MEM Cybersecurity Working Group Update to PCD Technical Committee

Slides:

Advertisements

Similar presentations

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Agile and Medical Device Software

® © 2005 University HealthSystem Consortium UHC Powerpoint.ppt Cybersecurity for Medical Devices presented at the MedSun Audioconference by Catherine Sprague,

Security Controls – What Works

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Exmouth House 3–11 Pine Street London EC1R 0JH T F E W PT/227/30028/1 Extending ASCE:

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

CLINICAL ENGINEERING part(3) Dr. Dalia H. Elkamchouchi.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Roles and Responsibilities

The Software Quality Assurance System By Jonathon Gibbs Jonathon Gibbs (jxg16u) 26 th November 2009.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

ONC FACA HIT Standards Committee Clinical Operations Workgroup Hearing on Barriers & Enablers for Medical Device Interoperability March 28, 2011 ~ Washington,

1 CONSENSUS STANDARDS OIVD WORKSHOP April 22-23, 2003 Rockville MD Ginette Y. Michaud, M.D. OIVD.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

Utah Life Science Summit Nov Phil Triolo, PhD RAC President, Phil Triolo and Associates LC.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

Device Management Infrastructure White Paper Brief Profile Proposal for IHE Year Dan Trainor, John Rhoads, Axel Wirth PCD MEM Working Group.

ISA99 - Industrial Automation and Controls Systems Security

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

MedCon 2016 Case Study Clinical Data Stored in the Cloud Managing the Risks from a Quality Perspective 05May2016 Track 2: “You Really want to store Clinical.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

November 6, 2013 Purchasing Controls & Supplier Quality Best Practices Beyond Compliance for the Medical Device Industry AdvaMed 2013 Bernie Liebler Technology.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

1 MEDICAL DEVICE CYBERSECURITY: FDA PERSPECTIVE SUZANNE B. SCHWARTZ, MD, MBA ASSOCIATE DIRECTOR FOR SCIENCE & STRATEGIC PARTNERSHIPS OFFICE OF THE CENTER.

Security and resilience for Smart Hospitals Key findings

Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.

MEM Cybersecurity Working Group Update to PCD Technical Committee

Implementing SMS in Civil Aviation: the Canadian Perspective

Cybersecurity - What’s Next? June 2017

Security Research Institute

Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

Security of In-Vehicle Software

Jeff Shuren, MD, JD Center for Devices and Radiological Health U. S

PCD MEM Medical Device IT Management

Medical Device Cybersecurity Legislative Activities - Overview

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Security Standards Overview

San Francisco IIA Fall Seminar

2017 Health care Preparedness and Response Draft Capabilities

Final Report of TF-CS/OTA September The Amba Hotel, London

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

CYRAIL Final Conference ERA on cybersecurity

HIPAA Security Standards Final Rule

HIPAA Policy & Procedure Strategies

Informal document GRVA st GRVA, September 2018

Status report of TF-CS/OTA

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Johannes E.G. (Hans) van Leuven

IT Management Services Infrastructure Services

DSC Contract Management Committee Meeting

Access to data requirementS

Connected HealthCare.

Presentation transcript:

MEM Cybersecurity Working Group Update to PCD Technical Committee Sept. 14, 2016

IHE PCD MEM Cybersecurity Working Group - Mission: Develop and provide cybersecurity guidance to the larger patient care and medical device industries: technology best practices, recommended policies & procedures, regulatory compliance, education and enablement, and sharing across stakeholders. This will build on and use existing healthcare and non-healthcare security frameworks and standards (e.g. IHE ITI but also non-IHE) and will consolidate and apply them to the unique medical device use cases. Current Cybersecurity Working Group Members: Philips, Draeger, Smiths Medical, Symantec, BBraun, individual members Existing Relationships: IHE ITI, IHE PCD MEM DMC/LS Group MDISS (MOU in place) Shared members: AAMI Device Security WG (TIR 57), Advamed, NH-ISAC, ISO TC215 JWG 7 Working relationships: FDA, US-CERT, DHS, ECRI Past Projects (completed): Cybersecurity Awareness WP (2011) Cybersecurity Best Practices WP (2015) ** Medical Device Patching WP (2015, in cooperation with MDISS) ** ** should be updated to reflect recent FDA Cybersecurity Guidance

Medical Device Cybersecurity Ecosystem Map – DRAFT (2016 08 22) Security Community Threat, Incident, & Vulnerability Intelligence Security Research Security Frameworks & Best Practices Regulations, Standards, Frameworks Government & Local Requirements Compliance Security Privacy Information Systems Security Risk Analysis & Management Security Defense & Incident Response Auditing & Reporting Medical Device Market Approval Manufacturing Quality Systems (GMP) Hazard Analysis Certification & Assurance Security Baseline Certification Standards Testing & Certification Auditing & Reporting Integration & Maintenance Vulnerability Sharing & Mgmt. Incident Reporting Life Cycle Maintenance (patching, etc.) Integration Architecture Manufacturer HDO Objective: Safety, Operational reliability, protect IP Policies & Procedures, incl. Quality System Contract Mgmt / Agreements / Supply Chain Software & Security Design Best Practices Asset Mgmt. Risk Mgmt. (Hazard Analysis, etc.) Risk Mitigation Threat & Vulnerability Sharing Incident Response & Reporting Documentation Secure Remote Access Objective: Minimize C-I-A Risk to Safety, Security, Privacy Policies & Procedures Contract Mgmt / Agreements / Procurement Asset, Configuration & Lifecycle (Change) Mgmt. Risk Mgmt. (HDO level) Risk Mitigation Incident Response & Reporting Device EOL Training & Education

IHE PCD MEM Cybersec WG - Proposal Update 2015 WPs to reflect FDA Postmarket Security Guidance (upon final release) Complete Ecosystem map: Review internally (IHE) and externally (public review) Produce & publish final Identify already active stakeholders or existing standards/ frameworks for each topic areas Identify gaps Propose how to address gaps Approach (whitepaper, specifications, standards, etc.) Suggested owner (IHE or outside) This approach is in line with IHE’s mission to provide guidance to the industry on complex and multi-stakeholder problems.

Obstacles: Bench strength – small group. Manufacturers only – how can we get better contribution from (and attract) HDO’s? US-focus – lack of international exposure and visibility. Official Mission and Tasks – how to proceed? This proposal for review and approval / turn proposal into a official project?