Type:
General Education
Session ID:
154
Title:
Lessons From the Trenches: Securing Medical and Internet of Things/Operational Technology Devices
Description:
The explosion of connected healthcare devices, along with the rise of cyberattacks, has highlighted the need for healthcare systems to take control of what’s on their network. These devices—ranging from medical devices for patient care to Internet of Things/Operational Technology (IoT and OT) devices such as HVAC and elevator control systems for hospital operations—increase the attack surface. The stakes—patient safety—are significant. But what does a successful medical and healthcare device cybersecurity program look like? Where do you start? Who owns the program? What is the process to gain complete inventory and security of every connected device in the hospital? This panel will offer perspectives from two unique stakeholders in the healthcare organization—HTM and cybersecurity—who will share lessons from the trenches of their connected device security journey. With differing objectives represented by HTM and cybersecurity leaders from two leading healthcare organizations, the session will share best practices across people, process and technology for building a successful medical and healthcare device security program. It will focus on the importance of enabling collaboration between HTM and cybersecurity teams, and also explore the approach to expand cybersecurity beyond visibility and security of medical devices for a “whole hospital” approach.
Level:
Intermediate
Format:
60-Minute Panel Discussion
Learning Objective #1:
Explain the importance of securing medical, IoT and OT devices within a healthcare organization, particularly as it relates to protecting against cyberattacks such as ransomware
Learning Objective #2:
Discuss the contrasting objectives by HTM and cybersecurity teams when it comes to building a successful medical and healthcare device security program, and the importance of collaboration between these two teams for security
Learning Objective #3:
Define the fundamental requirements that a healthcare organization needs to have in place to start implementing a medical device cybersecurity program
Learning Objective #4:
Describe and contrast how Mayo Clinic and Cleveland Clinic started their medical and healthcare device security journey, the challenges they encountered and addressed
Learning Objective #5:
Explain key learnings and best practices