Introduction – Why Attend the Summit

Cybersecurity is not about human stupidity, random vulnerabilities, or technical exploits. Those are symptoms. The malignancy we face are multitudes of intelligent, cooperative and ambitious bad actors. There is a gray market, and a black market for zero-day exploits, ranging from $10,000 for Windows antivirus local privilege escalation bugs to $1.5 Million for an IOS remote jailbreak. Commercial software attacks can pivot against devices, and exploited devices can be used to launch attacks on Hospital infrastructure. The black side of cyber security is an evolving and competitive industry that must be understood before it can be effectively countered and defeated.

Healthcare’s security challenge is growing exponentially as technologies such as Connected Health and IoT create a vast attack surface. Integrated Hospitals expose their systems to multitudes of hazards that stand-alone devices were never designed for. Personalized Medicine generates extraordinarily sensitive data, and Value Based Care models and Population Health aggregate more and more PHI so Big Data’s solutions can deliver vital quality and performance improvements. These innovations are saving countless lives, but must not be at the price of privacy or safety.

Healthcare’s diverse stakeholders and complex regulations do not make the work of cyber defense easier. Implanted devices are challenging to recall post-market. Many legacy devices cannot be patched while in use, requiring Clinical Engineers to negotiate complex maintenance plans. Even the regulatory and legal landscape is evolving quickly, requiring compliance strategies to evolve with them.

Long term solutions must meet the unique needs of Healthcare and our diverse set of stakeholders, which is why the Summit has brought together medical device companies, artificial intelligence developers, Security thought leaders, legal experts, and government regulators. Supporting Organizations of the Summit include the American College of Clinical Engineering and The Society for Participatory Medicine to bring the views of two of the most neglected stakeholders in healthcare conferences – the boots on the ground who must keep the systems running, and – of course – the patient.

About the Summit

The Summit, November 8-9, 2017, Baltimore, MD, offers practical solutions to many of the daunting security challenges facing medical device and connected health companies, healthcare providers, payers and patients. Topics to be covered include:

  • John F. Murray, Software Compliance Expert, Office of Compliance, CDRH, FDA will discuss regulatory issues pertaining to medical device security
  • Advances in defense using behavioral analytics and machine learning, by Ben Wilson and Russell Rice, CloudPost Networks
  • Applying artificial intelligence to secure medical devices, Chuck Parker, Global Healthcare Lead, Beyond Limits
  • Exposition of the Dark Web’s ecosystem and its implications by Ron Williams, Chief Architect, IBM Security Systems
  • Medsec vs. St. Jude medical: implantable devices, vulnerabilities, and the law by Matthew Green, PhD, John Hopkins University
  • Building layers of security for IOT and embedded medical devices by Eric Jones, CEO, Jacobian Engineering, Inc.
  • On the fly contextual security risk management by Shankar Somasundaram, CEO, Asimily
  • Innovations in secure IoT medical device application support, by David Hoglund, Founder & CEO, Integra Systems
  • Third party risk management for medical devices by Shahid Shah, CEO, Netspective Communications
  • Live demo of a medical device replica hack by Mike Kijewski, CEO of MedCrypt
  • Live demos of exploits against biomedical devices, including patient monitors by Josh Domangue and Kevin Thomas of Independent Security Evaluators
  • Susan Ramonat, CEO of Spiritus Partners, will present on how blockchain technology can be used to secure connected medical devices
  • Joseph Ternullo, president of the Society for Participatory Medicine, will close the Summit with a panel of patient advocates and connected health experts
  • Drew Ogle of Independent Security Evaluators, the security research organization behind the seminal study Hacking Hospitals, will lead a four hour interactive optional post-Summit workshop, covering topics such as threat modeling, secure design principles and exploit demos

For full details on the Summit and to register, please visit: http://tcbi.org/iotmdsec/