Medical Device Security and Safety Forum
Wednesday, December 11 - 2:30 - 4:30 PM
The CDC estimates that there are approximately 1 billion patient encounters in the United States each year and most of these will result in the exposure of a patient to a digitally enabled and networked medical device. Increasingly, these devices are wirelessly connected either in the healthcare system or in extra-healthcare system environments, e.g. home-based, implanted, or wearable.
Over the past few years, a series of security vulnerabilities to medical devices have been published that range from security risks associated with public availability of medical device administrative passwords to very sophisticated technical hacks into implantable devices.
The Medical Device Innovation, Safety, and Security Consortium (MDISS) is a public-private partnership that was founded by the VA/VHA and Kaiser Permanente and includes a large number of healthcare delivery organizations, medical device manufacturers, and technology companies. MDISS works closely with key government entities including FDA, NIST, and DHS.
MDISS has organized these two panels to present an update on the (1) technical foundations of mhealth security and safety and (2) a market driven approach to medical device risk assessment and mitigation including a public health perspective. The content will be presented so that technical experts, risk managers, and healthcare professionals can all understand and benefit. Importantly, the panels will be facilitated to create dynamic and interactive sessions designed to engage and leverage the expertise of all attendees. Attendees will be able to return to their institutions and be better prepared to understand and lead around the issue of medical device security and safety.
Panel 1 - SESSION Overview
Market Driven Design and Adoption of Security for Medical Devices
Medical device security and safety is a critical to support the mass adoption of critical healthcare innovation available through mHealth. This panel will explore how a public private partnership that engages wireless/mhealth medical device stakeholders can accelerate the rate of innovation and adoption of security best practices. Specific topics will include applied medical device risk assessment for procurement and applied shared security responsibility between the manufacturer and the healthcare system. The panel will discuss the experience leveraging a public private partnership to facilitate market driven innovation and adoption of security capabilities. The session will be highly interactive to benefit from the expertise of attendees and to facilitate the sharing of practical ideas all can apply in their own institutions and companies.
Panel 1 - Session Objectives
Present applied experience with a medical device security assessment tool to enable comparison of security capabilities across multiple medical devices at the time of procurement and compare/contrast with the manufacturer security disclosure statement
Discuss experience and challenges with the concept and application of the ‘shared responsibility’ agreement in the IEC 80001 standard
Present and discuss how collaborative development of security innovation by healthcare systems, manufacturers, and technology companies can support efficient market driven safety improvements
Panel 1 Speakers
Deputy Director, Division of Electronics and Software Engineering
Health Information Security, U.S. Department of Veterans Affairs
Senior Director, Technology Planning
Panel 2 - Session Overview
Technical Considerations for Security of Mobile Medical Devices
This panel will review, in clear terms that can be appreciated by technical and non-technical professionals, the landscape of medical device vulnerabilities and risks that have been identified. There will be discussion about how these vulnerabilities are being identified and brought to the attention of manufacturers, technology companies, health systems, and the public. This session will provide an update on recent FDA guidelines and consensus standards.
Panel 2 - Session Objectives
- Provide a detailed review of the technical vulnerabilities delivered in a concise and comprehensible manner
- Review the security vulnerabilities identified to date and discuss the types of vulnerabilities that may emerge in coming months
- Discuss the near term opportunities to improve safety profile of medical devices and their associated networks comparing and contrasting the professionally managed IT environment and home/outpatient environments
Panel 2 Speakers