State Of Healthcare Cyber Safety

Presented at BSidesLV 2016, Aug. 2, 2016, 3 p.m. (60 minutes).

A year ago a predominant mode of thinking was that "nobody would ever hurt patients; there's no money in it." After a spate of Ransomware incidents that have shut hospitals, nobody says that anymore. There's been a lot of quiet progress - and some much more visible - in making medical devices safer. Manufacturers, the FDA, physicians, and security researchers are recognizing they can - and must - depend on each other to improve patient safety and medical treatment. Hear about our Hippocratic Oath for Connected Medical Devices, how much the FDA is pushing, what hospitals are doing, and other stories of progress as models for success.

There will be guest speakers filling in details of their progress, and what's next.


Presenters:

  • Colin Morgan - Global Product Security, Sr. Manager - Johnson & Johnson
    Colin Morgan, Johnson & Johnson Information Security & Risk Management, is leading the company's Global Product Security initiative to integrate cybersecurity into the Johnson & Johnson product development lifecycle and post market surveillance processes. This effort is focused on developing fundamental cybersecurity policies, standards and processes; establishing integral partnerships with both internal and external organizations; driving education and awareness plans; and monitoring and assessing industry and regulatory trends. Colin has worked in the cybersecurity field for a number of organizations including the Central Intelligence Agency and as a contractor for the National Oceanic & Atmospheric Administration. He is a featured speaker on cybersecurity and is passionate about the integration of the competency across all industries. Colin has his Bachelor's degree in Computer Engineering from The College of New Jersey, a Master's degree in Telecommunications from George Mason University, and is CISSP, CISM and GPEN certified.
  • Jay Radcliffe - Security Researcher - Rapid7
    Jay Radcliffe has been working in the computer security field for over twelve years, and is currently a Senior Security Researcher and consultant at Rapid7. Coming from the managed security services industry, Jay has used just about every security device made over the last decade. Recently, Jay has presented ground breaking research on security vulnerabilities in medical devices at Black Hat and Defcon. As he is a type I diabetic, Jay has unique expertise with medical device and medical related technology. Jay holds a Masters degree in Information Security Engineering from SANS Technology Institute as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University.
  • Beau Woods - Deputy Director, Cyber Statecraft Initiative - Atlantic Council/I Am The Cavalry
    Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public safety, and global security. Beau has been a part of the information security industry and hacker community for over a decade, is a frequent presenter, media contributor, and author.
  • Suzanne Schwartz, MD - Associate Director for Science and Strategic Partnerships, Emergency Preparedness/Operations & Medical Countermeasures (EMCM) Director (Acting) - FDA's Center for Devices and Radiological Health (CDRH)   as Suzanne Schwartz
    Suzanne B. Schwartz, MD, MBA is the Associate Director for Science and Strategic Partnerships in the Center for Devices and Radiological Health (CDRH) at the FDA. She also continues to serve as the Director (Acting) of CDRH's Emergency Preparedness/Operations and Medical Countermeasures program. Suzanne represents CDRH/FDA across inter-Agency initiatives for the Public Health Emergency Medical Countermeasures Enterprise (PHEMCE) for chemical, biological, radiological and nuclear threats (CBRN), natural disasters and emerging infectious diseases.As CDRH's Emergency Operations Coordinator, Suzanne is responsible for preparedness and incident response to all public health concerns involving or impacting medical devices, including cybersecurity of medical devices and their networked systems. Her programmatic efforts have evolved beyond response to include increasing awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH). Suzanne chairs the CDRH Cybersecurity Working Group which is tasked with formulating policy on medical device cybersecurity on behalf of the Agency. She also serves as co-chair of the Government Coordinating Council (GCC) for the HPH Critical Infrastructure Sector, focusing on the sector's healthcare cybersecurity initiatives.Suzanne earned an MD from Albert Einstein College of Medicine of Yeshiva University in New York in 1988, trained in General Surgery and Burn Trauma at the New York Presbyterian Hospital - Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business in 2012, and completed Cohort X of the National Preparedness Leadership Initiative - Harvard School of Public Health & Harvard Kennedy School of Government executive education in June 2013.
  • Christian Dameff MD MS / quaddi as Christian Dameff
    Christian Dameff is an emergency medicine physician and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure and medical devices. He has previously spoken at Defcon on healthcare related security issues and is an Open CTF Champion. In July he started a clinical informatics fellowship at the University of California San Diego.

Links:

Similar Presentations: