Cybersecurity Incidents – A Threat to Patient Safety and Healthcare Delivery

Cybersecurity is a growing concern for healthcare facilities around the globe and the Number 1 topic on ECRI’s Top 10 Technology Hazards for 2022. Cybersecurity incidents have the potential to not only impact business operations, but disrupt care delivery and put patients at risk of physical harm.

Given the increasing number of cybersecurity issues, it’s not a matter of if but rather when an incident will impact your organization. When it happens, being prepared with an incident response plan will help you effectively respond, minimize disruption, and quickly recover from a cybersecurity incident.

Join our panel of experts from ECRI, FDA, and the healthcare delivery community for a discussion about the increasing concerns about cybersecurity risks in healthcare and actionable recommendations on how to reduce risks and meet challenges.

Learning objectives

We’ll explore:

• Current trends in cybersecurity
• Best practices for cybersecurity incident preparation
• What front line clinical staff can do to minimize the impact of cybersecurity incidents
• How device manufacturers are working to mitigate cybersecurity risks

Dr. Kevin Fu

Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity, Digital Health Center of Excellence (DHCoE)
Dr. Fu is also Associate Professor of EECS at the University of Michigan where he directs the Security and Privacy Research Group. He is most known for the original 2008 cybersecurity research paper showing vulnerabilities in an implantable cardiac defibrillator by sending specially crafted radio waves to induce uncontrolled ventricular fibrillation via an unintended wireless control channel. The prescient research led to over a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies just as ransomware and other malicious software began to disrupt clinical workflow at hospitals worldwide. Dr. Fu received his B.S., M.Eng., and Ph.D. from MIT, and was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, Fed100 Award recipient, and recipient of an IEEE Security and Privacy Test of Time Award. He has testified in the U.S. House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the U.S. National Academy of Medicine.

Dr. Christian Dameff

Medical Director of Cybersecurity and Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (affiliate), University of California San Diego
Dr. Dameff is UCSD’s first Medical Director of Cybersecurity. An emergency physician, clinical informaticist, and researcher with many published clinical works to his name, he is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent Cyber Security forums including DEFCON, RSA, Blackhat, and BSides, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.

Andrew Furman, MD, MMM, FACEP

Executive Director, Clinical Excellence, Technology Assessment, ECRI
Andrew Furman is an emergency medicine physician who has worked in clinical and leadership roles in Pennsylvania and Oregon. He worked as a quality and communications consultant within the Geisinger Health System, acting as a liaison between the closed model of care delivery at Geisinger and the more open models of care delivery in newly acquired hospitals and health systems. At Salem Health, in Salem, Oregon, he served as Vice President of Medical Affairs. After completing a Master of Medical Management degree at University of Southern California Marshall School Business, he joined Accolade in Plymouth Meeting. While at Accolade, Dr. Furman supported the organization’s mission to equip employees of self-insured companies with people, tools, and technology that empowered them to better navigate the complicated healthcare environment.

Jason Launders

Director of Operations, Device Evaluation, ECRI
Jason Launders has been at ECRI since 1998 and is currently the Director of Operations for the Device Evaluation group. Jason’s primary responsibility is managing ECRI’s laboratory based evaluations of medical technologies. Jason has an MSc in Medical Physics and spent his earlier time at ECRI evaluating a wide range of diagnostic imaging technology, such as: CT, MRI, PACS, and Digital Radiography. Today, he is responsible for developing the content of evaluations to ensure they meet the needs of our members.

Juuso Leinonen

Principal Project Officer 1, Device Evaluation, ECRI
Juuso Leinonen has been at ECRI Institute for over 7 years. As a Principle Project Officer at the Device Evaluation group he performs medical device evaluations, develops practical guidance for healthcare facilities, consults with healthcare facilities about medical technologies, and conducts accident investigations. His current subject matter expertise includes medical device cybersecurity, infusion technology, pharmacy technologies, and telehealth. He came to ECRI Institute with a background in clinical engineering from St George's Hospital London, United Kingdom and holds a bachelor’s degree in biomedical engineering from City University London, United Kingdom.

Chad Waters

Senior Project Officer, Device Evaluation, ECRI
Chad Waters is a senior cybersecurity engineer in the Health Devices group at ECRI, where he develops practical security guidance for healthcare facilities. He evaluates the security of medical devices, curates ECRI security related alerts, and consults with healthcare facilities about medical technologies. He is the principal investigator and author on security related ECRI publications, include several Top 10 Technology Hazards focusing on healthcare security. He is a subject matter expert in medical device cybersecurity and healthcare IT and participate in many industry working group. Chad arrived at ECRI Institute with 13 years’ experience in IT security and network engineering within the healthcare field. He holds a BS degree in Information Technology from Rochester Institute of Technology.