Medical Devices in Hospital Networks: Mitigating Risk in 2016
As the need for a cost-effective patient care increases, developments and innovation in the healthcare technology begin to arise. Nowadays, the numerous advances in computer algorithms, the Internet-of-Things, sophisticated wearable and medical devices enable easier wireless networking between users, health care centers, manufacturers and patients. This direct connection between patient care and medical devices improves health care and increases the ability of physicians and health care service centers to easily provide medical treatment.
However, despite the numerous opportunities, medical devices, like other computer system can be vulnerable to cybersecurity breaches which may consequently impact patient care, brand and reputation of hospitals, and the safety of patients' personal and medical information.
The widespread use of wireless technology and software in medical devices escalates the risks of potential cybersecurity threats. Addressing such threats and reducing information security risks requires manufacturers, hospitals and facilities to ensure effective safeguards in identifying risks and hazards associated with their medical devices, and applying appropriate mitigation strategies to address patient safety risks and proper device performance.
In this LIVE Webcast, a seasoned panel of thought leaders, professionals, and practitioners brought together by The Knowledge Group will review and discuss the potential problems and possible impact of medical devices in the healthcare landscape. Speakers will also help the audience understand the pace of innovation in this area including its direct connection to business potential and overall cost savings.
Key topics include:
- Networked Medical Devices in Hospitals, Clinics, and Care Centers
- Cyber Security and Safety Risks
- Hardware, Software, and Architectural Limitations
- Networks, Internet-of-Things, and Bluetooth
- Legacy Equipment (Passwords, Upgrades, Coding)
- Current Device Limitations
- Cyber Attacks and Malware ('MEDJACK', 'Zeus', and 'Citadel')
- Federal Regulations for Hospitals and Manufacturers
- Current Limitations
- Suggested Enhancements
- Device Standards and Compliance
- Network Security Risk Evaluation and Analysis
- Risk Mitigation Strategies on Networks
- Security Management Programs
- Manufacturer's Security Guidance and Disclosure Policies
- Device Hardware and Software Updating
- Regulatory Compliance
- Liability Assessment and Mitigation
- Best Practices
James Carder, CISO & VP, LogRhythm Labs
- Cybersecurity has a direct connection to patient care. Threats pose a real risk to compromising the care and security of patients. And healthcare organizations are dealing with a network that was never built to operate in a hostile environment.
- There are many threat actors that pose a risk to hospitals, including nation states, commodity malware, financial crime, terrorism, insider threats, and more.
- The Internet of Things (IoT) has the potential to have great impact on healthcare. It’s innovating at a faster pace and the healthcare industry needs to move quickly to secure it.
- There is a gap between security of existing and new medical devices. Recent healthcare requirements have been established to secure medical devices, but the majority of hospitals are operating with unsecured legacy devices.
- The hospital of the future will have plans and technology in place that protect patients (including documented “what-if” scenarios with both regular and VIP patients) that will help mitigate the risk of catastrophic, security-related events.
Ryan Winn, Director of Technology and Security, Information Systems
- Overview of the security challenges networked medical devices represent to the hospital and health system.
- Exploring the level of risk and exposure medical devices can create from both a health system and attacker viewpoint.
- Outlining a common sense approaches to improving the security of medical devices from risk analysis, policy, supply chain, networking and physical security perspectives.
Susan R. Huntington, Attorney
Day Pitney LLP
- More and more medical devices are associated with or dependent on technology, such as patient portals, clinical monitoring, medication administration and data aggregation.
- This reliance on technology raises privacy and security concerns which add to the traditional medical device risks of product liability and bodily injury.
- Organizations need to focus these risk management considerations associated with medical device technology exposures, including ways to address such risk areas through contract terms and conditions.
Josh Hanet, Attorney
- Overview and update on the FDA’s draft Guidance for the Postmarket Management of Cybersecurity in Medical Devices, including recommended premarket risk assessment and management plans and postmarket considerations;
- Canvassing proactive steps that can be taken based on the Guidance, ranging from design, testing and monitoring considerations to cybersecurity insurance coverage; and,
- Recent examples in the US and Canada of cybersecurity attacks/leaks in a device or institutional setting, how the courts have dealt with these attacks/leaks, and the standards manufacturers can expect to held to
Who Should Attend:
- Medical Device Manufacturers
- Medical Device Software Developers
- Medical Device Risk Managers
- Medical Device Litigators and Attorneys
- Health Care Security Specialists
- Medical Records Managers
- Chief Privacy Officers
- Chief Risk Officers
- Chief Medical Information Officers
- Chief Information Officers
- Chief Technology Officers
- Chief Security Officers
- Cyber Security Professionals
- Risk Directors
- Privacy Directors
- Information Security Directors
- Risk Managers
- Compliance Officers
- IT Professionals
- Other Health Care Workers
James Carder brings more than 17 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies, protects the confidentiality, integrity, and availability of information assets, oversees both threat and vulnerability management as well as the Security Operations Center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs machine data intelligence, threat and compliance research teams.
Prior to joining LogRhythm, James Carder was the Director of Security Informatics at Mayo Clinic where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Prior to Mayo, Mr. Carder served as a Senior Manager at MANDIANT, where he led professional services and incident response engagements. He led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT). James is a sought-after and frequent speaker at cyber security events and is a noted author of several cyber security publications.
James holds a Bachelor of Science degree in Computer Information Systems from Walden University and is a Certified Information Systems Security Professional (CISSP.)
James Carder brings more than 17 years of experience working in corporate IT security and consulting for the Fortune 500 …
Ryan Winn has 15+ years experience in healthcare IT. He is currently the Director of Information Services at Munson Healthcare in Traverse City, Michigan. At Munson, he has responsibility for all technical functions plus information security and privacy for the health system. Prior to joining Munson, he worked in leadership positions at MidMichigan and Banner Health. During his career, he has provided leadership to many large initiatives including EMR implementations in both acute and ambulatory settings, systems integration, facility acquisitions, information security and strategic planning. He earned his BS in Management of Information Systems from University of Colorado, Denver.
Ryan Winn has 15+ years experience in healthcare IT. He is currently the Director of Information Services at Munson Healthcare …
Susan Huntington assists health care providers with the spectrum of business and regulatory needs. She has focused her entire legal career in health law and has extensive clinical, business management, insurance, risk management and legal experience. Susan has provided legal support from just about every side of a transaction -- serving as in-house counsel at national health insurer, general counsel for a large primary care physician group, deputy general counsel for an integrated multi-hospital system and manger of clinical risk consulting services for a professional liability insurance carrier. In addition, her experience as a physician assistant aids with her interactions with health care clients by understanding the general clinical environment and the challenges to achieving success in today's complicated regulatory and litigious environment.
More and more medical devices are associated with or dependent on technology, such as patient portals, clinical monitoring, and data aggregation. This reliance on technology raises privacy and security concerns which add to the traditional medical device risks of product liability and bodily injury. Ms. Huntington will discuss risk management considerations associated with these new medical device technology exposures and ways to address such risk areas through contractual terms and conditions.
Susan Huntington assists health care providers with the spectrum of business and regulatory needs. She has focused her entire legal …
Josh is Toronto-based Gowling WLG lawyer practising in the area of advocacy. His practice focuses on product liability, commercial litigation, and professional liability.
Josh has significant experience in product liability defence work, including class actions, for defendants from varied industries, including the consumer product, pharmaceutical, and manufacturing sectors. Josh's representative work has brought him before all levels of Court in Ontario, including the Court of Appeal, the Supreme Court of Nova Scotia, the Supreme Court of British Columbia as well as professional regulatory bodies and other administrative tribunals.
Josh is Toronto-based Gowling WLG lawyer practising in the area of advocacy. His practice focuses on product liability, commercial litigation, …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge and Applications
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About LogRhythm, Inc.
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s award-winning platform unifies next-generation SIEM, log management, network and endpoint forensics, and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.
About Munson Healthcare
Munson Healthcare consists of a major tertiary referral medical center, eight rural-based hospitals including four Critical Access Hospitals, extensive outpatient treatment and rehabilitation facilities, emergency, transportation, and home-based medical services covering 30 counties in Michigan’s northern Lower Peninsula and eastern portion of the Upper Peninsula. Offering direct access to more than 950 physicians and providers, representing more than 50 specialties. Our nine hospitals include Charlevoix Area Hospital, Kalkaska Memorial Health Center, Mackinac Straits Health System (St. Ignace), Munson Healthcare Cadillac Hospital, Munson Healthcare Grayling Hospital, Munson Medical Center (Traverse City), Otsego Memorial Hospital (Gaylord), Paul Oliver Memorial Hospital (Frankfort), and West Shore Medical Center (Manistee).
About Day Pitney LLP
Day Pitney LLP is a full-service law firm with close to 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York, and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest and most sophisticated individual clients practices in the country, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
About Gowling WLG
Gowling WLG is an international law firm created by the combination of Gowlings, a leading Canadian law firm, and Wragge Lawrence Graham & Co (WLG), a leading U.K.-based international law firm.
With more than 1,400 legal professionals in 18 cities worldwide, we provide our clients with in-depth expertise in key global sectors and a suite of legal services at home and abroad. We see the world through our clients’ eyes, and collaborate across countries, offices, service areas and sectors to help them succeed, no matter how challenging the circumstances.