Presentation is loading. Please wait.

Presentation is loading. Please wait.

BSides Las Vegas 2015 Tuesday, August 4, 2015. Medical Overview Many, many stakeholders Diversity of devices, from swallowable pills to enormous radiological.

Published byErick Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "BSides Las Vegas 2015 Tuesday, August 4, 2015. Medical Overview Many, many stakeholders Diversity of devices, from swallowable pills to enormous radiological."— Presentation transcript:

1 BSides Las Vegas 2015 Tuesday, August 4, 2015

2 Medical Overview Many, many stakeholders Diversity of devices, from swallowable pills to enormous radiological devices. Something that affects nearly all of us. Many researchers are also patients of these treatments. So it’s very visceral, and easy to demonstrate why it matters. One of the most critical single stakeholders is the FDA.

3 Introducing the FDA Suzanne Schwartz Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM)

4 4 FDA Organization

5 The products we regulate… 5

6 CDRH/FDA Goals Meet our mission: safe and effective devices Raise cyber-security awareness leverage knowledge from other industry sectors Promote safety and security by design by clear regulatory expectation Promote coordinated vulnerability disclosure & proactive vulnerability management Minimize reactive approaches Foster ‘whole of community’ approach 6

7 Key Takeaways FDA seeks to foster a ‘whole of community’ approach That means security researchers play an important role! Establish a Cybersecurity Risk Management Program Make cyber hygiene paramount Create a trusted environment for information sharing Software updates for cybersecurity do not require pre-market review or recall (there are some exceptions) Slide 7

8 Atlantic Council workshop and paper 1 FDA Pre-Market Guidance and Workshop 2 IEEE Workshop Embraced by healthcare community conferences Atlantic Council Cyber Wednesday 3 Vulnerability Disclosure Policies Vulnerability Disclosure Brainstorming and Education with FDA Safety Communications BEFORE evidence of harm 1 http://www.atlanticcouncil.org/publications/reports/the-healthcare-internet-of-things-rewards-and-risks 2 http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm412979.htm 3 http://www.atlanticcouncil.org/events/webcasts/cyber-risk-wednesday-the-healthcare-internet-of-things-rewards-and-risks Highlights from the past year

9 Atlantic Council workshop and paper 1 FDA Pre-Market Guidance and Workshop 2 IEEE Workshop Embraced by healthcare community conferences Atlantic Council Cyber Wednesday 3 Vulnerability Disclosure Policies Vulnerability Disclosure Brainstorming and Education with FDA Safety Communications BEFORE evidence of harm 1 http://www.atlanticcouncil.org/publications/reports/the-healthcare-internet-of-things-rewards-and-risks 2 http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm412979.htm 3 http://www.atlanticcouncil.org/events/webcasts/cyber-risk-wednesday-the-healthcare-internet-of-things-rewards-and-risks With FDA as a key partner

10 Coming Connected Medical Device Procurement Guide Hippocratic Oath for Connected Medical Devices D0 N0 H4rm

11 Q&A

Download ppt "BSides Las Vegas 2015 Tuesday, August 4, 2015. Medical Overview Many, many stakeholders Diversity of devices, from swallowable pills to enormous radiological."

Similar presentations

SAFE AND WELL Angela McKinnon Feb. 2006. What is Safe and Well? A document building on previous guidance - part of the SE reform programme Supplement.

SAFE AND WELL Angela McKinnon Feb What is Safe and Well? A document building on previous guidance - part of the SE reform programme Supplement.
Richard Hibbert RSRL Quality, Assessment and Management Systems Manager Process management Requirements in IAEA Standards and Guides.

Richard Hibbert RSRL Quality, Assessment and Management Systems Manager Process management Requirements in IAEA Standards and Guides.
The Building Blocks of Public Involvement Presented By Kevin E. Davis Environmental Supervisor ODOT Office Of Environmental Services The Ohio Planning.

The Building Blocks of Public Involvement Presented By Kevin E. Davis Environmental Supervisor ODOT Office Of Environmental Services The Ohio Planning.
Being Open Suzette Woodward Director of Patient Safety Strategy NPSA July 2008.

Being Open Suzette Woodward Director of Patient Safety Strategy NPSA July 2008.
National Cyber Security and Information (Cyber) Security Awareness Prof SH (Basie) von Solms Immediate Past President : IFIP University of Johannesburg.

National Cyber Security and Information (Cyber) Security Awareness Prof SH (Basie) von Solms Immediate Past President : IFIP University of Johannesburg.
Interstate Natural Gas Association of America INGAA Action Plan to Build Confidence in Pipeline Safety INGAA Integrity Management Continuous Improvement.

Interstate Natural Gas Association of America INGAA Action Plan to Build Confidence in Pipeline Safety INGAA Integrity Management Continuous Improvement.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
Industrial Railways: An Emerging Sector Presentation to the Industrial Railway Safety Conference Michael Bourque President and C.E.O. of the Railway Association.

Industrial Railways: An Emerging Sector Presentation to the Industrial Railway Safety Conference Michael Bourque President and C.E.O. of the Railway Association.
NIS Directive and NIS Platform

NIS Directive and NIS Platform
CADTH – CNESH Panel Presentation Representing Canada’s Medical Technology Industry April 13 th, 2015 Alison Drinkwater: Director of Public Affairs Baxter.

CADTH – CNESH Panel Presentation Representing Canada’s Medical Technology Industry April 13 th, 2015 Alison Drinkwater: Director of Public Affairs Baxter.
Techuk.org |#techuk Introducing techUK Volcrowe/ Nemode Workshop. 22/4/15.

Techuk.org |#techuk Introducing techUK Volcrowe/ Nemode Workshop. 22/4/15.
CDRH Software Regulation

CDRH Software Regulation
LIMITLESS POTENTIAL | LIMITLESS OPPORTUNITIES | LIMITLESS IMPACT Copyright University of Reading IMPACT AND THE SCIENCES Anthony Atkin (Research Impact.

LIMITLESS POTENTIAL | LIMITLESS OPPORTUNITIES | LIMITLESS IMPACT Copyright University of Reading IMPACT AND THE SCIENCES Anthony Atkin (Research Impact.
Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.

Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.
A Case Study of the City of Toronto Focus on Government Security - June 19, 2013.

A Case Study of the City of Toronto Focus on Government Security - June 19, 2013.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
National Standards for Safer Better Healthcare

National Standards for Safer Better Healthcare
Skills Development Workshop The Castle, Kyalami 26 th February 2007.

Skills Development Workshop The Castle, Kyalami 26 th February 2007.
The standard setting programme of the GPhC Priya Sejpal.

The standard setting programme of the GPhC Priya Sejpal.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Similar presentations

Ads by Google