Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT in Healthcare: Life or Death

Published bySylvia Barton Modified over 4 years ago

Similar presentations

Presentation on theme: "IoT in Healthcare: Life or Death"— Presentation transcript:

1 IoT in Healthcare: Life or Death
SBX2-R4 IoT in Healthcare: Life or Death Dr. May Wang Co-Founder & CTO ZingBox

2 Introduction Healthcare IoT Challenges Why not current solutions?
What can we do? What’s in real world?

3 IoT offers New Values to Healthcare Delivery Organizations
+ IT Information Technology Infrastructure, Security, Applications BIOMED Medical Device Management Safety, Efficiency and Effectiveness Real-Time Health System (RTHS) PEOPLE | PROCESS | SERVICES BENEFITS CHALLENGES Situational aware patient care Increased operational efficiency Security risks Service integrity & continuity

4 The Healthcare IoT Medical IoT Real-Time Health System Operational IoT Infusion Pumps 90% hospitals are victims of cyber threats BLOOMBERG Connected HVAC MRI Scanners Smart Lighting Patient Monitors Surveillance Camera 25% of identified attacks will involve IoT by 2020 Safety Quality Patient safety Care delivery quality Security Serviceability Data and equipment security Care service integrity & continuity GARTNER

5 Challenges of Securing Medical IoT
HOSPITAL NETWORK FIREWALL Firewall - the single line of defense (With no device context, only works at IP level) Gateway Gateway PACS Unmonitored network (Medical IT network remains unprotected) Patient Rooms MEDICAL IT NETWORK Lack of endpoint visibility & security (Agents cannot be deployed) IV Pumps Patient Monitors Radiology

6 Why Not Current Security Solutions?
Network of the Future Today’s Network Homogeneous Infrastructure Variety of unique devices Specific-purpose hardware Unique malware for each device Reactive approach not effective Future 2015 Reactive Approach Detects & Blocks known malware Intelligent & Proactive Security Context of use combined with Machine Learning & Behavioral Analysis

7 Healthcare IoT Security through Deep Learning
1 IoT Visibility Detect unmanaged devices Recognize & classify Actively manage inventory 3 Regulate Behavior Security posture Risk assessment Smart whitelisting 2 IoT Personality Behavioral modeling Device profiling Personality Deep Learning ZingBox Cloud IoT Knowledge-base & AI Engine

8 Reality of Healthcare IoT
71% Non- Medical IoT Non-traditional IT equipment (IoT) outnumber the IT devices 68% IoT 29% Medical IoT IoT Devices are - Unmanaged assets Shadow devices Total IoT Devices Total Number of Devices There are 68% IoT Devices (out of total number of devices) Of all IoT Devices,  71% Non-Medical IoT Devices  29% Medical IoT Devices

9 What are Medical IoTs 29% 23% 16% 10% 9% 5% 4% 3% 1%
Percentage of Medical IoTs Combined average in numeric order, 9 total categories: Infusion Pump (29%) ECG Machine (23%) Imaging Systems (16%) Patient Monitor (10%) Point of Care Analyzer (9%) Patient Tracking (5%) Medical Printer (4%) Nurse Call System (3%) Other Healthcare* (1%) *Other HealthCare includes:  Clinical Analyzer, Microdialysis System, Patient Security System Total 735

10 Device Personality Based IoT Security
Understanding each device without touching device Individual device model Device group model Category model Individual device model – describes learned behaviors of an individual IoT device. Device group model – describes the common behaviors of a group of IoT devices – they can be categorized based on vendor or type, e.g. all Stinger vital sign monitors, or all vital sign monitors. User model – describes user (admin) defined behavior standards based on domain knowledge or

11 Examples of IoT Security Use Cases
Infiltration Botnet Ransomware Data Exfiltration

12 Example of Infiltration

13 Example of Data Exfiltration
Hospitals are among the most attracted targets for data exfiltration. Medical records = big money for organized crime. Detections — look for unseen internal app/destinations, and external destinations anomalies. Correlate events (scanning, infiltration, malware upload, etc.) in attack phase based on timeline and associated devices, and trigger early detections and actions.

14 In Conclusion URGENCY IoT in Healthcare is real
IoT security in Healthcare is life or death Current solutions are not enough, we need new solutions WHAT CAN WE DO TODAY? Visibility – Know what IoT devices you have Risk Assessment – Know the IoT vulnerabilities Management – Get a handle on unmanaged IoT assets

Download ppt "IoT in Healthcare: Life or Death"

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Sandy Lum University of Toronto Candidate MHSc in Clinical Engineering The Totally Integrated Electronic Patient Record (EPR)

Sandy Lum University of Toronto Candidate MHSc in Clinical Engineering The Totally Integrated Electronic Patient Record (EPR)
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Kellie E. Tomeo, Esq Rampart International, LLC. AdvantageChallenge Increase existing security personnel productivity Increase existing facility personnel.

Kellie E. Tomeo, Esq Rampart International, LLC. AdvantageChallenge Increase existing security personnel productivity Increase existing facility personnel.
Digital Hospital Infrastructure

Digital Hospital Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Intrusion Detection Systems. 1980-Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.
1 Healthcare and Cyber Security 2015: Is India Ready? Nitish Chandan Int. B.Tech CSE + LL.B Hons. Cyber Law (UPES, Dehradun) Founder & Technical Writer.

1 Healthcare and Cyber Security 2015: Is India Ready? Nitish Chandan Int. B.Tech CSE + LL.B Hons. Cyber Law (UPES, Dehradun) Founder & Technical Writer.
Author : Elliot B. Sloane, Ph.D. American College of Clinical Engineering, President 2000-2001 Villanova University Department of Decision.

Author : Elliot B. Sloane, Ph.D. American College of Clinical Engineering, President Villanova University Department of Decision.
IS3220 Information Technology Infrastructure Security

IS3220 Information Technology Infrastructure Security

Similar presentations

Ads by Google