Session ID: 
186

Managing the Risk for Medical Devices Connected to the Cloud

2:30pm - 3:30pm Wednesday, March 11
Orlando - Orange County Convention Center
W311E

Description

Medical devices are becoming a major point of attack in the healthcare industry. In today's healthcare environment, medical devices send their data directly to the cloud. Medical devices can send data directly to the Electronic Health Record (EHR), or a cloud storage area for sharing with other Healthcare Delivery Organizations (HDO). These devices collect and transmit real-time Electronic Protected Health Information (ePHI) and often rely on out-of-date software that can be susceptible to malware. In order to prevent cybersecurity incidents, it is important to recognize the enormity and complexity of the problem as well as to catalog the threats and vulnerabilities. While it is possible for hackers to gain access to medical devices for nefarious purposes, a more likely scenario is that they will use this access to identify, access, and exfiltrate medical records. Sending this data to the cloud increases the attack

Learning Objectives

  • Define the pre-purchase security evaluation process for new medical devices
  • Classify medical devices based on their degree of separation from the patient
  • Describe how the degree of separation affects the update, patching, and security management process for medical devices
  • Identify the risk associated with connecting medical devices to the cloud

Speaker(s)

Information Security Architect,
Trinity Health

Continuing Education Credits

ABPM
1.00
CAHIMS
1.00
CME
1.00
CNE
1.00
CPHIMS
1.00
IAPP
1.00
PDU
1.00

Audience

CIO/CTO/CTIO/Senior IT
Clinical Engineering Professional
Supply Chain Management Professionals/Clinicans

Level

Intermediate