MDG Boston & Sunrise Labs Cybersecurity Forum

Click to read more and to download the forum presentation

To kick-off cybersecurity awareness month, Sunrise Labs and MDG Boston co-hosted a ground-breaking forum on the rising challenge of cybersecurity for medical devices and how to safeguard patients and patient data. ‘Medical Device Security in a Connected World’ brought together a panel of experts and over 200 members from the healthcare and medical device industry.

Click here to download the forum presentation.

Eric Soederberg, President of Sunrise Labs, Inc., moderated the session. Soederberg gave recognition to the astounding advances in medical device connectivity and the significant benefits it holds to improving the standard of care in healthcare. In contrast, he outlined how connectivity introduces new vulnerabilities to medical devices which can be harmful to patients and their Protected Health Information (PHI).

This forum was an opportunity for panelists to share their insights regarding cybersecurity threats and speak to the available frameworks, processes, technologies, and organizations that can help manufacturers mitigate risks associated with these threats. These individuals included:
  • Timothy Russell, Supervisory Special Agent, Criminal Cyber Squad,   FBI
  • Seth Carmody, Ph.D., Cybersecurity Project Manager, Emergency Preparedness/Operations & Medical Counter-measures, CDRH,    FDA
  • Penny Chase, IT & Cybersecurity Integrator,    The MITRE Corporation
  • Joseph Burgoyne, Director, Product Security & Services for the Diagnosis & Treatment Business Group,    Philips Healthcare

As the FBI is the lead federal agency for investigating cyber attacks, SSA Agent Timothy Russell opened up the panelist discussion by examining the primary motivations of the criminals behind cyber attacks. Russell detailed the number of mitigation alliances and agencies that have formed scale and complexity of cyber threats keeps growing. The discussion then turned to Seth Carmody, who described what the FDA requires manufacturers to do in mitigate cyber threats both in pre-market product develompent and in post-market monitoring and maintenance of evolving cyber threats. Carmody also presented the audience with the FDA’s ‘next steps’ which includes the development and validation of meaningful tools for assessment of vulnerabilities in the clinical environment, outreach within the healthcare industry, and internal and external training.

Penny Chase from The MITRE Corporation presented tools that are currently available and examples of emerging efforts like the Diabetes Technology Society Security Standard for Connected Diabetes Devices (DTSec) and the NIST National Cybersecurity Center of Excellence (NCCoE) Health IT Initiatives. Concluding the panelist discussion, Joe Burgoyne provided audience members an example of how cybersecurity plans are formulated and executed as he presented Philips’ product security processes, which includes product feature requirements for a secure device, security threat assessment and tracking, and compliance with local government standards.

Each of the esteemed members of the forum acknowledged that cyber threats are constantly evolving and that response plans must be dynamic. The forum concluded with a Q & A session where audience members not only raised questions about imminent threats and best practices, but also provided additional guidance from their experience working in hospitals and start-ups.