Russell L. Jones, Partner - Cyber Risk Services at Deloitte, talks with Jeff Frick at RSA 2019 from the Forescout booth in Moscone North in San Francisco, CA.
#RSAC #Forescout #theCUBE
https://siliconangle.com/2019/03/13/death-by-hacking-remains-a-legitimate-concern-in-the-medical-community-rsac/
Death by hacking remains a real concern in the medical community
As if the possibility of harm from illness or disease were not enough to worry about, unsecure medical devices designed to help could kill us too.
Last week, Check Point Software Technologies Ltd. posted the results of a study that warned that internet of medical things, or IoMT, devices, such as MRI or X-ray machines and ultrasound monitors, were vulnerable to attack. It’s an area of security weakness that is beginning to receive more scrutiny in the aftermath of major breaches such as the WannaCry ransomware attack in 2017 that caused hospitals in the United Kingdom to cancel medical appointments and delay surgeries.
“The implications of an attack against an MRI machine or an infusion pump could be devastating to an actual person connected to it,” said Russell L. Jones (pictured), partner for cyber risk services at Deloitte Touche Tohmatsu Ltd. “The life-saving, life-extending attributes of these medical technologies and devices far outweighs the risk of cybersecurity. However, we’ve got to be smart about managing that risk.”
Jones spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during last week’s RSA Conference in San Francisco. They discussed the impact of medical device vulnerabilities on patients and the importance of maintaining data integrity. (* Disclosure below.)
Risks to patient treatment
The vulnerability of humans tied to IoMT devices doesn’t merely extend to the hardware. There is also risk in the handling of patient data as well.
If hackers gain access to patient data, that information could be altered to adversely affect treatment. That’s why Jones and other security consultants are working to ensure data integrity as well.
“The focus is on integrity and availability, those things together equal patient safety,” Jones said. “The information in there, which is being used by doctors to make decisions about treatment, surgical procedures, and medicines, it’s crucial that the integrity of that information is maintained.”
Managing the cyber risk related to clinical technology has also been complicated by tougher laws governing data privacy. In the European Union, the General Data Protection Regulation provides users with the right to have their personal data erased forever.
“In Europe, if they ask to do that, you have to be able to comply,” Jones said, although the European regulation does provide a “public interest” exception that includes public health or scientific reasons not to remove patient information.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference. (* Disclosure: Forescout Technologies Inc. sponsors theCUBE’s coverage of the RSA Conference. Neither Forescout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSA Conference USA 2019 | San Francisco. If you don’t think you received an email check your
spam folder.
Sign in to RSA Conference USA 2019 | San Francisco.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSA Conference USA 2019 | San Francisco
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSA Conference USA 2019 | San Francisco.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSA Conference USA 2019 | San Francisco. If you don’t think you received an email check your
spam folder.
Sign in to RSA Conference USA 2019 | San Francisco.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSA Conference USA 2019 | San Francisco
Please sign in with LinkedIn to continue to RSA Conference USA 2019 | San Francisco. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Russell L. Jones, Deloitte | RSA 2019
Russell L. Jones, Partner - Cyber Risk Services at Deloitte, talks with Jeff Frick at RSA 2019 from the Forescout booth in Moscone North in San Francisco, CA.
#RSAC #Forescout #theCUBE
https://siliconangle.com/2019/03/13/death-by-hacking-remains-a-legitimate-concern-in-the-medical-community-rsac/
Death by hacking remains a real concern in the medical community
As if the possibility of harm from illness or disease were not enough to worry about, unsecure medical devices designed to help could kill us too.
Last week, Check Point Software Technologies Ltd. posted the results of a study that warned that internet of medical things, or IoMT, devices, such as MRI or X-ray machines and ultrasound monitors, were vulnerable to attack. It’s an area of security weakness that is beginning to receive more scrutiny in the aftermath of major breaches such as the WannaCry ransomware attack in 2017 that caused hospitals in the United Kingdom to cancel medical appointments and delay surgeries.
“The implications of an attack against an MRI machine or an infusion pump could be devastating to an actual person connected to it,” said Russell L. Jones (pictured), partner for cyber risk services at Deloitte Touche Tohmatsu Ltd. “The life-saving, life-extending attributes of these medical technologies and devices far outweighs the risk of cybersecurity. However, we’ve got to be smart about managing that risk.”
Jones spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during last week’s RSA Conference in San Francisco. They discussed the impact of medical device vulnerabilities on patients and the importance of maintaining data integrity. (* Disclosure below.)
Risks to patient treatment
The vulnerability of humans tied to IoMT devices doesn’t merely extend to the hardware. There is also risk in the handling of patient data as well.
If hackers gain access to patient data, that information could be altered to adversely affect treatment. That’s why Jones and other security consultants are working to ensure data integrity as well.
“The focus is on integrity and availability, those things together equal patient safety,” Jones said. “The information in there, which is being used by doctors to make decisions about treatment, surgical procedures, and medicines, it’s crucial that the integrity of that information is maintained.”
Managing the cyber risk related to clinical technology has also been complicated by tougher laws governing data privacy. In the European Union, the General Data Protection Regulation provides users with the right to have their personal data erased forever.
“In Europe, if they ask to do that, you have to be able to comply,” Jones said, although the European regulation does provide a “public interest” exception that includes public health or scientific reasons not to remove patient information.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference. (* Disclosure: Forescout Technologies Inc. sponsors theCUBE’s coverage of the RSA Conference. Neither Forescout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
