Skip Main Navigation
Page Content

Save This Event

Event Saved

Cybersecurity in Healthcare and Medical Devices

Ascensys Medical Limited

Tuesday, 27 June 2017 from 09:00 to 17:00 (BST)

Cybersecurity in Healthcare and Medical Devices

Ticket Information

Ticket Type Sales End Price Fee VAT Quantity
Full Ticket
Limited Number of Early Bird Tickets at 10% Discount
3h 11m £585.00 £0.00 £117.00
Group Booking   more info 18h 11m £526.50 £29.45 £111.19

Share Cybersecurity in Healthcare and Medical Devices

Event Details

Introduction

Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. This vulnerability increases as medical devices are increasingly “connected” to the Internet, hospital networks, and to other medical devices.

Cybersecurity in healthcare is being taken more seriously by legislators with more stringent requirements and severe penalties which can run into many millions of Euros/Dollars for breaches. For medical device manufacturers, the risk of hazards that may arise as a result of even unintentional corruption of data must be made as low as possible, which in practice means applying information security controls which are state of the art and in line with harmonised standards. This is compounded by increasing use of data in healthcare settings and greater complexity of data systems resulting from opportunities offered by cloud service providers for cost effective and scalable data solutions.

New EU legislation, which comes into effect in 2018, mandates, amongst other things, privacy by design and many medical device manufacturers systems are non-compliant and may take significant development effort of both hardware and software components to achieve compliance.

Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. This vulnerability increases as medical devices are increasingly “connected” to the Internet, hospital networks, and to other medical devices.

In a recent study, it was found that a variety of medical devices and healthcare related IT systems currently in use in hospitals had serious security vulnerabilities that could be relatively easily exploited. These included drug infusion pumps (devices used for a variety of purposes including delivering anaesthetics, chemotherapy and life supporting drugs) that could be remotely manipulated to change the dose delivered to patients; Wireless implanted cardioverter-defibrillators that could be maliciously programmed to deliver unnecessary and potentially fatal shocks to a patient’s heart or to prevent a shock from occurring when it was needed; temperature settings on blood storage refrigerators that could be reset; and electronic health records that could be altered to potentially cause doctors to misdiagnose conditions and prescribe the wrong treatments.

What you will learn

This advanced training event will highlight the sources and scope of the threats and identify the common vulnerabilities. It will present practical, best practice guidelines that work within the framework of medical device software development standards including:

Legal Requirements

HIPAA/HITECH:

  • Technical Requirements
  • Administrative Requirements
  • Physical Requirements

EU General Data Protection Legislation

  • Health Data Scope
  • Security Requirements
  • Data Portability
  • Right to be forgotten
  • Export of Data
  • Informed Consent
  • Profiling Requirements
  • Impact Assessment

EU Medical Device Regulation

Standards

  • ISO/IEC 27001 — Information technology - Security Techniques - Information security management systems — Requirements.
  • ISO/IEC 27002 — Code of practice for information security management.
  • ISO/IEC 27003 — Information security management system implementation guidance.
  • ISO/IEC 27004 — Information security management — Monitoring, measurement, analysis and evaluation.
  • ISO/IEC 27005 — Information security risk management.
  • ISO1497 - Safety Risk Management for Medical Devices

Development

  • Risk Management: What are the threats, how might they arise and what tools and technologies might they use.
  • Development planning: How to incorporate effective strategies throughout development to deal with cybersecurity threats including correct resources required, expertise and verification and verification planning.
  • Requirements Management: How and what to specify in Software Requirements Specifications.
  • Architectural Design: How to create inherently secure software architectures.
  • Detailed Design and Coding: How to design for security and eliminate coding errors that lead to vulnerabilities.
  • Verification and Validation: How to test for security.
  • Post Market Surveillance: What to include in PMS activities.
  • Regulatory Submissions: What to include in regulatory submissions in the EU and US about cybersecurity.

Who should attend

  • Medical Device Manufacturers: CEOs, COOs, Heads of Regulatory Affairs, Heads of QA, R&D Managers, Software Managers, Architects and Engineers;
  • Healthcare Providers: IT Systems Managers, Purchasing Specialists

Your tutor

Peter Brady is a healthcare and medical devices software and systems specialist with deep understanding of software development, cybersecurity and international regulation and standards. Peter has helped healthcare and medical device manufacturers implement information security management systems tailored to the healthcare industry. He has worked as an engineer, manager and director and is also an approved EU Notified Body assessor for software submissions.


 


Do you have questions about Cybersecurity in Healthcare and Medical Devices? Contact Ascensys Medical Limited

Save This Event

Event Saved

When & Where


IET London: Savoy Place
2 Savoy Place
WC2R 0BL London
United Kingdom

Tuesday, 27 June 2017 from 09:00 to 17:00 (BST)


  Add to my calendar

Organiser

Ascensys Medical Limited

Ascensys Medical is a specialist consulting firm focussed on medical device software, connected "smart" devices and software security in healthcare applications.

  Contact the Organiser
Cybersecurity in Healthcare and Medical Devices
Things to do in London Seminar Other

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.