1330 Paton]Gunther Eysenbach
 
Protecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealthProtecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealthTAOklahoma
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay AnandDrug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay AnandAkshay Anand
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol AnalyzerSourav Roy
 
D&C Act 1940 Schedule Y - A Presentation by Akshay Anand
D&C Act 1940 Schedule Y - A Presentation by Akshay AnandD&C Act 1940 Schedule Y - A Presentation by Akshay Anand
D&C Act 1940 Schedule Y - A Presentation by Akshay AnandAkshay Anand
 
Mobile Medical Apps and FDA Regulatory Approach
Mobile Medical Apps and FDA Regulatory ApproachMobile Medical Apps and FDA Regulatory Approach
Mobile Medical Apps and FDA Regulatory ApproachAkshay Anand
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
Templanza
TemplanzaTemplanza
Templanzadeyaniira
 

More Related Content

What's hot

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
Hacking Into Medical Devices
Hacking Into Medical DevicesHacking Into Medical Devices
Hacking Into Medical DevicesJane Wang
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)innovation9
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack Medigate
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityDr Dev Kambhampati
 
Wireless Medical Devices
Wireless Medical DevicesWireless Medical Devices
Wireless Medical DevicesEMMAIntl
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Mobile Medicine 20 [5 Cr3 1330 Paton]
Mobile Medicine 20 [5 Cr3 1330 Paton]Mobile Medicine 20 [5 Cr3 1330 Paton]
Mobile Medicine 20 [5 Cr3 1330 Paton]Gunther Eysenbach
 
Protecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealthProtecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealthTAOklahoma
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 

What's hot (15)

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical Devices
 
Hacking Into Medical Devices
Hacking Into Medical DevicesHacking Into Medical Devices
Hacking Into Medical Devices
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
Wireless Integration Of Medical Devices (Ausbiotech 22 10 10)
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow Movers
 
Medical Devices Under Attack
Medical Devices Under Attack Medical Devices Under Attack
Medical Devices Under Attack
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
 
07.09.02
07.09.0207.09.02
07.09.02
 
Wireless Medical Devices
Wireless Medical DevicesWireless Medical Devices
Wireless Medical Devices
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and Evolver
 
Mobile Medicine 20 [5 Cr3 1330 Paton]
Mobile Medicine 20 [5 Cr3 1330 Paton]Mobile Medicine 20 [5 Cr3 1330 Paton]
Mobile Medicine 20 [5 Cr3 1330 Paton]
 
Protecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealthProtecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealth
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
 

Viewers also liked

Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay AnandDrug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay AnandAkshay Anand
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol AnalyzerSourav Roy
 
D&C Act 1940 Schedule Y - A Presentation by Akshay Anand
D&C Act 1940 Schedule Y - A Presentation by Akshay AnandD&C Act 1940 Schedule Y - A Presentation by Akshay Anand
D&C Act 1940 Schedule Y - A Presentation by Akshay AnandAkshay Anand
 
Mobile Medical Apps and FDA Regulatory Approach
Mobile Medical Apps and FDA Regulatory ApproachMobile Medical Apps and FDA Regulatory Approach
Mobile Medical Apps and FDA Regulatory ApproachAkshay Anand
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...Frederik Questier
 
OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011
OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011
OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011One Laptop per Pacific Child
 
Technologies For Higher Education
Technologies For Higher EducationTechnologies For Higher Education
Technologies For Higher EducationFrederik Questier
 
Freedom And Openness For Higher Education - Management workshop for Universit...
Freedom And Openness For Higher Education - Management workshop for Universit...Freedom And Openness For Higher Education - Management workshop for Universit...
Freedom And Openness For Higher Education - Management workshop for Universit...Frederik Questier
 
What Technology Lies Behind VPN
What Technology Lies Behind VPNWhat Technology Lies Behind VPN
What Technology Lies Behind VPNSovello Hildebrand
 
Adopting Open Source Software Policy: What Advantages and Challenges there ar...
Adopting Open Source Software Policy: What Advantages and Challenges there ar...Adopting Open Source Software Policy: What Advantages and Challenges there ar...
Adopting Open Source Software Policy: What Advantages and Challenges there ar...Sovello Hildebrand
 
OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011
OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011
OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011One Laptop per Pacific Child
 
What can we learn from One Laptop Per Child Projects?
What can we learn from One Laptop Per Child Projects?What can we learn from One Laptop Per Child Projects?
What can we learn from One Laptop Per Child Projects?Frederik Questier
 
Use of songs, raps, poems
Use of songs, raps, poemsUse of songs, raps, poems
Use of songs, raps, poemsmworth
 
Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...Frederik Questier
 
FLOSS - Business Aspects of Software Industry
FLOSS - Business Aspects of Software IndustryFLOSS - Business Aspects of Software Industry
FLOSS - Business Aspects of Software IndustryFrederik Questier
 
New learning paradigms and educational technologies
New learning paradigms and educational technologiesNew learning paradigms and educational technologies
New learning paradigms and educational technologiesFrederik Questier
 

Viewers also liked (20)

Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay AnandDrug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol Analyzer
 
D&C Act 1940 Schedule Y - A Presentation by Akshay Anand
D&C Act 1940 Schedule Y - A Presentation by Akshay AnandD&C Act 1940 Schedule Y - A Presentation by Akshay Anand
D&C Act 1940 Schedule Y - A Presentation by Akshay Anand
 
Mobile Medical Apps and FDA Regulatory Approach
Mobile Medical Apps and FDA Regulatory ApproachMobile Medical Apps and FDA Regulatory Approach
Mobile Medical Apps and FDA Regulatory Approach
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security
 
Templanza
TemplanzaTemplanza
Templanza
 
Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...
 
OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011
OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011
OLPC Oceania -- Vanuatu -- brief to MOE -- 16 aug2011
 
Technologies For Higher Education
Technologies For Higher EducationTechnologies For Higher Education
Technologies For Higher Education
 
Freedom And Openness For Higher Education - Management workshop for Universit...
Freedom And Openness For Higher Education - Management workshop for Universit...Freedom And Openness For Higher Education - Management workshop for Universit...
Freedom And Openness For Higher Education - Management workshop for Universit...
 
What Technology Lies Behind VPN
What Technology Lies Behind VPNWhat Technology Lies Behind VPN
What Technology Lies Behind VPN
 
Adopting Open Source Software Policy: What Advantages and Challenges there ar...
Adopting Open Source Software Policy: What Advantages and Challenges there ar...Adopting Open Source Software Policy: What Advantages and Challenges there ar...
Adopting Open Source Software Policy: What Advantages and Challenges there ar...
 
OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011
OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011
OLPC Oceania - ITU UNESCAP Regional Forum Bangkok -- 19 May 2011
 
What can we learn from One Laptop Per Child Projects?
What can we learn from One Laptop Per Child Projects?What can we learn from One Laptop Per Child Projects?
What can we learn from One Laptop Per Child Projects?
 
Use of songs, raps, poems
Use of songs, raps, poemsUse of songs, raps, poems
Use of songs, raps, poems
 
Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...Strategies and Policies for the implementation of Free & and Open Source Soft...
Strategies and Policies for the implementation of Free & and Open Source Soft...
 
FLOSS - Business Aspects of Software Industry
FLOSS - Business Aspects of Software IndustryFLOSS - Business Aspects of Software Industry
FLOSS - Business Aspects of Software Industry
 
FLOSS & OER
FLOSS & OERFLOSS & OER
FLOSS & OER
 
New learning paradigms and educational technologies
New learning paradigms and educational technologiesNew learning paradigms and educational technologies
New learning paradigms and educational technologies
 

Similar to Killed by code - mobile medical devices

Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsEMMAIntl
 
Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)HCL Technologies
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devicesAjay Ohri
 
Design Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud ConnectivityDesign Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud ConnectivityGreenlight Guru
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Walt Maclay
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxMarket iT
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...IT Network marcus evans
 
REMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptxREMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptxDr. Ravikiran H M Gowda
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesPEPGRA Healthcare
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoGlen Koskela
 
M health sierra wireless final
M health sierra wireless finalM health sierra wireless final
M health sierra wireless finalCarl Ford
 
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.pselonen
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Up conf-2013-m2 m-and-patient-care-final
Up conf-2013-m2 m-and-patient-care-finalUp conf-2013-m2 m-and-patient-care-final
Up conf-2013-m2 m-and-patient-care-finalsapenov
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Stephen Allan Weitzman
 

Similar to Killed by code - mobile medical devices (20)

Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
 
Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devices
 
Design Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud ConnectivityDesign Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud Connectivity
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicaux
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
REMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptxREMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptx
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciences
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
 
M health sierra wireless final
M health sierra wireless finalM health sierra wireless final
M health sierra wireless final
 
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Up conf-2013-m2 m-and-patient-care-final
Up conf-2013-m2 m-and-patient-care-finalUp conf-2013-m2 m-and-patient-care-final
Up conf-2013-m2 m-and-patient-care-final
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"
 

More from Flaskdata.io

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedFlaskdata.io
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemFlaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcareFlaskdata.io
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Flaskdata.io
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetFlaskdata.io
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachFlaskdata.io
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkFlaskdata.io
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security TechnologyFlaskdata.io
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickFlaskdata.io
 

More from Flaskdata.io (17)

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical data
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trials
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeed
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC system
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcare
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based Approach
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest link
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
 

Recently uploaded

EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsKnowledgeSeed
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 

Recently uploaded (20)

EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applications
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 

Killed by code - mobile medical devices

  • 1. Mob Sec Mobile Security Conference 4/11/2010 Herzliya Danny Lieberman – Software Associates. v6
  • 2. Agenda  Mobile medical is hot  Applications  Threat scenarios  A threat model framework for secure code  Summary
  • 3. Mobilemedicaldevices arehot Mobile consumer electronics creates potential for life-saving applications that are cheaper and more accessible than any other alternative. The FDA is not there yet. Neither is traditional IT security. Applications Threat scenarios Countermeasures
  • 4.
  • 5. Datatracking Who: Patients, care-givers, doctors What: Data acquisition Why: Controlling symptoms of chronic illness requires tracking data over long periods of time. • Glucose • Heart rate • Blood pressure • Dosage (insulin, dopamine …) • ... Platforms : Smart-phones, data & location-based services. Diabetes Parkinson/MSA Alzheimer Asthma
  • 6. Life-sustaining Who: Patients What: Implanted devices for cardiac pacing, defibrillation, drug delivery… Why: Sustain life Platforms : Embedded devices with mobile connectivity for remote monitoring & programming. Chronic heart disease Epilepsy Diabetes Depression “…the latest technology in a full complement of patient-focused CRM products”
  • 7.
  • 8. Threatscenariotemplate An attacker may exploit vulnerabilities to cause damage to assets. Security countermeasures mitigate vulnerabilities and reduce risk. Asset Vulnerability Attacker
  • 9. Radioattackscenario Patient with ICD Clear text protocol Threat T1 – A malicious attacker may exploit a clear text protocol and instruct an ICD to deliver a shock that would cause sudden cardiac death. Vulnerability V1 – Clear text communications protocol Countermeasure C1 – Encrypt network link Countermeasure C2 – Validate messages using secure tokens. Attacker
  • 10. Implantable CardioverterDefibrillators In 2008, approximately 350,000 pacemakers and 140,000 ICDs were implanted in the US. Forecasted to $48BN in 2014. Proof of concept attack: • Reverse-engineered commands • Intercepted vital signs, history • Reprogrammed therapy settings • DoS to deplete battery • Directed the ICD to deliver 137V shocks that would induce ventricular fibrillation in a patient. 2008 ICD vulnerability study
  • 11. Devicedefectattackscenario Patient Life Software defects Device malfunction Threat T2 – An internal short circuit is undetected by the device control software and may be fatal. Vulnerability V2 – Software doesn’t monitor hardware malfunctions Countermeasure C3 – Notify customer service when hardware issue identified. Countermeasure C4 – Implement fail-safe function
  • 12. FDAdevicerecalls The FDA issued 23 recalls of defective devices in H1/2010. All were “Class 1” : “reasonable probability that use of these products will cause serious adverse health consequences or death.” At least 6 recalls were probably caused by software defects.
  • 13. Maliciouscodeattackscenario ePHI Weak or well- known passwords Software defects OS vulnerabilities Malware Threat T3 – Malicious code may be used in order to exploit multiple vulnerabilities and obtain patient information Vulnerability V3 – USB, and/or Internet access enabled Countermeasure C4 – Hardware toggle USB Countermeasure C5 – Network isolation Countermeasure C6 – Software security assessment
  • 14. Mobileclinicalassistants Mobile imaging analysis devices used by hospital radiologists had unplanned Internet access. Over 300 devices infected by Conficker and taken out of service. Regulatory requirements mandated that the impacted hospitals would have to wait 90 days before the systems could be modified to remove the infections and vulnerabilities.
  • 15. WhereistheFDA? The FDA has refocused regulation from patient safety to auditing manufacturers’ compliance with their own standards. If the FDA has approved a medical device, consumers cannot sue. “Riegel v. Medtronic “, 2008
  • 17. Objectives  Assess product risk  Understand what threats count  Prioritize countermeasures.  Drive profits Audit medical device manufacturer safety/security standards.
  • 20. Prioritizecountermeasures Product management has 1 dollar in their pocket:  Countermeasure C1 – Encrypt network link to ICD Countermeasure C21 – Validate POST requests with secure tokens.  Countermeasure C3 – Wearable “cloaker” to ensure that only authorized programmers can interact with the device.
  • 21. Driveprofits Transparency means more eyeballs can look at issues. More eyeballs reduces cost. More eyeballs means safer devices. Safer devices means more revenue. Medical device threat models are transparent.
  • 22. Sources  Riegel v. Medtronic, Inc. http://www.law.cornell.edu/supct/html/06-179.ZS.html  Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. Daniel Halperin et al. Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, May 2008. http://www.secure-medicine.org/icd-study/icd-study.pdf  Software transparency in imbedded medical devices http://www.softwarefreedom.org/resources/2010/transparent-medical- devices.html  Prof. Nir Giladi,Tel Aviv Souraski Hospital Neurology Department, personal communication on data tracking for MSA patients  Biotronik – cellular pacemaker, http://www.biotronik.com/en/us/19412