Download Cybersecurity of Medical Devices

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

Electronic prescribing wikipedia , lookup

Transcript 
Cybersecurity of
Medical Devices
Christopher Kersbergen, JD
October 14, 2016
What is the problem?

2008 – Pacemaker hack

2011 – Insulin Pump hack

2013 – Discovery of a wide range of vulnerabilities: surgical and
anesthesia devices, ventilators, infusion pumps, defibrillators, patient
monitors, laboratory equipment

2015 - Hospira Symbiq Infusion System vulnerabilities

2016 – Vulnerabilities reported in St Jude Medical manufactured
pacemakers

2016 – Johnson & Johnson alerts users of cybersecurity vulnerability
in insulin pumps.
Why are medical devices being
attacked?

Enormous profit from stealing patient health information

No ability to scan for viruses and malware

Unsecured connections

Hardcoded passwords

Outdated operating systems
How is cybersecurity of medical
devices being addressed?

Food and Drug Administration Guidance

Shared Responsibility

Risk Management Programs

Routine Updates and Patches

Essential Clinical Performance

Controlled and Uncontrolled Risks

Information Sharing and Analysis Organizations (ISAO)
Essential Clinical Performance

Manufacturer defined

Uncontrolled Risk = Serious Injury or Death

Controlled Risk = No Possibility of Injury or Death due to Vulnerability
Information Sharing and Analysis
Organizations (ISAO)

Marketplace for Information with all Stakeholders

Shared Vulnerabilities by All Stakeholders

Incentives for Joining
Where is there room for
Improvement?


Patient Privacy Issues Not Addressed

Physical Safety

Information Safety
ISAOs poorly defined

Inherent Risks with ISAOs

Opportunists Have Access to Vulnerability Information
Conclusion

Requirements, not Just Recommendations
Related documents
This Article argues that intellectual property law stifles critical
This Article argues that intellectual property law stifles critical
Overview of the SSNAPP Methodology
Overview of the SSNAPP Methodology
Zero day timebomb infographic3
Zero day timebomb infographic3
Findings and Recommendations
Findings and Recommendations
Liability Regimes
Liability Regimes
Careless Delegation of Trust
Careless Delegation of Trust
Vulnerability
Vulnerability
Chapter 1: Security Problems in Computing
Chapter 1: Security Problems in Computing
Interagency Cybersecurity Forum Launched; NRC Chairman Allison Macfarlane Chairs Inaugural Meeting
Interagency Cybersecurity Forum Launched; NRC Chairman Allison Macfarlane Chairs Inaugural Meeting
Vulnerability Management
Vulnerability Management
Role of Web Application Vulnerabilities in Information
Role of Web Application Vulnerabilities in Information
Cybersecurity - Queen`s Wiki
Cybersecurity - Queen`s Wiki
Information Security - Georgia Libraries Tech Center
Information Security - Georgia Libraries Tech Center
Cybersecurity and Information Assurance
Cybersecurity and Information Assurance
Framework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity
Predicting zero-day software vulnerabilities through data mining Su
Predicting zero-day software vulnerabilities through data mining Su
Exondys 51
Exondys 51
Vulnerability analysis consists of several steps: Defining and
Vulnerability analysis consists of several steps: Defining and
we4startups cybersecurity workshop
we4startups cybersecurity workshop
GHG Inventory review - E-Learning Module
GHG Inventory review - E-Learning Module
Selligent and StrongView 2016 Marketing Trends Survey
Selligent and StrongView 2016 Marketing Trends Survey
Acronyms abbreviations
Acronyms abbreviations