An esteemed panel of biomedical and security leaders discussed "The Biomedical Elephant in the Room" at the California Healthcare Cybersecurity Forum today in Beverly Hills.
Healthcare IoT (HIoT) now extends from one side of healthcare delivery to the other and today that includes an increasing number of medical devices, robots, health automation systems and building management systems none of which hospitals can easily do without.
Most of these connected devices however are not traditionally managed by IT, many don’t appear in any asset management database, most are not patched against vulnerabilities regularly (if ever), and the vast majority are highly vulnerable to cyber-attack and extortion. Very few have effective compensating security controls like micro-segmentation, to protect patients from being the subject of the attack, rather than just the device attached to them.
A large number of network and implantable medical devices, pose a significant patient safety risk if not secured and could cause patient harm or even fatalities.
Dick Cheney, former Vice President of the United States, had the wireless interface to his own pacemaker disabled because of fears that me might be hacked or assassinated by a political opponent or foreign government via manipulation of the cardiac defibrillator keeping him alive. This scenario was the basis of an episode in the TV series Homeland, in which the Vice President of the United States was hacked and killed.
The panel discussed what can be done to mitigate security risks and protect patient safety, and comprised of Chad Wilson, CISO at Standford Childrens' Health, Dr. Benoit Desjardins MD, Ph.D. Associate Professor of Radiology and Medicine at Penn Medicine, Harb Singh, Security Program Manager at Cedars-Sinai Medical Center, and Richard Staynings, Chief Security Strategist at Cylera.
For those that missed this highly informative and educational session, Richard will be moderating a similar panel in Boston at the Healthcare Innovation, Healthcare Cybersecurity Forum, on Oct 4th.
If the security of your medical devices and other healthcare IoT systems is of concern to you, why not Contact Us to schedule a no-obligation call to find out how you can reduce your cyber risks.