A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT - - PowerPoint PPT Presentation

a de l phi st udy of count e rme as ure s t o se curit y
SMART_READER_LITE
LIVE PREVIEW

A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT - - PowerPoint PPT Presentation

Mar 08, 2023 239 likes •381 views

A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT Y Me linda L yle s T HRE AT S IN NE T WORKE D ME DICAL DE VICE S Pro b le m Sta te me nt Purpo se o f the Re se a rc h Re se a rc h Que stio ns

slide-1
SLIDE 1

A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT Y T HRE AT S IN NE T WORKE D ME DICAL DE VICE S

Me linda L yle s

slide-2
SLIDE 2

Agenda

  • Pro b le m Sta te me nt
  • Purpo se o f the Re se a rc h
  • Re se a rc h Que stio ns
  • Summa ry o f Re se a rc h De sig n
  • Da ta Co lle c tio n Pro c e ss
  • Da ta Ana lysis T

e c hniq ue s

  • Summa ry o f F

inding s

  • Summa ry o f Co nc lusio ns
  • Summa ry o f I

mplic a tio ns

  • Re c o mme nda tio n fo r F

uture Re se a rc h

slide-3
SLIDE 3

Problem Statement

  • L

a c k o f e ffe c tive c o unte rme a sure s fo r c yb e r thre a ts to ne two rke d me dic a l de vic e s:

  • a tta c k o n a me dic a l

de vic e is like ly to o c c ur;

  • risks b e twe e n ne two rks a nd

me dic a l de vic e s;

  • se c urity risks le a ding to

una utho rize d pe rso nne l;

  • b re a c h with se nsitive da ta

pe rta ining to PHI .

slide-4
SLIDE 4

Purpose of the Research

  • Cre a te a mo de l fo r de ve lo ping

e ffe c tive c o unte rme a sure s fo r c yb e r thre a ts

  • Ne two rke d me dic a l

de vic e s;

  • He a lthc a re industry;
  • Unite d Sta te s.
slide-5
SLIDE 5

Research Questions

What are the relevant experiences in employing a schema to analyze security risks in networked medical devices?

slide-6
SLIDE 6

Summary of Research Design

  • Me thod: Qua lita tive Re se a rc h
  • De sign: De lphi Study
  • Sample Size : 15 I

T e xpe rts in he a lthc a re e xpe rie nc e with me dic a l de vic e s

  • Rationale : de ve lo pe d a mo de l

fo r e ffe c tive c o unte rme a sure s b a se d o n e xpe rie nc e s a nd pe rc e ptio ns o f I T e xpe rts in the phe no me no n with ne two rke d me dic a l de vic e s

  • Se le c tion Cr

ite r ia: I

T e xpe rts wo rking in the he a lth fie ld

slide-7
SLIDE 7

Da ta Colle c tion Proc e ss

I de ntify I T E xpe rts

(a ) Re c ruitme nt (b ) Purpo sive Sa mpling (c ) IT e xpe rt c rite ria

T he ma tic De ve lo pme nt

(a ) Ope n-e nde d inte rvie ws (b ) T hre e ro unds o f inte rvie ws (c ) Ca te g o rize d re spo nse s

T he ma tic Co nse nsus

(a ) T he me c o nse nsus de ve lo pe d (b ) Re a c hing da ta sa tura tio n

Re sults Ana lysis

(a ) T he me a na lysis (b ) Co mpa riso n a na lysis (c ) Re vie we d b usine ss te c hnic a l pro b le m with re sults

slide-8
SLIDE 8

Da ta Ana lysis T e c hnique s

F irst ro und: the ma tic a na lysis Se c o nd ro und: fre q ue nc y g ra ph T hird ro und: summa ry o f c o nfirme d re sults

slide-9
SLIDE 9

Summary of Findings

  • Ma jo r the me 1: Cyb e rse c urity thre a ts

e nc o unte re d

  • Sub the me 1a : Co nfig ura tio n Ma na g e me nt
  • Sub the me 1b : Wire le ss a nd Blue to o th Co nne c tio n
  • Sub the me 1c : I

nte rne t o f T hing s

  • Sub the me 1d: Da ta Bre a c he s
  • Sub the me 1e : I

nside r T hre a t

  • Sub the me 1f: Asse t Ma na g e me nt
  • Ma jo r the me 2: Ho w to a ddre ss

c yb e rse c urity thre a ts

  • Sub the me 2a : Co ntro ls a sse ssme nt
  • Sub the me 2b : Auto ma te d te c hno lo g y
  • Sub the me 2c : Po lic y c ha ng e s
  • Sub the me 2d: Se c urity a wa re ne ss a nd tra ining
  • Ma jo r the me 3: Me dic a l De vic e s a nd

Cyb e rthre a ts

  • Sub the me 3a : Se c urity me a sure s
  • Sub the me 3b : Cyb e rse c urity F

a ilure s E xpe rie nc e d

  • Sub the me 3c : Addre ssing Cyb e rse c urity F

a ilure s

  • Sub the me 3d: Re a so ns fo r F

a ilure

  • Sub the me 3e : Pre ve ntio n o f F

a ilure s

  • Sub the me 3f: Ana lytic a l T
  • o ls fo r Se c urity Risk
  • Ma jo r the me 4: Sc he ma s a nd Me dic a l

De vic e s

  • Sub the me 4a : Suc c e ssful Sc he ma s
  • Sub the me 4b : Diffe re nc e s b e twe e n Sc he ma s
  • Sub the me 4c : F

a ilure s with sc he ma s

1 2 3 4 5 6 7 Ma jo r the me 1: Cyb e rse c urity thre a ts e nc o unte re d Ma jo r the me 2: Ho w to a dd re ss c yb e rse c urity thre a ts Ma jo r the me 3: Me dic a l De vic e s a nd Cyb e rthre a ts Ma jo r the me 4: Sc he ma s a nd Me dic a l De vic e s

C HART REPRESENT ING Q UANT IT Y O F SUBT HEMES WIT HIN T HEMES

slide-10
SLIDE 10

Summary of Conclusions

  • Se mi-struc ture d inte rvie ws
  • Risks a nd ne two rke d me d ic a l d e vic e s we re no t

mo no lithic ,

  • F

ulfillme nt o f the Stud y wa s c o mple te d

  • Id e ntific a tio n
  • Pro te c t
  • Co ntro ls Asse ssme nt
  • Auto ma te d te c hno lo g y
  • Po lic y c ha ng e s
  • Se c urity Awa re ne ss a nd T

ra ining

  • Apply
  • Re a l-time
  • Ma nua l Imple me nta tio n
  • Mitig a tio n Risk
  • Ad d re ss
  • L
  • c kd o wn
  • Re po rt
  • Run a uto ma te d
slide-11
SLIDE 11

Summary of Implications

  • IT

E xpe rts a g re e d tha t ma nufa c ture rs a re c ruc ia l within the pro c e ss o f imple me nting se c urity whe n d e ve lo ping a nd thro ug ho ut life c yc le

  • f the d e vic e .
  • Clinic ia ns o r pa tie nts re ma in

une d uc a te d a b o ut the me tho d s fo r e va lua ting se c urity risks with ne two rke d me d ic a l d e vic e s;

  • Impa c ts fo r IT

Suppo rt a nd

  • rg a niza tio ns suppo rting ne two rke d

me d ic a l d e vic e s e nha nc e impro ve upo n c yb e rse c urity a nd d e vic e a wa re ne ss;

  • Sc ho la rs ma y le ve ra g e the mo d e l

d e ve lo pe d , e mplo ying inc re a sing e ffic ie nc y id e ntifying a re a s o f risk

slide-12
SLIDE 12

Recommendation for Future Research

  • E

xplo re a nd e xa mine

  • ho w pa tie nts use me dic a l

de vic e s

  • ho w suc h b e ha vio rs impa c t

issue s o f se c urity

  • pub lic pe rc e ptio ns o f c yb e r

he a lthc a re risks a sso c ia te d with the use o f me dic a l de vic e s a nd if suc h pe rc e ptio ns a lte r the use o f de vic e s a nd/ o r individua l he a lth o utc o me s

  • Ho spita ls fro m whic h the se

de vic e s c o me

  • Ho w do ho spita ls c re a te

IT po lic y b a se d o n c yb e rse c urity risk?

  • In wha t wa ys do the
  • rg a niza tio na l e le me nts
  • f the ho spita l dic ta te

ho w the y ma na g e c yb e rse c urity risks?

slide-13
SLIDE 13

Continue Recommendati

  • n for Future

Research

  • Using the mo de l de ve lo pe d
  • g a ug e ho w suc h a mo de l is

suc c e ssful in he lping pre ve nt c yb e rse c urity a tta c ks o n me dic a l de vic e s

  • Using a Ca se Study
  • ho w this mo de l a ids spe c ific

ho spita ls, o r spe c ific type s o f me dic a l de vic e s, fro m c yb e ra tta c ks

  • Re g ula tio ns
  • Sta te to sta te
  • Sta te to F

e de ra l

  • Va ria nc e with c yb e rse c urity

c o mpa ring diffe re nt me dic a l de vic e s