IoT in Healthcare: Life or Death

Slides:



Advertisements
Similar presentations
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Advertisements

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Sandy Lum University of Toronto Candidate MHSc in Clinical Engineering The Totally Integrated Electronic Patient Record (EPR)
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Kellie E. Tomeo, Esq Rampart International, LLC. AdvantageChallenge Increase existing security personnel productivity Increase existing facility personnel.
Digital Hospital Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Network security Product Group 2 McAfee Network Security Platform.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.
1 Healthcare and Cyber Security 2015: Is India Ready? Nitish Chandan Int. B.Tech CSE + LL.B Hons. Cyber Law (UPES, Dehradun) Founder & Technical Writer.
Author : Elliot B. Sloane, Ph.D. American College of Clinical Engineering, President Villanova University Department of Decision.
IS3220 Information Technology Infrastructure Security
Enterprise Network Security Threats that are Overlooked.
The Physical Security in UTM NAWAF OMAR MAN Prof Hafiza Abas.
Is Endpoint security dead?
Security and resilience for Smart Hospitals Key findings
The Game has Changed… Ready or Not! Ted Lee
Proactive Incident Response
Protect your Digital Enterprise
2017 Security Predictions from FortiGuard Labs
Cloud Security for eHealth – Study Validation
IoT Security Part 2, The Malware
OIT Security Operations
Makes Insurance Smarter.
Ch.22 INTRUSION DETECTION
Smart Building Solution
BEST PRACTICES FOR AN IT SECURITY ASSESSMENT
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
Active Cyber Security, OnDemand
Smart Building Solution
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
How IIoT Makes Machines and Devices More Effective & Intelligent
Wenjing Lou Complex Networks and Security Research (CNSR) Lab
Catherine Koetz, Industry Manager - Healthcare, GS1 Australia
Virtualization & Security real solutions
Closing the Breach Detection Gap
Internet of Things (IoT)
Healthcare Cloud Security Stack for Microsoft Azure
Cyber Defense Matrix Cyber Defense Matrix
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Artificial Intelligence Changes the Security Landscape
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Security Essentials for Small Businesses
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Securing the Threats of Tomorrow, Today.
Panda Adaptive Defense Platform and Services
The Practical Side of Meaningful Use:
Chapter 4: Protecting the Organization
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
The MobileIron® Threat Detection difference:
Technology Convergence
Tobey Clark, Director*, Burlington USA
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Wireless technologies on patient safety
Introduction to Symantec Security Service
The journey to a SMART University
SMART Hospital Solutions
Houston Code Wars Bob Moore March 2, 2019 WWAS 2019 | Confidential.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

IoT in Healthcare: Life or Death SBX2-R4 IoT in Healthcare: Life or Death Dr. May Wang Co-Founder & CTO ZingBox

Introduction Healthcare IoT Challenges Why not current solutions? What can we do? What’s in real world?

IoT offers New Values to Healthcare Delivery Organizations + IT Information Technology Infrastructure, Security, Applications BIOMED Medical Device Management Safety, Efficiency and Effectiveness Real-Time Health System (RTHS) PEOPLE | PROCESS | SERVICES BENEFITS CHALLENGES Situational aware patient care Increased operational efficiency Security risks Service integrity & continuity

The Healthcare IoT Medical IoT Real-Time Health System Operational IoT Infusion Pumps 90% hospitals are victims of cyber threats BLOOMBERG Connected HVAC MRI Scanners Smart Lighting Patient Monitors Surveillance Camera 25% of identified attacks will involve IoT by 2020 Safety Quality Patient safety Care delivery quality Security Serviceability Data and equipment security Care service integrity & continuity GARTNER

Challenges of Securing Medical IoT HOSPITAL NETWORK FIREWALL Firewall - the single line of defense (With no device context, only works at IP level) Gateway Gateway PACS Unmonitored network (Medical IT network remains unprotected) Patient Rooms MEDICAL IT NETWORK Lack of endpoint visibility & security (Agents cannot be deployed) IV Pumps Patient Monitors Radiology

Why Not Current Security Solutions? Network of the Future Today’s Network Homogeneous Infrastructure Variety of unique devices Specific-purpose hardware Unique malware for each device Reactive approach not effective Future 2015 Reactive Approach Detects & Blocks known malware Intelligent & Proactive Security Context of use combined with Machine Learning & Behavioral Analysis

Healthcare IoT Security through Deep Learning 1 IoT Visibility Detect unmanaged devices Recognize & classify Actively manage inventory 3 Regulate Behavior Security posture Risk assessment Smart whitelisting 2 IoT Personality Behavioral modeling Device profiling Personality Deep Learning ZingBox Cloud IoT Knowledge-base & AI Engine

Reality of Healthcare IoT 71% Non- Medical IoT Non-traditional IT equipment (IoT) outnumber the IT devices 68% IoT 29% Medical IoT IoT Devices are - Unmanaged assets Shadow devices Total IoT Devices Total Number of Devices There are 68% IoT Devices (out of total number of devices)   Of all IoT Devices,  71% Non-Medical IoT Devices  29% Medical IoT Devices

What are Medical IoTs 29% 23% 16% 10% 9% 5% 4% 3% 1% Percentage of Medical IoTs Combined average in numeric order, 9 total categories: Infusion Pump (29%) ECG Machine (23%) Imaging Systems (16%) Patient Monitor (10%) Point of Care Analyzer (9%) Patient Tracking (5%) Medical Printer (4%) Nurse Call System (3%) Other Healthcare* (1%) *Other HealthCare includes:  Clinical Analyzer, Microdialysis System, Patient Security System Total 735

Device Personality Based IoT Security Understanding each device without touching device Individual device model Device group model Category model Individual device model – describes learned behaviors of an individual IoT device. Device group model – describes the common behaviors of a group of IoT devices – they can be categorized based on vendor or type, e.g. all Stinger vital sign monitors, or all vital sign monitors. User model – describes user (admin) defined behavior standards based on domain knowledge or

Examples of IoT Security Use Cases Infiltration Botnet Ransomware Data Exfiltration

Example of Infiltration

Example of Data Exfiltration Hospitals are among the most attracted targets for data exfiltration. Medical records = big money for organized crime. Detections — look for unseen internal app/destinations, and external destinations anomalies. Correlate events (scanning, infiltration, malware upload, etc.) in attack phase based on timeline and associated devices, and trigger early detections and actions.

In Conclusion URGENCY IoT in Healthcare is real IoT security in Healthcare is life or death Current solutions are not enough, we need new solutions WHAT CAN WE DO TODAY? Visibility – Know what IoT devices you have Risk Assessment – Know the IoT vulnerabilities Management – Get a handle on unmanaged IoT assets

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.