Do No Harm - Protecting Connected Medical Devices, Healthcare, Data From Hackers

Read more

Discover the security risks that accompany the widespread adoption of new medical devices and how to mitigate them
 
In Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States, cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.
 
You'll learn how the high barriers to entry for innovation in the field of healthcare are impeding necessary change and how innovation accessibility must be balanced against regulatory compliance and privacy to ensure safety.
 
In this important book, the author describes:
* The increasing expansion of medical devices and the dark side of the high demand for medical devices
* The medical device regulatory landscape and the dilemmas hospitals find themselves in with respect medical devices
* Practical steps that individuals and businesses can take to encourage the adoption of safe and helpful medical devices or mitigate the risk of having insecure medical devices
* How to help individuals determine the difference between protected health information and the information from health devices--and protecting your data
* How to protect your health information from cell phones and applications that may push the boundaries of personal privacy
* Why cybercriminals can act with relative impunity against hospitals and other organizations
 
Perfect for healthcare professionals, system administrators, and medical device researchers and developers, Do No Harm is an indispensable resource for anyone interested in the intersection of patient privacy, cybersecurity, and the world of Internet of Medical Things.

List of contents

Preface xviii
 
Introduction xxi
 
Part I Defining the Challenge 1
 
Chapter 1 The Darker Side of High Demand 3
 
Connected Medical Device Risks 4
 
Ransomware 4
 
Risks to Data 7
 
Escalating Demand 10
 
Types of Internet-Connected Medical Devices 11
 
COVID-19 Trending Influences 12
 
By the Numbers 13
 
Telehealth 15
 
Home Healthcare 15
 
Remote Patient Monitoring 16
 
The Road to High Risk 16
 
Innovate or Die 19
 
In Summary 26
 
Chapter 2 The Internet of Medical Things in Depth 27
 
What Are Medical Things? 28
 
Telemedicine 29
 
Data Analytics 30
 
Historical IoMT Challenges 31
 
IoMT Technology 36
 
Electronic Boards 36
 
Operating Systems 37
 
Software Development 38
 
Wireless 39
 
Wired Connections 43
 
The Cloud 43
 
Mobile Devices and Applications 46
 
Clinal Monitors 47
 
Websites 48
 
Putting the Pieces Together 48
 
Current IoMT Challenges 48
 
In Summary 50
 
Chapter 3 It is a Data-Centric World 53
 
The Volume of Health Data 53
 
Data is That Important 55
 
This is Data Aggregation? 57
 
Non-HIPAA Health Data? 59
 
Data Brokers 60
 
Big Data 63
 
Data Mining Automation 68
 
In Summary 70
 
Chapter 4 IoMT and Health Regulation 73
 
Health Regulation Basics 73
 
FDA to the Rescue? 77
 
The Veterans Affairs and UL 2900 81
 
In Summary 83
 
Chapter 5 Once More into the Breach 85
 
Grim Statistics 86
 
Breach Anatomy 89
 
Phishing, Pharming, Vishing, and Smishing 90
 
Web Browsing 92
 
Black-Hat Hacking 93
 
IoMT Hacking 94
 
Breach Locations 95
 
In Summary 95
 
Chapter 6 Say Nothing of Privacy 97
 
Why Privacy Matters 98
 
Privacy History in the United States 101
 
The 1990s Turning Point 103
 
HIPAA Privacy Rules 104
 
HIPAA and Pandemic Privacy 104
 
Contact Tracing 106
 
Corporate Temperature Screenings 107
 
A Step Backward 107
 
The New Breed of Privacy Regulations 108
 
California Consumer Privacy Act 108
 
CCPA, AB-713, and HIPAA 109
 
New York SHIELD Act 111
 
Nevada Senate Bill 220 111
 
Maine: An Act to Protect the Privacy of Online Consumer Information 112
 
States Striving for Privacy 112
 
International Privacy Regulations 113
 
Technical and Operational Privacy Considerations 114
 
Non-IT Considerations 115
 
Impact Assessments 115
 
Privacy, Technology, and Security 115
 
Privacy Challenges 117
 
Common Technologies 118
 
The Manufacturer's Quandary 119
 
Bad Behavior 121
 
In Summary 122
 
Chapter 7 The Short Arm of the Law 123
 
Legal Issues with Hacking 124
 
White-Hat Hackers 125
 
Gray-Hat Hackers 125
 
Black-Hat Hackers 127
 
Computer Fraud and Abuse Act 127
 
The Electronic Communications Privacy Act 128
 
Cybercrime Enforcement 128
 
Results of Legal Shortcomings 131
 
In Summary 132
 
Chapter 8 Threat Actors and Their Arsenal 135
 
The Threat Actors 136
 
Amateur Hackers 136
 
Insiders 136
 
Hacktivists 137
 
Advanced Persistent Threats 138
 
Organized Crime 138
 
Nation-States 139
 
Nat

About the author

MATTHEW WEBSTER is a Chief Information Security Officer with 25 years of IT and information security experience. During that time, he has worked with many sizes and sectors of organizations including Fortune 100. Matthew has built several security programs from the ground up, significantly reduced risk, and helped companies pass multiple types of security audits.

Summary

Discover the security risks that accompany the widespread adoption of new medical devices and how to mitigate them

In Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States, cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.

You'll learn how the high barriers to entry for innovation in the field of healthcare are impeding necessary change and how innovation accessibility must be balanced against regulatory compliance and privacy to ensure safety.

In this important book, the author describes:
* The increasing expansion of medical devices and the dark side of the high demand for medical devices
* The medical device regulatory landscape and the dilemmas hospitals find themselves in with respect medical devices
* Practical steps that individuals and businesses can take to encourage the adoption of safe and helpful medical devices or mitigate the risk of having insecure medical devices
* How to help individuals determine the difference between protected health information and the information from health devices--and protecting your data
* How to protect your health information from cell phones and applications that may push the boundaries of personal privacy
* Why cybercriminals can act with relative impunity against hospitals and other organizations

Perfect for healthcare professionals, system administrators, and medical device researchers and developers, Do No Harm is an indispensable resource for anyone interested in the intersection of patient privacy, cybersecurity, and the world of Internet of Medical Things.