The Power of Protection: Medical Device Security · The Power of Protection: Medical Device...
1
The Power of Protection: Medical Device Security Cyber threats do not discriminate among industries, entities or individuals. As the healthcare industry increasingly finds itself at the heart of these attacks, medical device security can prove beneficial to combatting such dangers. POTENTIAL THREATS TARGETED THROUGH SOLUTIONS RISKS DIRECT ATTACK (physical or wireless connection) RECONFIGURATION OF DEVICE SETTINGS Equipment malfunction putting patient at risk ACCESS TO INTERNAL NETWORKS SOCIAL ENGINEERING (insider knowledge of security or system measures) MALWARE (viruses, Trojans, worms) WEB SERVERS Data integrity compromised during transfer Infected, integrated devices affecting greater network DATABASE SERVERS External: Reverse engineering of publicly available device verification information Internal: SQL injections APPLICATION SOFTWARE Incompatibility or misconfiguration with legacy operating systems Lack of timely updates A secure system starts with a secure device. Be sure to: Close unused and unsecure ports Has more than 50 % of organizations with a Network Security score of a C or lower Ranks 15 th out of 18 th among all industries of healthcare organizations were infected with malware from 8/2015-8/2016 Remove unneeded software Apply and maintain all third-party updates Configure to meet Center for Internet Security Benchmarks Design and develop using Secure Development Lifecycle (SDLC) best practices DIRECT ACCESS Weak or well-known passwords Lack of physical device security Active unused ports (USB) 75 % MALWARE 75 % MALWARE 75 % MALWARE 75 MALWARE 15. HEALTHCARE INDUSTRY THE DATA THEFT AND MANIPULATION According to an August 2016 SecurityScorecard report analyzing the security ratings of over 700 organizations in the healthcare industry 91 03 648 SOURCES: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4516335/; https://cdn2.hubspot.net/hubfs/533449/SecurityScorecard_2016_Healthcare_Report_Final.pdf Loss of hospital and patient data Altering of records 75 % SDLC
Transcript of The Power of Protection: Medical Device Security · The Power of Protection: Medical Device...
The Power of Protection: Medical Device Security Cyber threats do not discriminate among industries, entities or individuals. As the healthcare industry increasingly finds itself at the heart of these attacks, medical device security can prove beneficial to combatting such dangers.
POTENTIAL THREATS
TARGETED THROUGH
SOLUTIONS
RISKS
DIRECT ATTACK (physical or wireless
connection)
RECONFIGURATION OF DEVICE SETTINGS
Equipment malfunction putting patient at risk
ACCESS TO INTERNAL NETWORKS
SOCIAL ENGINEERING
(insider knowledge of security or system measures)
MALWARE (viruses, Trojans,
worms)
WEB SERVERS Data integrity compromised during transfer Infected, integrated devices affecting greater network
DATABASE SERVERS External: Reverse engineering of publicly available device verification information Internal: SQL injections
APPLICATION SOFTWARE Incompatibility or misconfiguration with legacy operating systems Lack of timely updates
A secure system starts with a secure device. Be sure to:
Close unused and unsecure ports
Has more than 50%
of organizations with a Network Security score of a C or lower
Ranks 15th out of 18th
among all industries
of healthcare organizations
were infected with malware from 8/2015-8/2016
Remove unneeded software
Apply and maintain all third-party updates
Configure to meet Center for Internet Security Benchmarks
Design and develop using Secure Development Lifecycle (SDLC) best practices
DIRECT ACCESS Weak or well-known passwords Lack of physical device security Active unused ports (USB)
75%MALWARE 75%MALWARE
75%MALWARE
75%MALWARE 15.
HEALTHCARE INDUSTRYTHE
DATA THEFT AND MANIPULATION
According to an August 2016 SecurityScorecard report analyzing the security ratings of over 700 organizations in the healthcare industry
91 03 648
SO
UR
CE
S: h
ttps:
//w
ww
.ncb
i.nlm
.nih
.gov
/pm
c/ar
ticle
s/P
MC
4516
335/
; http
s://
cdn2
.hub
spot
.net
/hub
fs/5
3344
9/S
ecur
ityS
core
card
_201
6_H
ealth
care
_Rep
ort_
Fina
l.pdf
Loss of hospital and patient dataAltering of records
75%
SDLC
