University of California San Francisco Give to UCSF

600 16th St, San Francisco, CA 94158

https://sharecase.ucsf.edu #cybersecurity2017
View map Free Event

As part of UCSF's celebration of National Cyber Security Awareness Month, Dr. David Klonoff will be presenting the importance of medical device security at the ShareCase event at Mission Bay.  

Medical devices are increasingly connected wirelessly to each other and to data-displaying reader devices. Threats to the accurate flow of information and commands may compromise the safe function of these devices and put their users at risk of health complications.  These devices are mainly on-body wearable or implantable systems that monitor and transmit data from a person and send it to a hub, such as a handheld controller/monitor, another device, a smartphone, a pad, or the cloud for analysis, presentation, aggregation with other data streams, and storage or else send data or commands back to the patient.  Sound cybersecurity of medical devices is necessary to protect data.  This goal can be accomplished by maintaining: 1) confidentiality by protecting these devices from unauthorized disclosure; 2) integrity by protecting these products from unauthorized modification; and 3) availability of data by protecting these products from loss of function.  Five steps for a hospital or medical organization to improve medical device cybersecurity include: 1) categorizing devices by risk; 2) building a protection framework; 3) following basic security hygiene; 4) including security in contracts; and 5) building a zero trust network.  There is an opportunity for hospitals to work together to achieve these common goals.  Last year Diabetes Technology Society (DTS) completede first broad consensus cybersecurity standard for any medical device named DTSec (DTS Cybersecurity Standard for Connected Diabetes Devices). The standard contains both performance requirements and assurance requirements.  The goal of DTSec is to raise confidence in the security of network-connected medical devices through independent expert security evaluation.  IEEE and UL have agreed to work together with DTS on DTSec.  These two international standards development organizations are taking over the standard this year to co-manage it, expand it to cover all medical devices, and elevate it to the ISO level.  Recently controversies have arisen about security that often cannot be evaluated by the public.  This uncertainty can erode trust in the wireless medical device industry.  Independent assessment about the security of specific medical devices is needed.  Claims of adequacy and accusations of inadequacy regarding medical device security year DTS began work on its second cybersecurity standard called DTMoST (the Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard).  IEEE an UL are working on this standard effort  from the beginning.  Future medical device standards for products not intended for diabetes assessment by qualified testing labs with public disclosures and certification where appropriate will increase trust in medical devices that provide sound cybersecurity.  Stakeholders affected by connected medical devices will increasingly demand assurance of safe cybersecurity from healthcare professionals who are prescribing and overseeing use of these products.

Event Details

  • Esther Silver
  • Cindy Cheng
  • Jennifer Dodd

3 people are interested in this event