SlideShare a Scribd company logo

The challenge of building a secure and safe digital environment in healthcare

Download as PPTX, PDF
DefCamp
DefCamp

Jelena Milosevic in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The videos and other presentations can be found on https://def.camp/archive

Technology
1 of 41
The challenge of building an secure and safe digital environment in the health care Security isn’t just a tech, but much much more …
Nurse Mom Researcher Speaker @womeninsecurity @iamthecavalry @_j3lena_
Why are the hospitals so interesting and attractive for the criminals? More victims at one place Who wants the medical data ? Everyone What they can do ? Too much
Discrimination private and at work because of : disease / chronical disease gender religion race sexual orientation making a future profiles Manipulating the price of insurance
Except stubborn medical professionals • Marketing • PR • Phisical security • Innovations Sharing is caring Connected but not protected • ICT professionals
Phisical security
Personal experience employee can download the documents from different links * IT is giving the password to employee on phone without really checking whit who they really talk. * No limited access for temporary workers PC with medical records connected to public internet Insecure applications for medical records (why connected to the public internet) employee or visitor can use usb or phone charger and connect with PC from the hospital etz
Old device & software The contracts vendor-hospital No patch No update No antivirus No proxy Required 24/7 online Connected but not protected #innovations
Infosec professional in healthcare
Security in the health care What we think VS reality
The System Same as medical professional need to know and understand the system of human body, infosec professionals need to understand the system in healthcare, so they can find real vulnerabilities and can solve them
The treatment, you make based on diagnostics The diagnostics, you make based on the result and the information’s When criminals manipulate the results and the information’s You will make wrong diagnostic and wrong treatment’s
Communication & Inside Organization of Security department in organization Inside organization Awareness training
Security department in organization • Security department independent department • Giving the trainings and communicating with all departments • Mandatory and regular consulting
Inside IT organization • Enough security and IT professionals • Mandatory and regular pen testing – independent company • Mandatory and regular testing 1-2 x week using open tools – infosec employee • Responsible disclosure & Bug bounty program
Responsible disclosure & Bugbounties
for hospital /vendor/manufacturer - digital and online safety - almost 24/7 monitoring - not expensive monitoring - pay by founding or/and repairing - coordinate assist for ethical hacker - passion - no 9 – 17 work - freedom = quality - payed or possibility
• Training and building communication and teamwork with departments • Professionals for making the rules for & with departments
Awareness Training • Simplicity and as less possible tech • Making the connection between employees and IT • With understanding, employees will easily accept the rules
work e-mail ≠ subscribe mail check link check e-mail Oops spoofy e-mail check on browser check ….
Password Password manager Long Personal Funny + be creative
Consulting infosecurity by default All decision at all departments need to be made with consulting of security department
Education & Security by design Students & teachers/professors @ the conferences Extra Workshops & lessons at schools by infosecurity Practicing at Hackerspaces and using CTF CTF competitions
Situation now The vendor make conditions that hospital must accept Should be The Hospital make conditions and vendor/everyone must accept
The healthcare The security /privacy Supported by IT/Manufacturer/developer backed by the government The policy made by the professionals from:
Being complain, doesn’t mean that you are safe and secure
Health care without (basic) security is like surgery without sterile instruments The operation was (technically) a success, but the patient died from sepsis … Thank you 
The challenge of building a secure and safe digital environment in healthcare

Recommended

Differences In Critical Success Factors For Traditional And
Differences In Critical Success Factors For Traditional AndDifferences In Critical Success Factors For Traditional And
Differences In Critical Success Factors For Traditional AndAmber Epps
 
Expectations and Class Survey
Expectations and Class SurveyExpectations and Class Survey
Expectations and Class Surveywildman099
 
Evaluating software project
Evaluating software projectEvaluating software project
Evaluating software projectHeather Addington
 
Add6
Add6Add6
Add6Technogroovy
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Healthcare in the age of mobile working - with Ericom
Healthcare in the age of mobile working - with EricomHealthcare in the age of mobile working - with Ericom
Healthcare in the age of mobile working - with EricomEricom Software
 
Communication and Info Security in Healthcare IT
Communication and Info Security in Healthcare IT Communication and Info Security in Healthcare IT
Communication and Info Security in Healthcare IT MED E Talks
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

Recommended

Differences In Critical Success Factors For Traditional And
Differences In Critical Success Factors For Traditional AndDifferences In Critical Success Factors For Traditional And
Differences In Critical Success Factors For Traditional AndAmber Epps
 
Expectations and Class Survey
Expectations and Class SurveyExpectations and Class Survey
Expectations and Class Surveywildman099
 
Evaluating software project
Evaluating software projectEvaluating software project
Evaluating software projectHeather Addington
 
Add6
Add6Add6
Add6Technogroovy
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Healthcare in the age of mobile working - with Ericom
Healthcare in the age of mobile working - with EricomHealthcare in the age of mobile working - with Ericom
Healthcare in the age of mobile working - with EricomEricom Software
 
Communication and Info Security in Healthcare IT
Communication and Info Security in Healthcare IT Communication and Info Security in Healthcare IT
Communication and Info Security in Healthcare IT MED E Talks
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxgemaherd
 
Materi 11 - ETHICS AND TECHNOLOGY.ppt
Materi 11 - ETHICS AND TECHNOLOGY.pptMateri 11 - ETHICS AND TECHNOLOGY.ppt
Materi 11 - ETHICS AND TECHNOLOGY.pptHMToha1
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance programSiddharth Janakiram
 
Team black
Team blackTeam black
Team blackhetvi naik
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Information Technology in CA Educatation
Information Technology in CA EducatationInformation Technology in CA Educatation
Information Technology in CA EducatationGaurav Rathi
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICTRolly Franco
 
Securing people that don't look like you, yet
Securing people that don't look like you, yetSecuring people that don't look like you, yet
Securing people that don't look like you, yetLaura Bell
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front doorRyan Coleman
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Cyber security and mobile devices
Cyber security and mobile devicesCyber security and mobile devices
Cyber security and mobile devicesUmer Saeed
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Counseling & technology
Counseling & technologyCounseling & technology
Counseling & technologytanyafhinson
 
AAS Cybersecurity 2 pages
AAS Cybersecurity 2 pagesAAS Cybersecurity 2 pages
AAS Cybersecurity 2 pagesCraig Chott, CISSP
 
Call centers for the provision of independent living services
Call centers for the provision of independent living servicesCall centers for the provision of independent living services
Call centers for the provision of independent living servicesBabakFarshchian
 
Hospital Internal Communication with SnapComms
Hospital Internal Communication with SnapCommsHospital Internal Communication with SnapComms
Hospital Internal Communication with SnapCommsSnapComms
 
Securing Wearable Device Data
Securing Wearable Device DataSecuring Wearable Device Data
Securing Wearable Device DataSeyedmostafa Safavi
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 

More Related Content

Similar to The challenge of building a secure and safe digital environment in healthcare

NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxgemaherd
 
Materi 11 - ETHICS AND TECHNOLOGY.ppt
Materi 11 - ETHICS AND TECHNOLOGY.pptMateri 11 - ETHICS AND TECHNOLOGY.ppt
Materi 11 - ETHICS AND TECHNOLOGY.pptHMToha1
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance programSiddharth Janakiram
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Information Technology in CA Educatation
Information Technology in CA EducatationInformation Technology in CA Educatation
Information Technology in CA EducatationGaurav Rathi
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICTRolly Franco
 
Securing people that don't look like you, yet
Securing people that don't look like you, yetSecuring people that don't look like you, yet
Securing people that don't look like you, yetLaura Bell
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front doorRyan Coleman
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Cyber security and mobile devices
Cyber security and mobile devicesCyber security and mobile devices
Cyber security and mobile devicesUmer Saeed
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Counseling & technology
Counseling & technologyCounseling & technology
Counseling & technologytanyafhinson
 
Call centers for the provision of independent living services
Call centers for the provision of independent living servicesCall centers for the provision of independent living services
Call centers for the provision of independent living servicesBabakFarshchian
 
Hospital Internal Communication with SnapComms
Hospital Internal Communication with SnapCommsHospital Internal Communication with SnapComms
Hospital Internal Communication with SnapCommsSnapComms
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 

Similar to The challenge of building a secure and safe digital environment in healthcare (20)

NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docx
 
Materi 11 - ETHICS AND TECHNOLOGY.ppt
Materi 11 - ETHICS AND TECHNOLOGY.pptMateri 11 - ETHICS AND TECHNOLOGY.ppt
Materi 11 - ETHICS AND TECHNOLOGY.ppt
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance program
 
Team black
Team blackTeam black
Team black
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Information Technology in CA Educatation
Information Technology in CA EducatationInformation Technology in CA Educatation
Information Technology in CA Educatation
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICT
 
Securing people that don't look like you, yet
Securing people that don't look like you, yetSecuring people that don't look like you, yet
Securing people that don't look like you, yet
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front door
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Cyber security and mobile devices
Cyber security and mobile devicesCyber security and mobile devices
Cyber security and mobile devices
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Counseling & technology
Counseling & technologyCounseling & technology
Counseling & technology
 
AAS Cybersecurity 2 pages
AAS Cybersecurity 2 pagesAAS Cybersecurity 2 pages
AAS Cybersecurity 2 pages
 
Call centers for the provision of independent living services
Call centers for the provision of independent living servicesCall centers for the provision of independent living services
Call centers for the provision of independent living services
 
Hospital Internal Communication with SnapComms
Hospital Internal Communication with SnapCommsHospital Internal Communication with SnapComms
Hospital Internal Communication with SnapComms
 
Securing Wearable Device Data
Securing Wearable Device DataSecuring Wearable Device Data
Securing Wearable Device Data
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 

More from DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkDefCamp
 

More from DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your network
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

The challenge of building a secure and safe digital environment in healthcare

  • 1.
  • 2. The challenge of building an secure and safe digital environment in the health care Security isn’t just a tech, but much much more …
  • 3.
  • 5. Why are the hospitals so interesting and attractive for the criminals? More victims at one place Who wants the medical data ? Everyone What they can do ? Too much
  • 6. Discrimination private and at work because of : disease / chronical disease gender religion race sexual orientation making a future profiles Manipulating the price of insurance
  • 7. Except stubborn medical professionals • Marketing • PR • Phisical security • Innovations Sharing is caring Connected but not protected • ICT professionals
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Personal experience employee can download the documents from different links * IT is giving the password to employee on phone without really checking whit who they really talk. * No limited access for temporary workers PC with medical records connected to public internet Insecure applications for medical records (why connected to the public internet) employee or visitor can use usb or phone charger and connect with PC from the hospital etz
  • 15. Old device & software The contracts vendor-hospital No patch No update No antivirus No proxy Required 24/7 online Connected but not protected #innovations
  • 17. Security in the health care What we think VS reality
  • 18.
  • 19.
  • 20. The System Same as medical professional need to know and understand the system of human body, infosec professionals need to understand the system in healthcare, so they can find real vulnerabilities and can solve them
  • 21. The treatment, you make based on diagnostics The diagnostics, you make based on the result and the information’s When criminals manipulate the results and the information’s You will make wrong diagnostic and wrong treatment’s
  • 22. Communication & Inside Organization of Security department in organization Inside organization Awareness training
  • 23.
  • 24. Security department in organization • Security department independent department • Giving the trainings and communicating with all departments • Mandatory and regular consulting
  • 25. Inside IT organization • Enough security and IT professionals • Mandatory and regular pen testing – independent company • Mandatory and regular testing 1-2 x week using open tools – infosec employee • Responsible disclosure & Bug bounty program
  • 27. for hospital /vendor/manufacturer - digital and online safety - almost 24/7 monitoring - not expensive monitoring - pay by founding or/and repairing - coordinate assist for ethical hacker - passion - no 9 – 17 work - freedom = quality - payed or possibility
  • 28.
  • 29. • Training and building communication and teamwork with departments • Professionals for making the rules for & with departments
  • 30. Awareness Training • Simplicity and as less possible tech • Making the connection between employees and IT • With understanding, employees will easily accept the rules
  • 31. work e-mail ≠ subscribe mail check link check e-mail Oops spoofy e-mail check on browser check ….
  • 33.
  • 34. Consulting infosecurity by default All decision at all departments need to be made with consulting of security department
  • 35. Education & Security by design Students & teachers/professors @ the conferences Extra Workshops & lessons at schools by infosecurity Practicing at Hackerspaces and using CTF CTF competitions
  • 36.
  • 37. Situation now The vendor make conditions that hospital must accept Should be The Hospital make conditions and vendor/everyone must accept
  • 38. The healthcare The security /privacy Supported by IT/Manufacturer/developer backed by the government The policy made by the professionals from:
  • 39. Being complain, doesn’t mean that you are safe and secure
  • 40. Health care without (basic) security is like surgery without sterile instruments The operation was (technically) a success, but the patient died from sepsis … Thank you 

Editor's Notes

  1. You ask ur self why nurse but my colleague more surprised we have best security ever, but that hard truth is ….
  2. More victims at one place the patient the employee the visitor/ third side The data online The targeted assignment the patient the employee the hospital
  3. Talk about the problems there marketing and pr putting fotos sharing info no need innovation data collectors + no one have idea how it works
  4. Even phisicaly security wasn’t good
  5. The problems : Passwords, awareness, connections, informations devices
  6. employee can download the documents from different links * IT is giving the password to employee on phone without really checking whit who they really talk. * No limited access for temporary workers PC with medical records connected to public internet Insecure applications for medical records (why connected to the public internet) employee or visitor can use usb or phone charger and connect with PC from the hospital etz
  7. No infosec professional Even if they are there
  8. About, what we’re thinking , smthng like this –(next slide)
  9. Talk about system patinets – administration/medical staf, different lab for analyzis , rontgen
  10. Conection medical patients, Go to department ask them how they work, CISO Same as Chris said – learn their waya of communication
  11. Training - about
  12. One of the last messages in my previous presentation was Build
  13. Organisation Ppl for testing Ppl for training
  14. What may happen or not
  15. Blaming user while maybe it was spoofy email – almost not one hospital have good email configuration DMARC on reject
  16. You can’t expect that everyone have enough money to have 2fa Password messenger or expect hospital to pay all of it If use mobile phone, need to be secuere phone No money for it – but then not connect evrthng you don’t need
  17. Including teachers and IT schools/universities at the conferences Workshops /lesson at schools Use CTF school and companies CTF competitions between schools / companies
  18. Build security that fit with the system of the company