IoT Security Standards: Where Should the Security Lie in Our Networks?
Discussing what effective IoT security standards would look like and what government and industry leaders are doing to bring them about.
American Enterprise Institute panel, hosted by AEI’s Shane Tews, including Health-ISAC’s Director of Medical Device Security, Phil Englert.
Recording of Panel, available here:
Some quotes from Phil Englert pulled from the discussion:
We’re heading toward zero trust, where every ID is validated, best in class, the protections need to be commensurate with the risk created. Like going through TSA at the airport, you’re willing to stand in line for a certain amount of security. Have controls appropriate to the risk.
Make it a New Year’s ritual to change all your passwords and be sure to keep them all unique and complicated.
There are 10-15 connected devices for every bed in an acute care facility. Data is sent to a central collection point. An acute care center is more like a mall of specialized shops than a single business unit. They don’t operate together and neither does the equipment.
We’re beginning to see a transformation where a manufacturer has bought other MDMs to own an entire department in a hospital with the hopeful intent of interoperability.
The real challenge is to recognize what is NOT normal comms. If a patient monitor speaks to a CT, we have to know that’s not normal behavior and should have an alert that it needs to be monitored.
- Related Resources & News
- Health-ISAC Hacking Healthcare 8-26-2024
- What is Threat Intelligence? A Comprehensive Overview
- Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
- Federal Authorities Work to Boost Health-Care Cybersecurity
- Health-ISAC Hacking Healthcare 8-9-2024
- Health-ISAC Medical Device Blog – VEX
- Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
- Health-ISAC Hacking Healthcare 8-2-2024
- Protecting Healthcare Organizations with Human-Centric Email Security
- American Hospital Association and Health-ISAC Joint Threat Bulletin