SlideShare a Scribd company logo

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Priyanka Aash
Priyanka Aash

This document discusses securing wireless infusion pumps in hospitals. It identifies risks like patient safety and operational downtime. Vulnerabilities of infusion pumps include long useful lifespans, poor protection and patching, and lack of detection and alerting. Demonstrations show how pumps could be exploited by compromising patient information or crashing communication systems. Challenges to securing pumps include firmware version control, access control, and alarms. The National Cybersecurity Center of Excellence's strategy is to help healthcare organizations understand risks and secure medical devices through building example implementations and publishing best practice guides.

Technology
1 of 19
Download to read offline
SESSION ID: #RSAC Nate Lesser Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device MBS-W05 Deputy Directory National Cybersecurity Center of Excellence NIST
#RSAC In the News 2 Lax medical device security needs urgent action Medical Devices Used as Pivot Point in Hospital Attacks: Report
#RSAC Risks, Threats, Vulnerabilities to Infusion Pumps 3 RISKS • Patient safety (lives) • Operational/downtime • Patient trust & staff morale THREATS • Collateral damage • Malware • Theft/loss • Lateral attack • Hacktivism VULNERABILITIES • Tightly regulated "turn-key" systems • Long useful life • Poorly protected & patched • No detection & alerting • System complexity Courtesy of Axel Wirth
#RSAC Infusion Pumps 4 Infusion pumps are medical devices that deliver fluids and medications into a patient’s body in controlled amounts. Infusion pumps among the most are ubiquitous connected medical devices in hospitals. Estimated that more than 2 million infusion pumps are in use in hospitals.
#RSAC Infusion Pumps in the News 5 Hospital Drug Pump Can Be Hacked Through Network, FDA Warns
#RSAC Infusion Pump Vulnerability Notices 6 FDA Safety Communication on Vulnerabilities of Infusion Pump Systems, May 13, 2015: recommendation for health care facilities to secure affected infusion pumps. ICS-CERT Advisory (ICSA1512501B): provides details of vulnerabilities including CVE numbers and CVSS scores. Postmarket Management of Cybersecurity in Medical Devices: draft guidance on cybersecurity risk management, remediation, and reporting
#RSAC Local or cloud apps Pump Server EHR Alarm Manger Infusion Pump Infusion Pump Physical Architecture 7 Communication Subsystem Drug Delivery Controller Alarms Remote Management Nurses Station
#RSAC 8 Demo
#RSAC Exploit #1: Compromise Patient Information 9 TELNET access to “root” account No authentication required CVE-2015-3459 Risk Gain root access to pump Pump used as a pivot Pump Server Attacker’s Laptop Electronic Health Records
#RSAC Exploit #1: Compromise Patient Information 10 Unauthenticated telnet to pump Use pump to pivot Extract desired information Move information to web server Extract via web browser Attacker Pump Telnet Pump Server EHR Telnet Steal PHI Transfer to pump Extract PHI
#RSAC Exploit #2: Crash Communication Subsystem 11 Denial of service attack Stops network communication Using resource consumption Can corrupt flash file system Risk Stops pump from sending alerts and messages Pump Server Attacker’s Laptop Electronic Health Records
#RSAC Exploit #2: Crash Communication Subsystem 12 Normal Operations Error condition Empty vial Alarm sent Error condition cleared Nurse replaces vial Infusion resumes Attacker Pump Patient Nurse Vial Empty Alarm New Vial Infuse
#RSAC Exploit #2: Crash Communication Subsystem 13 Anonymous FTP to pump Upload gzip’d file TELNET access to “root” account gunzip file Consumes all available RAM Corrupts part of file system No file system repair tools Attacker Pump Patient Nurse File transfer gunzip Out of memory Vial Empty No alarm communications are stopped
#RSAC All Devices Have Vulnerabilities 14 Although the vulnerabilities might not be known Just because it’s vulnerable doesn’t mean it’s exploitable Patching may not be possible right away Surround and protect the vulnerable Defense in depth Isolation
#RSAC Wireless Infusion Pump Problem Statement 15 RESEARCH BUILD SHARE Help health care delivery organizations understand risks & secure medical devices on an enterprise network Focus on wireless infusion pumps as archetype of medical device Assess risk Identify mitigating security technologies Build example implementation Independent validation of implementation Publish practice guide: NIST Special Publication 1800 series
#RSAC Challenges 16  Firmware version control  Multiple versions in service  Access control  Physical and networked  “Break the glass”  Malware or other unexpected software on pump  Wireless access point and network configuration  Alarms  Asset management and monitoring  Identity management and Credentialing  Maintenance and firmware updates  Pump variability  Multiple types of pumps  Multiple models in usage
#RSAC NCCoE Strategy 17 GOAL 1 PROVIDE PRACTICAL CYBERSECURITY Help people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable VISION ADVANCE CYBERSECURITY A secure cyber infrastructure that inspires technological innovation and fosters economic growth MISSION ACCELERATE ADOPTION OF SECURE TECHNOLOGIES Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs GOAL 2 INCREASE RATE OF ADOPTION Enable companies to rapidly deploy commercially available cybersecurity technologies by reducing technological, educational and economic barriers to adoption GOAL 3 ACCELERATE INNOVATION Empower innovators to creatively address businesses’ most pressing cybersecurity challenges in a state-of-the-art, collaborative environment
#RSAC NCCoE Tenets 18 Standards-based: Apply relevant local, national and international standards to each security implementation and account for each sector’s individual needs; demonstrate reference designs for new standards Modular: Develop reference designs with individual components that can be easily substituted with alternates that offer equivalent input-output specifications Repeatable: Enable anyone to recreate the NCCoE builds and achieve the same results by providing a complete practice guide including a reference design, bill of materials, configuration files, relevant code, diagrams, tutorials and instructions Commercially available: Work with the technology community to identify commercially available products that can be brought together in reference designs to address challenges identified by industry Usable: Design usable blueprints that end users can easily and cost-effectively adopt and integrate into their businesses without disrupting day-to-day operations Open and transparent: Use open and transparent processes to complete work, and seek and incorporate public comments on NCCoE documentation, artifacts and results
#RSAC hit_nccoe@nist.gov301-975-0200 100 Bureau Dr, M/S 2002 Gaithersburg, MD 20899 http://nccoe.nist.gov Participate

Recommended

Wireless infusion pumps and patient safety
Wireless infusion pumps and patient safetyWireless infusion pumps and patient safety
Wireless infusion pumps and patient safetyDr. Samir Sawli
 
Connecting Your Operator Console for Smarter Clinical Communications
Connecting Your Operator Console for Smarter Clinical CommunicationsConnecting Your Operator Console for Smarter Clinical Communications
Connecting Your Operator Console for Smarter Clinical CommunicationsSpok
 
Medical Device FDA Regulations and Classifications infographic
Medical Device FDA Regulations and Classifications infographicMedical Device FDA Regulations and Classifications infographic
Medical Device FDA Regulations and Classifications infographicKathleen Murray
 
FDA’s STeP Program
FDA’s STeP ProgramFDA’s STeP Program
FDA’s STeP ProgramEMMAIntl
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 
A Radio Frequency Identification (RFID)-based wireless sensor device for drug...
A Radio Frequency Identification (RFID)-based wireless sensor device for drug...A Radio Frequency Identification (RFID)-based wireless sensor device for drug...
A Radio Frequency Identification (RFID)-based wireless sensor device for drug...Health Informatics New Zealand
 
The Elements of Water Security with Whitewater Security And Darlot Consulting...
The Elements of Water Security with Whitewater Security And Darlot Consulting...The Elements of Water Security with Whitewater Security And Darlot Consulting...
The Elements of Water Security with Whitewater Security And Darlot Consulting...saulbrandt
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 

Recommended

Wireless infusion pumps and patient safety
Wireless infusion pumps and patient safetyWireless infusion pumps and patient safety
Wireless infusion pumps and patient safetyDr. Samir Sawli
 
Connecting Your Operator Console for Smarter Clinical Communications
Connecting Your Operator Console for Smarter Clinical CommunicationsConnecting Your Operator Console for Smarter Clinical Communications
Connecting Your Operator Console for Smarter Clinical CommunicationsSpok
 
Medical Device FDA Regulations and Classifications infographic
Medical Device FDA Regulations and Classifications infographicMedical Device FDA Regulations and Classifications infographic
Medical Device FDA Regulations and Classifications infographicKathleen Murray
 
FDA’s STeP Program
FDA’s STeP ProgramFDA’s STeP Program
FDA’s STeP ProgramEMMAIntl
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical DevicesSheersha Pramanik 🇮🇳
 
A Radio Frequency Identification (RFID)-based wireless sensor device for drug...
A Radio Frequency Identification (RFID)-based wireless sensor device for drug...A Radio Frequency Identification (RFID)-based wireless sensor device for drug...
A Radio Frequency Identification (RFID)-based wireless sensor device for drug...Health Informatics New Zealand
 
The Elements of Water Security with Whitewater Security And Darlot Consulting...
The Elements of Water Security with Whitewater Security And Darlot Consulting...The Elements of Water Security with Whitewater Security And Darlot Consulting...
The Elements of Water Security with Whitewater Security And Darlot Consulting...saulbrandt
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Why should you invest in a Lab Information Management System?
Why should you invest in a Lab Information Management System?Why should you invest in a Lab Information Management System?
Why should you invest in a Lab Information Management System?MocDoc
 
Robotics
RoboticsRobotics
RoboticsDiana Rangaves, PharmD, CEO
 
Chag saboba medical centre
Chag saboba medical centreChag saboba medical centre
Chag saboba medical centreC4CHealthGhana
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Aayuwiz - Healthcare Platform / Healthcare IT as a Service
Aayuwiz - Healthcare Platform / Healthcare IT as a ServiceAayuwiz - Healthcare Platform / Healthcare IT as a Service
Aayuwiz - Healthcare Platform / Healthcare IT as a ServiceKousik Rajendran
 
Breakthrough Devices
Breakthrough DevicesBreakthrough Devices
Breakthrough DevicesEMMAIntl
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Title 21 cfr part 11
Title 21 cfr part 11Title 21 cfr part 11
Title 21 cfr part 11Karn Barot
 
Mediwatch2
Mediwatch2Mediwatch2
Mediwatch2Ragini Sahu
 
Health Plan 2Mailer 3
Health Plan 2Mailer 3Health Plan 2Mailer 3
Health Plan 2Mailer 3Bret Morey
 
Ricoh Assure Brochure
Ricoh Assure BrochureRicoh Assure Brochure
Ricoh Assure BrochureNick Collings
 
FORA Mobile Care Station
FORA Mobile Care StationFORA Mobile Care Station
FORA Mobile Care StationMichael Halter
 
Technological Resources & Personnel Costs Required to Implement an Automated ...
Technological Resources & Personnel Costs Required to Implement an Automated ...Technological Resources & Personnel Costs Required to Implement an Automated ...
Technological Resources & Personnel Costs Required to Implement an Automated ...HMO Research Network
 
BlackSea TeleDiab
BlackSea TeleDiabBlackSea TeleDiab
BlackSea TeleDiabSimion Pruna
 
Expert systems in agriculture
Expert systems in agricultureExpert systems in agriculture
Expert systems in agricultureAboul Ella Hassanien
 
E care
E careE care
E caremmurali1988
 
5 code scrubbing tools that can increase your coding accuracy!
5 code scrubbing tools that can increase your coding accuracy!5 code scrubbing tools that can increase your coding accuracy!
5 code scrubbing tools that can increase your coding accuracy!Billingparadise- A California based revenue cycle management and EHR support Company
 
Built-up positioning and communication system for healthcare institutions
Built-up positioning and communication system for healthcare institutionsBuilt-up positioning and communication system for healthcare institutions
Built-up positioning and communication system for healthcare institutionsRealTrac International
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveJon Lendrum
 
Safer Technologies Program for Medical Devices
Safer Technologies Program for Medical DevicesSafer Technologies Program for Medical Devices
Safer Technologies Program for Medical DevicesEMMAIntl
 
Pumps How do they work
Pumps How do they workPumps How do they work
Pumps How do they workSHRIKANT ATHAVALE
 
McKinley T34 Syringe Pump
McKinley T34 Syringe PumpMcKinley T34 Syringe Pump
McKinley T34 Syringe PumpPatel telecom
 

More Related Content

What's hot

Why should you invest in a Lab Information Management System?
Why should you invest in a Lab Information Management System?Why should you invest in a Lab Information Management System?
Why should you invest in a Lab Information Management System?MocDoc
 
Chag saboba medical centre
Chag saboba medical centreChag saboba medical centre
Chag saboba medical centreC4CHealthGhana
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
Aayuwiz - Healthcare Platform / Healthcare IT as a Service
Aayuwiz - Healthcare Platform / Healthcare IT as a ServiceAayuwiz - Healthcare Platform / Healthcare IT as a Service
Aayuwiz - Healthcare Platform / Healthcare IT as a ServiceKousik Rajendran
 
Breakthrough Devices
Breakthrough DevicesBreakthrough Devices
Breakthrough DevicesEMMAIntl
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Title 21 cfr part 11
Title 21 cfr part 11Title 21 cfr part 11
Title 21 cfr part 11Karn Barot
 
Health Plan 2Mailer 3
Health Plan 2Mailer 3Health Plan 2Mailer 3
Health Plan 2Mailer 3Bret Morey
 
Ricoh Assure Brochure
Ricoh Assure BrochureRicoh Assure Brochure
Ricoh Assure BrochureNick Collings
 
FORA Mobile Care Station
FORA Mobile Care StationFORA Mobile Care Station
FORA Mobile Care StationMichael Halter
 
Technological Resources & Personnel Costs Required to Implement an Automated ...
Technological Resources & Personnel Costs Required to Implement an Automated ...Technological Resources & Personnel Costs Required to Implement an Automated ...
Technological Resources & Personnel Costs Required to Implement an Automated ...HMO Research Network
 
Built-up positioning and communication system for healthcare institutions
Built-up positioning and communication system for healthcare institutionsBuilt-up positioning and communication system for healthcare institutions
Built-up positioning and communication system for healthcare institutionsRealTrac International
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveJon Lendrum
 
Safer Technologies Program for Medical Devices
Safer Technologies Program for Medical DevicesSafer Technologies Program for Medical Devices
Safer Technologies Program for Medical DevicesEMMAIntl
 

What's hot (20)

Why should you invest in a Lab Information Management System?
Why should you invest in a Lab Information Management System?Why should you invest in a Lab Information Management System?
Why should you invest in a Lab Information Management System?
 
Robotics
RoboticsRobotics
Robotics
 
Chag saboba medical centre
Chag saboba medical centreChag saboba medical centre
Chag saboba medical centre
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
Aayuwiz - Healthcare Platform / Healthcare IT as a Service
Aayuwiz - Healthcare Platform / Healthcare IT as a ServiceAayuwiz - Healthcare Platform / Healthcare IT as a Service
Aayuwiz - Healthcare Platform / Healthcare IT as a Service
 
Breakthrough Devices
Breakthrough DevicesBreakthrough Devices
Breakthrough Devices
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
Title 21 cfr part 11
Title 21 cfr part 11Title 21 cfr part 11
Title 21 cfr part 11
 
Mediwatch2
Mediwatch2Mediwatch2
Mediwatch2
 
Health Plan 2Mailer 3
Health Plan 2Mailer 3Health Plan 2Mailer 3
Health Plan 2Mailer 3
 
Ricoh Assure Brochure
Ricoh Assure BrochureRicoh Assure Brochure
Ricoh Assure Brochure
 
FORA Mobile Care Station
FORA Mobile Care StationFORA Mobile Care Station
FORA Mobile Care Station
 
Technological Resources & Personnel Costs Required to Implement an Automated ...
Technological Resources & Personnel Costs Required to Implement an Automated ...Technological Resources & Personnel Costs Required to Implement an Automated ...
Technological Resources & Personnel Costs Required to Implement an Automated ...
 
BlackSea TeleDiab
BlackSea TeleDiabBlackSea TeleDiab
BlackSea TeleDiab
 
Expert systems in agriculture
Expert systems in agricultureExpert systems in agriculture
Expert systems in agriculture
 
E care
E careE care
E care
 
5 code scrubbing tools that can increase your coding accuracy!
5 code scrubbing tools that can increase your coding accuracy!5 code scrubbing tools that can increase your coding accuracy!
5 code scrubbing tools that can increase your coding accuracy!
 
Built-up positioning and communication system for healthcare institutions
Built-up positioning and communication system for healthcare institutionsBuilt-up positioning and communication system for healthcare institutions
Built-up positioning and communication system for healthcare institutions
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory Perspective
 
Safer Technologies Program for Medical Devices
Safer Technologies Program for Medical DevicesSafer Technologies Program for Medical Devices
Safer Technologies Program for Medical Devices
 

Viewers also liked

McKinley T34 Syringe Pump
McKinley T34 Syringe PumpMcKinley T34 Syringe Pump
McKinley T34 Syringe PumpPatel telecom
 
Syringe Pump
Syringe PumpSyringe Pump
Syringe Pumpbiomedicz
 
3 prismaflex basic setup operation
3 prismaflex basic setup operation3 prismaflex basic setup operation
3 prismaflex basic setup operationSteven Marshall
 
Implantable Infusion Pumps: Insights For Your Next Animal Dosing Study
Implantable Infusion Pumps: Insights For Your Next Animal Dosing StudyImplantable Infusion Pumps: Insights For Your Next Animal Dosing Study
Implantable Infusion Pumps: Insights For Your Next Animal Dosing StudyInsideScientific
 
Microcontroller based anesthesia inject
Microcontroller based anesthesia injectMicrocontroller based anesthesia inject
Microcontroller based anesthesia injectaditya401
 
Biomedical equipments ppt
Biomedical equipments pptBiomedical equipments ppt
Biomedical equipments pptDeepak Sarangi
 
Hospital pharmacy report intravenous admixtures
Hospital pharmacy report intravenous admixturesHospital pharmacy report intravenous admixtures
Hospital pharmacy report intravenous admixturesjeff_bd
 
Basic Vascular Access Ice Ppt Presentation.Ppt2
Basic Vascular Access Ice Ppt Presentation.Ppt2Basic Vascular Access Ice Ppt Presentation.Ppt2
Basic Vascular Access Ice Ppt Presentation.Ppt2dkingswmn
 
Pump presentation cds ver2
Pump presentation cds ver2Pump presentation cds ver2
Pump presentation cds ver2Ricky Gutierrez
 
Induction of labour
Induction of labourInduction of labour
Induction of labourNiyati Nagda
 
pumps and its types-ppt
pumps and its types-pptpumps and its types-ppt
pumps and its types-pptDharmas India
 

Viewers also liked (20)

Pumps How do they work
Pumps How do they workPumps How do they work
Pumps How do they work
 
McKinley T34 Syringe Pump
McKinley T34 Syringe PumpMcKinley T34 Syringe Pump
McKinley T34 Syringe Pump
 
Medical dissection lab syringe pump
Medical dissection lab syringe pumpMedical dissection lab syringe pump
Medical dissection lab syringe pump
 
Syringe Pump
Syringe PumpSyringe Pump
Syringe Pump
 
3 prismaflex basic setup operation
3 prismaflex basic setup operation3 prismaflex basic setup operation
3 prismaflex basic setup operation
 
Ho Kok Yuen - Pump Delivery for Pain Management
Ho Kok Yuen - Pump Delivery for Pain ManagementHo Kok Yuen - Pump Delivery for Pain Management
Ho Kok Yuen - Pump Delivery for Pain Management
 
Hplc
HplcHplc
Hplc
 
Implantable Infusion Pumps: Insights For Your Next Animal Dosing Study
Implantable Infusion Pumps: Insights For Your Next Animal Dosing StudyImplantable Infusion Pumps: Insights For Your Next Animal Dosing Study
Implantable Infusion Pumps: Insights For Your Next Animal Dosing Study
 
Microcontroller based anesthesia inject
Microcontroller based anesthesia injectMicrocontroller based anesthesia inject
Microcontroller based anesthesia inject
 
Biomedical equipments ppt
Biomedical equipments pptBiomedical equipments ppt
Biomedical equipments ppt
 
Types of Syringes and Needles
Types of Syringes and NeedlesTypes of Syringes and Needles
Types of Syringes and Needles
 
Medical dissection lab infusion pump
Medical dissection lab infusion pumpMedical dissection lab infusion pump
Medical dissection lab infusion pump
 
Insulin Pump
Insulin PumpInsulin Pump
Insulin Pump
 
3. monitoring & devices used in icu ccu
3. monitoring & devices used in icu ccu3. monitoring & devices used in icu ccu
3. monitoring & devices used in icu ccu
 
Hospital pharmacy report intravenous admixtures
Hospital pharmacy report intravenous admixturesHospital pharmacy report intravenous admixtures
Hospital pharmacy report intravenous admixtures
 
Basic Vascular Access Ice Ppt Presentation.Ppt2
Basic Vascular Access Ice Ppt Presentation.Ppt2Basic Vascular Access Ice Ppt Presentation.Ppt2
Basic Vascular Access Ice Ppt Presentation.Ppt2
 
Pump presentation cds ver2
Pump presentation cds ver2Pump presentation cds ver2
Pump presentation cds ver2
 
Induction of labour
Induction of labourInduction of labour
Induction of labour
 
Medication Routes and Dosage Formulations
Medication Routes and Dosage FormulationsMedication Routes and Dosage Formulations
Medication Routes and Dosage Formulations
 
pumps and its types-ppt
pumps and its types-pptpumps and its types-ppt
pumps and its types-ppt
 

Similar to Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Ransomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryRansomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryTim Gurganus
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital SecurityShawn Wells
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attackAnalynk Wireless, LLC
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackCTi Controltech
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securityCTi Controltech
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...ForgeRock
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2Andrey Apuhtin
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_PaperJames Maudlin
 

Similar to Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device (20)

Ransomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryRansomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare Industry
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber security
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2Aoa report trap_x_medjack.2
Aoa report trap_x_medjack.2
 
185
185185
185
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_Paper
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

  • 1. SESSION ID: #RSAC Nate Lesser Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device MBS-W05 Deputy Directory National Cybersecurity Center of Excellence NIST
  • 2. #RSAC In the News 2 Lax medical device security needs urgent action Medical Devices Used as Pivot Point in Hospital Attacks: Report
  • 3. #RSAC Risks, Threats, Vulnerabilities to Infusion Pumps 3 RISKS • Patient safety (lives) • Operational/downtime • Patient trust & staff morale THREATS • Collateral damage • Malware • Theft/loss • Lateral attack • Hacktivism VULNERABILITIES • Tightly regulated "turn-key" systems • Long useful life • Poorly protected & patched • No detection & alerting • System complexity Courtesy of Axel Wirth
  • 4. #RSAC Infusion Pumps 4 Infusion pumps are medical devices that deliver fluids and medications into a patient’s body in controlled amounts. Infusion pumps among the most are ubiquitous connected medical devices in hospitals. Estimated that more than 2 million infusion pumps are in use in hospitals.
  • 5. #RSAC Infusion Pumps in the News 5 Hospital Drug Pump Can Be Hacked Through Network, FDA Warns
  • 6. #RSAC Infusion Pump Vulnerability Notices 6 FDA Safety Communication on Vulnerabilities of Infusion Pump Systems, May 13, 2015: recommendation for health care facilities to secure affected infusion pumps. ICS-CERT Advisory (ICSA1512501B): provides details of vulnerabilities including CVE numbers and CVSS scores. Postmarket Management of Cybersecurity in Medical Devices: draft guidance on cybersecurity risk management, remediation, and reporting
  • 7. #RSAC Local or cloud apps Pump Server EHR Alarm Manger Infusion Pump Infusion Pump Physical Architecture 7 Communication Subsystem Drug Delivery Controller Alarms Remote Management Nurses Station
  • 9. #RSAC Exploit #1: Compromise Patient Information 9 TELNET access to “root” account No authentication required CVE-2015-3459 Risk Gain root access to pump Pump used as a pivot Pump Server Attacker’s Laptop Electronic Health Records
  • 10. #RSAC Exploit #1: Compromise Patient Information 10 Unauthenticated telnet to pump Use pump to pivot Extract desired information Move information to web server Extract via web browser Attacker Pump Telnet Pump Server EHR Telnet Steal PHI Transfer to pump Extract PHI
  • 11. #RSAC Exploit #2: Crash Communication Subsystem 11 Denial of service attack Stops network communication Using resource consumption Can corrupt flash file system Risk Stops pump from sending alerts and messages Pump Server Attacker’s Laptop Electronic Health Records
  • 12. #RSAC Exploit #2: Crash Communication Subsystem 12 Normal Operations Error condition Empty vial Alarm sent Error condition cleared Nurse replaces vial Infusion resumes Attacker Pump Patient Nurse Vial Empty Alarm New Vial Infuse
  • 13. #RSAC Exploit #2: Crash Communication Subsystem 13 Anonymous FTP to pump Upload gzip’d file TELNET access to “root” account gunzip file Consumes all available RAM Corrupts part of file system No file system repair tools Attacker Pump Patient Nurse File transfer gunzip Out of memory Vial Empty No alarm communications are stopped
  • 14. #RSAC All Devices Have Vulnerabilities 14 Although the vulnerabilities might not be known Just because it’s vulnerable doesn’t mean it’s exploitable Patching may not be possible right away Surround and protect the vulnerable Defense in depth Isolation
  • 15. #RSAC Wireless Infusion Pump Problem Statement 15 RESEARCH BUILD SHARE Help health care delivery organizations understand risks & secure medical devices on an enterprise network Focus on wireless infusion pumps as archetype of medical device Assess risk Identify mitigating security technologies Build example implementation Independent validation of implementation Publish practice guide: NIST Special Publication 1800 series
  • 16. #RSAC Challenges 16  Firmware version control  Multiple versions in service  Access control  Physical and networked  “Break the glass”  Malware or other unexpected software on pump  Wireless access point and network configuration  Alarms  Asset management and monitoring  Identity management and Credentialing  Maintenance and firmware updates  Pump variability  Multiple types of pumps  Multiple models in usage
  • 17. #RSAC NCCoE Strategy 17 GOAL 1 PROVIDE PRACTICAL CYBERSECURITY Help people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable VISION ADVANCE CYBERSECURITY A secure cyber infrastructure that inspires technological innovation and fosters economic growth MISSION ACCELERATE ADOPTION OF SECURE TECHNOLOGIES Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs GOAL 2 INCREASE RATE OF ADOPTION Enable companies to rapidly deploy commercially available cybersecurity technologies by reducing technological, educational and economic barriers to adoption GOAL 3 ACCELERATE INNOVATION Empower innovators to creatively address businesses’ most pressing cybersecurity challenges in a state-of-the-art, collaborative environment
  • 18. #RSAC NCCoE Tenets 18 Standards-based: Apply relevant local, national and international standards to each security implementation and account for each sector’s individual needs; demonstrate reference designs for new standards Modular: Develop reference designs with individual components that can be easily substituted with alternates that offer equivalent input-output specifications Repeatable: Enable anyone to recreate the NCCoE builds and achieve the same results by providing a complete practice guide including a reference design, bill of materials, configuration files, relevant code, diagrams, tutorials and instructions Commercially available: Work with the technology community to identify commercially available products that can be brought together in reference designs to address challenges identified by industry Usable: Design usable blueprints that end users can easily and cost-effectively adopt and integrate into their businesses without disrupting day-to-day operations Open and transparent: Use open and transparent processes to complete work, and seek and incorporate public comments on NCCoE documentation, artifacts and results
  • 19. #RSAC hit_nccoe@nist.gov301-975-0200 100 Bureau Dr, M/S 2002 Gaithersburg, MD 20899 http://nccoe.nist.gov Participate