1 Healthcare and Cyber Security 2015: Is India Ready? Nitish Chandan Int. B.Tech CSE + LL.B Hons. Cyber Law (UPES, Dehradun) Founder & Technical Writer.

Slides:



Advertisements
Similar presentations
12-1 Chapter 12 Advanced EHR Functionality © 2012 The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill.
Advertisements

Welcome to Game Lets start the Game. An electronic health record (EHR) is a digital version of a patient’s paper chart. EHRs are real-time, patient-centered.
+ Leveraging the power of North Carolina’s health information exchange to improve patient outcomes Organization Name Date.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Learning objectives:- 1. Introduction. 2. Define health record. 3. Explain types of health record. 4. Mention purposes of health record. 5. List general.
FIT3105 Smart card based authentication and identity management Lecture 4.
EMRs, EHRs, PHRs, questions and answers
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Document Management System for Healthcare Industry From Infocrew Solutions Pvt.Ltd.
Joy Hamerman Matsumoto.  St Jude Medical Cardiac Rhythm Management Division manufactures implantable cardiac devices ◦ Pacemakers ◦ Implanted defibrillators.
GEORGE MILLER BLUE TEAM CS 410 Mobile Digital Signatures A Mobile Access Defense Health System (MADHS)
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Telemedicine & Electronic Health Record January 2006 LA Grid Technology Preview.
A First Look at Meaningful Use Stage 2 John D. Halamka MD.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.
Compliance with FDA Regulations: Collecting, Transmitting and Managing Clinical Information Dan C Pettus Senior Vice President iMetrikus, Inc.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Chapter 2 Standards for Electronic Health Records McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
Us Case 5 ED Encounter Resulting in with Follow-up Care at Multi-specialty Clinic Care Theme: Transitions of Care Use Case 8 Interoperability Showcase.
Imagine IT February, Our goals for today  Review why we need an electronic Health Record  Present a high level overview of the plan  Steps we.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 7 Introduction to Practice Partner Electronic Health Records.
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
An innovative, electronic personal health record Overview.
Document Management System for Healthcare Industry From Crystal Infosystems & Services.
Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.
Unit 1b: Health Care Quality and Meaningful Use Introduction to QI and HIT This material was developed by Johns Hopkins University, funded by the Department.
Digital Hospital Infrastructure
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Design of Health Technologies lecture 22 John Canny 11/28/05.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
June 18, 2010 Marty Larson.  Health Information Exchange  Meaningful Use Objectives  Conclusion.
Working with HIT Systems
Clinical Computing Secure, reliable technology that improves clinical workflow at the point of care.
By:Carmen Rodarte.  The first Electronic Health Record system was first developed in 1972 by The Regenestreif Institute.
Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Healthcare Information Standards Panel 2007,2008, and Beyond John D. Halamka MD Chair, HITSP.
Health Insurance Portability and Accountability Act By Bradley Gleich.
ADMINISTRATIVE AND CLINICAL HEALTH INFORMATION. Information System - can be define as the use of computer hardware and software to process data into information.
Management Information System In Healthcare
1 Copyright © 2009, 2006, 2003, 2000, 1997, 1994 by Saunders, an imprint of Elsevier Inc. Chapter 23 Nursing Informatics.
Hospital Accreditation Documentation Process & Standard Requirements
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Jenny Knackmuß, Thomas Möller, Wilfried Pommerien & Reiner Creutzburg Brandenburg University of Applied Sciences, IT- and Media Forensics Lab, P.O.Box.
EHR Incentive Program Krishi. The Medicare and Medicaid EHR Incentive Programs provide incentive payments to eligible professionals, eligible hospitals.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
Information Security and Privacy in HRIS
Implementation of Electronic Health Records(EHR) at Victoria Hospital
Electronic Medical Record (EMR)
Electronic Health Records (EHR)
Lesson 1- Introduction to Electronic Health Records
eHealth-Care Foundation
Case Study Walk In Clinic
Final HIPAA Security Rule
HEALTHCARE GLOBAL MARKET REPORT The healthcare industry is one of the largest and fast growing industries in the world, and it has a direct effect.
The Practical Side of Meaningful Use:
HIPAA Overview.
Tobey Clark, Director*, Burlington USA
Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.
Lesson 1- Introduction to Electronic Health Records
IoT in Healthcare: Life or Death
Presentation transcript:

1 Healthcare and Cyber Security 2015: Is India Ready? Nitish Chandan Int. B.Tech CSE + LL.B Hons. Cyber Law (UPES, Dehradun) Founder & Technical Writer The Cyber Blog India

2 Cyber Security in Healthcare is divided into two fronts: Data: EHR (Electronic Health Record) Critical Network Infrastructure (All devices and equipment on a network that are responsible for monitoring and evaluation of patient health and to deliver some or the other treatment facility) Contains a patient’s medical history, diagnoses, medications, treatment plans, immunization dates, allergies, radiology images, and laboratory and test results in a digital version

3 Problem in the Indian Scenario: Data Estimation of Readiness is not possible as of today; numerous health centres still in the digital disconnect. Standards for EHRs are available but only to the point that they should be secure. “Generally, all electronic health information must be encrypted and decrypted as necessary according to user defined preferences in accordance with the best available encryption key strength. “ NeHA has been constituted which will also deal with privacy issues and healthcare. Data Leaks are not only due to insufficient standards and policy (Similar standards in IT Law as well ; user awareness: both patients and caretakers is lacking. Who is the owner of an EHR?

4 Critical Infrastructure Study by a researcher at one of the Midwest Healthcare facilities revealed that drug infusion pumps could be remotely manipulated to change dosage. Defibrillators being controlled over Bluetooth were prone to attack to give random shocks to a patient’s heart or to prevent one. Thermostats on networks vulnerable to temperature settings change. Has caused spoilage of drugs. Misdiagnosis, Wrong Prescription and Administration of unwarranted care. Leads to a new type of crime: Cyber Murders.

5 Vulnerabilities Some emergency equipment could be rebooted, wiped clean of the configurations allowing hackers to take control of important healthcare infrastructure. Passwords are still names of people, admin, password, The biggest Cyber Security fact in any system is that no firewall or IPS can protect a system that is protected by a password like the above. Another problem is with the level of encryption and secure channels for communicating embedded systems’ data into patient records and vice versa. Newer technologies like infusion pumps with web administration interface for nurses to change drug dosage are easily hackable because of hardcoded passwords that are often never changed.

6 Implantable medical devices to grow about 7.7% through 2015, and more than 2.5 million people already rely on them. Medical information can be worth 10 times as much as a credit card number. We are a little ready for what we are facing; but we are not yet facing what the rest of the world is. A lot has been talked of about EHRs in the national EHR Standards but an overall Cyber Security Policy for the infrastructure is absent.

7 To Conclude “Awareness and Sensitization is the key to Cyber Safety” Carefully categorize and classify data: about patients, hospital and staff etc. Sensitize user groups who are responsible for handling digital equipment. Employ security audits and penetration testing of devices, networks and users. The next generation is going to be of Cyber Murders and when we look back then, the question that is in the present tense today might be, “Shouldn’t we have been ready?”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.