A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT Y Me linda L yle s T HRE AT S IN NE T WORKE D ME DICAL DE VICE S
Pro b le m Sta te me nt Purpo se o f the Re se a rc h Re se a rc h Que stio ns Summa ry o f Re se a rc h De sig n Da ta Co lle c tio n Pro c e ss Agenda Da ta Ana lysis T e c hniq ue s Summa ry o f F inding s Summa ry o f Co nc lusio ns Summa ry o f I mplic a tio ns Re c o mme nda tio n fo r F uture Re se a rc h
L a c k o f e ffe c tive c o unte rme a sure s fo r c yb e r thre a ts to ne two rke d me dic a l de vic e s: a tta c k o n a me dic a l de vic e is like ly to o c c ur; Problem risks b e twe e n ne two rks a nd me dic a l de vic e s; Statement se c urity risks le a ding to una utho rize d pe rso nne l; b re a c h with se nsitive da ta pe rta ining to PHI .
Cre a te a mo de l fo r de ve lo ping e ffe c tive c o unte rme a sure s fo r c yb e r thre a ts Purpose of the Ne two rke d me dic a l Research de vic e s; He a lthc a re industry; Unite d Sta te s.
Research What are the relevant experiences in employing a schema to analyze security Questions risks in networked medical devices?
Me thod: Qua lita tive Re se a rc h De sign: De lphi Study Sample Size : 15 I T e xpe rts in he a lthc a re e xpe rie nc e with Summary of me dic a l de vic e s Rationale : de ve lo pe d a mo de l Research fo r e ffe c tive c o unte rme a sure s b a se d o n e xpe rie nc e s a nd Design pe rc e ptio ns o f I T e xpe rts in the phe no me no n with ne two rke d me dic a l de vic e s ia: I T e xpe rts Se le c tion Cr ite r wo rking in the he a lth fie ld
Da ta Colle c tion Proc e ss (a ) Re c ruitme nt (b ) Purpo sive Sa mpling I de ntify I T E xpe rts (c ) IT e xpe rt c rite ria (a ) Ope n-e nde d inte rvie ws (b ) T hre e T he ma tic De ve lo pme nt ro unds o f inte rvie ws (c ) Ca te g o rize d re spo nse s (a ) T he me c o nse nsus de ve lo pe d (b ) T he ma tic Co nse nsus Re a c hing da ta sa tura tio n (a ) T he me a na lysis (b ) Co mpa riso n Re sults Ana lysis a na lysis (c ) Re vie we d b usine ss te c hnic a l pro b le m with re sults
Da ta Ana lysis T e c hnique s F irst ro und: the ma tic a na lysis Se c o nd ro und: fre q ue nc y g ra ph T hird ro und: summa ry o f c o nfirme d re sults
Summary of Findings Ma jo r the me 2: Ho w to a ddre ss c yb e rse c urity thre a ts C HART REPRESENT ING Sub the me 2a : Co ntro ls a sse ssme nt Q UANT IT Y O F SUBT HEMES Sub the me 2b : Auto ma te d te c hno lo g y WIT HIN T HEMES Sub the me 2c : Po lic y c ha ng e s 7 Sub the me 2d: Se c urity a wa re ne ss a nd tra ining 6 5 Ma jo r the me 3: Me dic a l De vic e s a nd 4 Cyb e rthre a ts 3 2 Sub the me 3a : Se c urity me a sure s 1 0 Sub the me 3b : Cyb e rse c urity F a ilure s E xpe rie nc e d Ma jo r the me 1: Ma jo r the me 2: Ma jo r the me 3: Ma jo r the me 4: Sub the me 3c : Addre ssing Cyb e rse c urity F a ilure s Cyb e rse c urity Ho w to a dd re ss Me dic a l De vic e s Sc he ma s a nd thre a ts c yb e rse c urity a nd Cyb e rthre a ts Me dic a l De vic e s Sub the me 3d: Re a so ns fo r F a ilure e nc o unte re d thre a ts Sub the me 3e : Pre ve ntio n o f F a ilure s Ma jo r the me 1: Cyb e rse c urity thre a ts e nc o unte re d Sub the me 3f: Ana lytic a l T o o ls fo r Se c urity Risk Ma jo r the me 4: Sc he ma s a nd Me dic a l Sub the me 1a : Co nfig ura tio n Ma na g e me nt De vic e s Sub the me 1b : Wire le ss a nd Blue to o th Co nne c tio n Sub the me 4a : Suc c e ssful Sc he ma s Sub the me 1c : I nte rne t o f T hing s Sub the me 4b : Diffe re nc e s b e twe e n Sc he ma s Sub the me 1d: Da ta Bre a c he s Sub the me 4c : F a ilure s with sc he ma s Sub the me 1e : I nside r T hre a t Sub the me 1f: Asse t Ma na g e me nt
Se mi-struc ture d inte rvie ws Risks a nd ne two rke d me d ic a l d e vic e s we re no t mo no lithic , F ulfillme nt o f the Stud y wa s c o mple te d Id e ntific a tio n Pro te c t Co ntro ls Asse ssme nt Auto ma te d te c hno lo g y Summary of Po lic y c ha ng e s Se c urity Awa re ne ss a nd T ra ining Conclusions Apply Re a l-time Ma nua l Imple me nta tio n Mitig a tio n Risk Ad d re ss L o c kd o wn Re po rt Run a uto ma te d
IT E xpe rts a g re e d tha t ma nufa c ture rs a re c ruc ia l within the pro c e ss o f imple me nting se c urity whe n d e ve lo ping a nd thro ug ho ut life c yc le o f the d e vic e . Clinic ia ns o r pa tie nts re ma in une d uc a te d a b o ut the me tho d s fo r e va lua ting se c urity risks with Summary of ne two rke d me d ic a l d e vic e s; Impa c ts fo r IT Suppo rt a nd Implications o rg a niza tio ns suppo rting ne two rke d me d ic a l d e vic e s e nha nc e impro ve upo n c yb e rse c urity a nd d e vic e a wa re ne ss; Sc ho la rs ma y le ve ra g e the mo d e l d e ve lo pe d , e mplo ying inc re a sing e ffic ie nc y id e ntifying a re a s o f risk
E xplo re a nd e xa mine ho w pa tie nts use me dic a l de vic e s ho w suc h b e ha vio rs impa c t issue s o f se c urity pub lic pe rc e ptio ns o f c yb e r he a lthc a re risks a sso c ia te d with the use o f me dic a l de vic e s a nd if suc h Recommendation pe rc e ptio ns a lte r the use o f de vic e s a nd/ o r individua l for Future he a lth o utc o me s Ho spita ls fro m whic h the se Research de vic e s c o me Ho w do ho spita ls c re a te IT po lic y b a se d o n c yb e rse c urity risk? In wha t wa ys do the o rg a niza tio na l e le me nts o f the ho spita l dic ta te ho w the y ma na g e c yb e rse c urity risks?
Using the mo de l de ve lo pe d g a ug e ho w suc h a mo de l is suc c e ssful in he lping pre ve nt c yb e rse c urity a tta c ks o n me dic a l de vic e s Using a Ca se Study Continue ho w this mo de l a ids spe c ific ho spita ls, o r spe c ific type s o f Recommendati me dic a l de vic e s, fro m c yb e ra tta c ks on for Future Re g ula tio ns Research Sta te to sta te Sta te to F e de ra l Va ria nc e with c yb e rse c urity c o mpa ring diffe re nt me dic a l de vic e s
Recommend
More recommend
