There are over 5,000 hospitals in the U.S. and I’ve seen the number 6,000 as the number of medical device manufacturers. Medical devices are increasingly built with network connectivity. Examples include heart monitors, infusion pumps, glucose monitors, and assorted other treatment and diagnostic devices.
Cybersecurity has traditionally been concerned with Confidentiality, Availability, and Integrity of data. However, in medical devices and critical infrastructure (such as the electric power grid), the potential for harm means we have to include Safety when we think about cybersecurity.
On December 11, 2018, I’ll be leading the INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport” at the Connected Devices: Cybersecurity & Compliance Summit in San Francisco at the Kabuki Hotel. See http://connected-devices-summit.com. This interactive workshop will focus on how device developers can collaborate with hospitals and clinics, who purchase network-connected medical devices and need to operate them in their complex networks. This highly interactive and hands-on session will be conducted by a team with diverse backgrounds, including a hospital CIO, a clinical engineer, a hospital information security officer, and two neutral cybersecurity consultants to facilitate and moderate.
My collaborators for this workshop include:
- Deb Muro, Chief Information Officer, El Camino Hospital
- Jason Johnson, Information Security Officer, Marin General Hospital
- Matthew Jones, Clinical Engineering Security Specialist, Intermountain Healthcare
- Christine Sublett, President & Principal Consultant, Sublett Consulting, LLC
If you’d like to read more on the subject, see the following or contact me for more references.
- Click Here to Kill Everybody: Security and Survival in a Hyper-connected World (2018)
A Book by Bruce Schneier https://www.schneier.com/books/click_here/
- Report on Improving Cybersecurity in the Health Care Industry https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf