Length: 2 Days
Print Friendly, PDF & Email

Medical Device Cybersecurity

Medical device cybersecurity has become a three alarm fire in the healthcare industry.

Medical devices are vulnerable to security breaches like other computer systems. However, the difference is that a cyber-attack not only impacts the safety and effectiveness of the medical device, it also jeopardizes the health and even lives of patients who depend on medical devices.

Unfortunately, threats and vulnerabilities cannot be eliminated, which makes cybersecurity risks especially challenging.

Medical device cybersecurity has become an especially critical area of concern due to IoT massive connectivity, which makes medical devices vulnerable to cyber-attacks.

The problem is that cybersecurity measures that work for standard PCs aren’t necessarily good solutions for embedded machinery such as medical devices. Installing new software on the system in the field often requires a specialized upgrade process or is simply not supported.

Medical devices are commonly optimized to minimize processing cycles and memory usage, so they lack extra processing resources. PC security solutions won’t solve the security challenges of these devices.

The big cybersecurity takeaway here should be that we are no longer talking about protecting a device from just malformed IP packets or DoS packet floods.

When cybercriminals target embedded equipment such as medical devices, they often have detailed information about the device they are targeting and have sophisticated toolkits and skills that can be used to develop attacks.

Cybersecurity professionals generally agree that manufacturers, hospitals, and facilities must work together to manage cybersecurity risks due to the complexities of the healthcare environment.

Medical Device Cybersecurity Course by Tonex

Medical Device Cybersecurity is a 2-day workshop. This course will provide a unique learning to explore vulnerabilities in  medical devices that are commonly exploited. Participants will learn about key concepts, techniques, tools, risk assessment and management and strategies for integrating cybersecurity mitigation  and measures into medical devices and products. Learn the best practices to integrate into medical device requirements, architecture & design, implementation, verification & validation, and operations & maintenance processes. Risk Management Framework (RMF) is used during this training. We will apply RMF to medical devices cybersecurity. Participants will learn how to translate from RMF to Cybersecurity engineering requirements and medical devices.

Learn medical device example. We will show you tools for Deriving Security Functional Requirements Traceable to Controls used in RMF.

As part of its efforts to ensure medical device cybersecurity safety, U.S. Food and Drug Administration, FDA is adding new requirements and cybersecurity framework.

Learn about Cybersecurity Medical Device Development Tool (MDDT),  Applying the Cybersecurity Common Vulnerability Scoring System (CVSS) to Medical Devices, Ways to Protect Your Medical Devices and Cybersecurity Guidelines.

The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. We will discuss FDA’s Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices and Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software requirements and guidelines.

Manufacturers should address cybersecurity during the design and development of the
medical device, as this can result in more robust and efficient mitigation of patient risks.
Manufacturers should establish design inputs for their device related to cybersecurity, and
establish a cybersecurity vulnerability and management approach as part of the software
validation and risk analysis that is required by 21 CFR 820.30(g).

The approach should appropriately address the following elements:

  • Identification of assets, threats, and vulnerabilities
  • Assessment of the impact of threats and vulnerabilities on device functionality and end users/patients
  • Assessment of the likelihood of a threat and of a vulnerability being exploited
  • Determination of risk levels and suitable mitigation strategies
  • Assessment of residual risk and risk acceptance criteria

Image result for medical device cybersecurity

Who Should Attend

This course is designed for engineers, application developers, system designers, embedded system programmers, technical project and product managers and cybersecurity professionals using embedded systems.

What You Will Learn

  • Foundations of medical devices cyber security and emerging threats
  • Cybersecurity and threats applied to medical devices
  • Medical device and system cybersecurity engineering
  • Communicating cybersecurity vulnerabilities
  • Hacking/exploitation techniques, tools, and entry points for medical devices
  • Medical device encryption and authentication defensive technologies
  • Risk Management Framework (RMF) for medical device systems cybersecurity assessments and control
  • Integrating security into the your systems engineering processes
  • Deriving medical devices security functional requirements traceable to controls
  • Offensive Hacking/exploitation techniques, tools, and medical devices vulnerabilities
  • Medical device defensive technologies
  • Wireless connectivity vulnerabilities and medical devices
  • Medical device application, software, RTOS, firmware and hardware analysis
  • Secure medical device software/firmware  practices
  • Medical device reverse engineering

Course modules/topics

  • Cyber Risks in Healthcare
  • Medical Device Cybersecurity Engineering
  • Medical Device Assets, Vulnerabilities and Threats
  • RMF and Security Control Strategies for Medical Device Risk Mitigating
  • RMF to Cybersecurity Engineering Requirements
  • Security Requirements Decomposition
  • Medical Device Cybersecurity Test and Evaluation (T&E)
  • RMF Workshop for a Simple Medical Device

Case Studies

  • Case Study: Overview of Security Vulnerabilities Identified in Implantable Cardiac Devices
  • Case Study: Overview of Security Vulnerabilities Identified in Wireless Connectivity: Bluetooth, WiFi and Cellular (4G/5G)
  • Case Study: Security Vulnerabilities and IT Network Attacks
  • Case Study: Malware Vulnerabilities in Embedded Systems and Medical Devices

Workshop

  • Managing Medical Device Cybersecurity
  • Applicable Standards, Technical Specifications and Reports US Food and Drug Administration
  • European Union Regulation
  • Adversaries to Healthcare and their Motivations
  • Generic threats to the healthcare sector and specific threats to medical devices
  • Overview of Medical Device Security Incidents
  • Security Configuration
  • Medical Device Cybersecurity Risk Management

Guidelines

  • Cybersecurity Lexicon for Medical Devices and Converged Systems
  • The changing landscape of healthcare cybersecurity
  • The relationship between security and safety risks
  • Evaluation of Risk to Essential Clinical Performance
  • Postmarket Management of Cybersecurity in Medical Devices Guidance
  • Cyber physical assurance framework
  • Defense in depth philosophy for medical device secure product lifecycle
  • Managing safety and security risk convergence

 

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.