Webinar Wednesday: Cybersecurity in Healthcare

May 31, 2024

Review flashcards

Webinar Wednesday: Cybersecurity in Healthcare

Introduction

  • Eligible for 1 continuing education credit from ACI.
  • Trivia question for a Webinar Wednesday shirt: CyberMDX won the Fortress Cybersecurity Award.
  • Future HTM Mixers: Milwaukee (July 14-15) and Kansas City (September 9-10).
  • Sponsor: CyberMDX
    • Provides a platform for monitoring and prioritizing device groups.
    • Enables simulation of security actions and risk reduction.
    • Focuses on medical and IoT device protection.

Presenter: Rich D Fabridis

  • Senior Director of Product Marketing at CyberMDX.
  • 25+ years of experience in telecommunications and security.
  • Previous roles: BAE Systems, Sonus Networks, Avaya, Ellucian Technologies.

Overview of CyberMDX

  • Mission: Secure systems and devices in healthcare delivery organizations.
  • Healthcare Security Suite: Provides layered security at the device level.
  • Recognized by Forrester, Frost and Sullivan, and Gartner Peer Insights.
  • Clients include Mainline Health, Michigan Medicine, Northwestern Medicine.
  • Research arm collaborates with manufacturers and organizations like CISA, MITRE, and the FDA.

Challenges in Healthcare Cybersecurity

Day in the Life of a CISO/IT Security Professional

  • Often lack dedicated security teams in hospitals.
  • High turnover rates for CSOs due to job stress.
  • Main Challenges:
    • Network complexity
    • Budget constraints
    • Lack of security tools for medical devices
    • Increased attacks on healthcare organizations

Evolving Security Landscape

  • Shift from broad attacks to targeted surgical attacks (e.g., social engineering, ransomware).
  • Recent cyberattack examples: Bangladeshi bank heist, healthcare data breaches.
  • Healthcare data is highly valuable on the dark web.

Role of Biomedical Engineers

  • Manage 20-30k connected devices in hospitals, including 10-15k medical devices.
  • Challenges:
    • Time and resource constraints
    • Limited contextual information
    • Need to prioritize security in device management

Collaboration Between Security and Biomedical Teams

  • Importance of collaboration on device management and procurement.
  • Need for integration and automation for better device lifecycle management.

Key Focus Areas for Improving Security

  1. Device Assessment: Identify and register all devices, evaluate compliance.
  2. Policy Standardization: Create and enforce security policies for critical devices.
  3. Ongoing Management:
  • Risk Assessment: Identify and prioritize vulnerabilities.
  • Detection and Response: Monitor for breaches, implement incident response.
  • Compliance and Governance: Ensure ongoing compliance with regulations.

Implementing Solutions

  • Need for a comprehensive HTM (Healthcare Technology Management) solution.
  • Focus on accurate asset tracking, risk assessments, and ongoing monitoring.
  • Creating synergy and breaking down silos within the organization for effective cybersecurity.

Conclusion

  • Effective cybersecurity requires collaboration across teams and comprehensive solutions.
  • Increased need for security awareness and education across all hospital staff.

Q&A Summary

  • Collaboration between security and biomedical teams: Encouraging more collaboration out of necessity, though not fast enough.
  • Public sector HTM involvement: Advocacy for pre-sourcing risk assessments and ongoing communication between HTM and IT/security teams.

Closing Remarks

  • Continuing education credit information.
  • Future webinars and contact information for further questions.