H-ISAC Virtual Training: Securing Medical Device Infrastructure on a Shoestring Budget

Two 90-Minute Sessions (Registration once for both days):

Wednesday, May 20, 2020 at 9:00 am PDT / 12:00 pm EDT
and
Wednesday, May 27, 2020 at 9:00 am PDT / 12:00 pm EDT

This 3 hour workshop is designed for hospital staff (IT/Clinical/Managerial) that are interested in jump starting a basic cybersecurity initiative at their medical facility. The workshop will be delivered in two 90 min. sessions on May 20 and 27. We will cover the fundamentals of network security and monitoring in a hospital setting, medical device security best practice, regulatory concerns, and related topics unique to securing the healthcare space on a shoestring budget. If you’re the only IT person at a small medical facility with limited to no capital for security products or have a small security aware IT team you’re looking to optimize, this is the class for you.

 

To register go to https://attendee.gotowebinar.com/register/5879044000296862990

Abstract:
This class is designed for hospital staff (IT/Clinical/Managerial) that are interested in jump starting a basic cybersecurity initiative at their medical facility. We will cover the fundamentals of network security and monitoring in a hospital setting, medical device security best practice, regulatory concerns, and related topics unique to securing the healthcare space on a shoestring budget. If you’re the only IT guy at a small medical facility with limited to no capital for security products or have a small security aware IT team you’re looking to optimize, this is the class for you.

Detailed Outline:

1. The healthcare threat landscape today
– This section sets the stage for the healthcare cybersecurity landscape today covering a large swath of research on the unique threat landscape of the healthcare sector such as the fact that the Healthcare industry is the only critical infrastructure sector that’s more likely to be compromised by an insider than an external attacker (58% of data breaches involve an insider component).

– After this session students will understand exactly what percent of data breaches in healthcare are due to Ransomware, external hacking, malicious and unintentional insiders, etc.  This knowledge will help guide their security defenses at their own facilities.

2. Basic network security
– Network security for the uninitiated and overworked to include proper network segmentation and best practices on incorporating medical devices and medical IoT into a networked medical environment. This section will be driven by the recent HIMSS report seeing in the field.
– Network segmentation, implementing VLANs
– Firewall rules
– Access Management
– Credential Management
– Change Procedure

3. Network monitoring and scanning
– How do you monitor 10,000 different medical devices centrally with limited staff?
– Network Discovery
– Logging
– SIEMs

4. Developing a regular patching strategy
– Many medical devices even today are not directly connected and don’t allow for downloading updates remotely. This section will cover strategies for dealing with those scenarios and how to most effectively implement a low overhead, sustainable patching strategy that integrates with a plethora of medical device manufacturers.
– Create a system profile
– Determine risk
– Determine best patching strategy for each device category

5. Physical Security
– Physically locking down and securing a hospital is one of the most important measures a medical facility can take.  We will cover how to physically secure labs, USB and other physical locking devices, proper device and technology placement, visitor policies and employee training on tailgating.

6. Effectively Communicating with Vendors and Third Parties
– Getting the information, a hospital needs about a medical device to make informed purchasing decisions and secure its infrastructure can be difficult.  This section will cover strategies to obtain information such as security questionnaires, Business Associate Agreements (BAA’s) Information Sharing Agreements (ISA’s) MDS2’s Security whitepapers, Software Bill of Materials (SBOM) and considerations for pen testing medical devices.

If you have any questions, please email us at contact@h-isac.org

Times listed below are in ET

  • Session 1
    May 20, 2020
    12:00 pm - 1:30 pm
  • Session 2
    May 27, 2020
    12:00 pm - 1:30 pm

Venue:  

Translate »