Innovation and Evolution – How Medical Device and IoT Profiles Have Evolved – But So is Your Attack Surface

Management (801B) October 5, 2022 2:45 pm - 3:45 pm Feedback     

Bookmark and Share

Mohammad Waqas

In recent years, with the wake of numerous attacks, there has been a push to understand the risks posed by smart devices. While helping revolutionize the way the world operates, the innovation and convenience has often overshadowed – and sometimes completely – their security implications.

This talk discusses the evolution of the ‘traditional’ device profiles in one of the most critical and attacked industries in the world – healthcare.

The first part of the presentation will look at a traditional model of a medical device. The second part of the presentation will look at how these devices along with other support devices in a healthcare ecosystem – such as building automation, and facility security devices – have evolved both from a composition and functionality perspective. A discussion into how this changed the lifecycle management of such devices – from development and procurement to deployment – including challenges the various risk management teams face in healthcare organizations.

The final part of this presentation will look at how the risks, and cyber-attacks on hospitals have evolved over time and the involvement such devices have played. The discussion will entail not only the various security risks, but also the increasing amounts of privacy and clinical risk which often go overlooked when talking about cybersecurity of medical devices. A look into real life examples of how attacks, breaches, and vulnerabilities target these devices and even amplify them, and what some of the take-aways for security and risk management teams are to get a handle on the true risk of their environments.