Connected Devices: Cybersecurity & Compliance Summit
December 11-12, 2018 at the Hotel Kabuki in San Francisco.
On December 11th, I was joined by a great team to conduct a 2.5-hour workshop entitled “Cybersecurity for Medical Devices is a “Team Sport.” Assisting with the workshop were:
- Jason Johnson, Information Security Officer, Marin General Hospital
- Matthew Jones, Clinical Engineering Security Specialist, Intermountain Healthcare
- Deb Muro, Chief Information Officer, El Camino Hospital
- Christine Sublett, President & Principal Consultant, Sublett Consulting, LLC
The workshop focused on how device developers can collaborate with hospitals and clinics to help make sure medical devices are set up and managed to protect patients’ privacy and safety.
The highly interactive session was conducted by a team with diverse backgrounds, including a hospital CIO, a clinical engineer, a hospital information security officer, and two neutral cybersecurity consultants to facilitate and moderate. Topics covered included:
- Considerations during procurement, integration and operations
- Defining best practices for device inventory management and monitoring device behavior and network traffic for potential cybersecurity attack indications
- Ways of thinking about the issues in terms of people, process, and technology
- Views on how connected medical device cybersecurity can be approached as a ‘team sport’ involving collaboration among manufacturers, regulators, providers (hospitals and physicians), supply chain, and patients
- Understanding how hackers plan their attacks
- Ideas for ways potential risks may be mitigated
Group exercises and case studies were included.