Presentation is loading. Please wait.

Presentation is loading. Please wait.

MEM Cybersecurity Working Group Update to PCD Technical Committee

Published byRalf Holmes Modified over 6 years ago

Similar presentations

Presentation on theme: "MEM Cybersecurity Working Group Update to PCD Technical Committee"— Presentation transcript:

1 MEM Cybersecurity Working Group Update to PCD Technical Committee
Sept. 14, 2016

2 IHE PCD MEM Cybersecurity Working Group - Mission:
Develop and provide cybersecurity guidance to the larger patient care and medical device industries: technology best practices, recommended policies & procedures, regulatory compliance, education and enablement, and sharing across stakeholders. This will build on and use existing healthcare and non-healthcare security frameworks and standards (e.g. IHE ITI but also non-IHE) and will consolidate and apply them to the unique medical device use cases. Current Cybersecurity Working Group Members: Philips, Draeger, Smiths Medical, Symantec, BBraun, individual members Existing Relationships: IHE ITI, IHE PCD MEM DMC/LS Group MDISS (MOU in place) Shared members: AAMI Device Security WG (TIR 57), Advamed, NH-ISAC, ISO TC215 JWG 7 Working relationships: FDA, US-CERT, DHS, ECRI Past Projects (completed): Cybersecurity Awareness WP (2011) Cybersecurity Best Practices WP (2015) ** Medical Device Patching WP (2015, in cooperation with MDISS) ** ** should be updated to reflect recent FDA Cybersecurity Guidance

3 Medical Device Cybersecurity Ecosystem Map – DRAFT (2016 08 22)
Security Community Threat, Incident, & Vulnerability Intelligence Security Research Security Frameworks & Best Practices Regulations, Standards, Frameworks Government & Local Requirements Compliance Security Privacy Information Systems Security Risk Analysis & Management Security Defense & Incident Response Auditing & Reporting Medical Device Market Approval Manufacturing Quality Systems (GMP) Hazard Analysis Certification & Assurance Security Baseline Certification Standards Testing & Certification Auditing & Reporting Integration & Maintenance Vulnerability Sharing & Mgmt. Incident Reporting Life Cycle Maintenance (patching, etc.) Integration Architecture Manufacturer HDO Objective: Safety, Operational reliability, protect IP Policies & Procedures, incl. Quality System Contract Mgmt / Agreements / Supply Chain Software & Security Design Best Practices Asset Mgmt. Risk Mgmt. (Hazard Analysis, etc.) Risk Mitigation Threat & Vulnerability Sharing Incident Response & Reporting Documentation Secure Remote Access Objective: Minimize C-I-A Risk to Safety, Security, Privacy Policies & Procedures Contract Mgmt / Agreements / Procurement Asset, Configuration & Lifecycle (Change) Mgmt. Risk Mgmt. (HDO level) Risk Mitigation Incident Response & Reporting Device EOL Training & Education

4 IHE PCD MEM Cybersec WG - Proposal
Update 2015 WPs to reflect FDA Postmarket Security Guidance (upon final release) Complete Ecosystem map: Review internally (IHE) and externally (public review) Produce & publish final Identify already active stakeholders or existing standards/ frameworks for each topic areas Identify gaps Propose how to address gaps Approach (whitepaper, specifications, standards, etc.) Suggested owner (IHE or outside) This approach is in line with IHE’s mission to provide guidance to the industry on complex and multi-stakeholder problems.

5 Obstacles: Bench strength – small group.
Manufacturers only – how can we get better contribution from (and attract) HDO’s? US-focus – lack of international exposure and visibility. Official Mission and Tasks – how to proceed? This proposal for review and approval / turn proposal into a official project?

Download ppt "MEM Cybersecurity Working Group Update to PCD Technical Committee"

Similar presentations

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
Agile and Medical Device Software

Agile and Medical Device Software
® © 2005 University HealthSystem Consortium UHC Powerpoint.ppt Cybersecurity for Medical Devices presented at the MedSun Audioconference by Catherine Sprague,

® © 2005 University HealthSystem Consortium UHC Powerpoint.ppt Cybersecurity for Medical Devices presented at the MedSun Audioconference by Catherine Sprague,
Security Controls – What Works

Security Controls – What Works
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Exmouth House 3–11 Pine Street London EC1R 0JH T +44 20 7832 5850 F +44 20 7832 5853 E W PT/227/30028/1 Extending ASCE:

Exmouth House 3–11 Pine Street London EC1R 0JH T F E W PT/227/30028/1 Extending ASCE:
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
CLINICAL ENGINEERING part(3) Dr. Dalia H. Elkamchouchi.

CLINICAL ENGINEERING part(3) Dr. Dalia H. Elkamchouchi.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Roles and Responsibilities

Roles and Responsibilities
The Software Quality Assurance System By Jonathon Gibbs Jonathon Gibbs (jxg16u) 26 th November 2009.

The Software Quality Assurance System By Jonathon Gibbs Jonathon Gibbs (jxg16u) 26 th November 2009.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Similar presentations

Ads by Google