The impact of Cyber Security incidents on society is high, and in critical infrastructures such as healthcare it impacts the ability for hospitals to provide care. Cybersecurity for medical devices is not just about safety, it should also protect the confidentiality, integrity and availability of systems and data. This seminar will provide you with an understanding of cybersecurity and its increasing regulatory focus and how to embed and apply state-of-the-art security in your existing processes to deliver safe and secure products and solutions.
Benefits in attending
- Gain a comprehensive overview of the EU, US and global regulations
- Introduction to the various healthcare security standards and their application
- Best practices on how to embed security by design in existing processes
- Receive practical advice on threat modelling
- Better understand security risk management and its linkage to safety management
- Understand shared responsibility and the information needs
Certifications:
- CPD: 12 hours for your records
- Certificate of completion
Agenda
Day 1
Introduction to cybersecurity
Cybersecurity regulatory overview
- For the manufacturer (both medical and non-medical)
- For the user (hospital)
- US focus (FDA, Biden's Executive Order on Improving the Nation’s Cybersecurity)
- EU focus (MDR, MDCG Guidance and upcoming NIS2)
- Global focus (IMDRF and guidance’s around the world)
Security by design
- An introduction to IEC 81001-5-1:2021 Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle
- Supply chain
- Secure coding
- Testing
- Monitoring
- Coordinated vulnerability disclosure
- Obsolescence/security updates
Security risk management
- Methodologies
- Introduction to threat modeling
- Relation to safety risk management
Day 2
Threat modeling
- Introduction to threat modeling
- Threat modeling exercise
Shared responsibility and the hospital view
Security standards
- For processes
- For products (MD and SaMD)
- For health and wellness apps
- For services and cloud
- For hospitals
- Security certifications
Further security considerations
- Security in the development, manufacturing and service environments
- Shared responsibility
- Security information, e.g., MDS2
Speakers
Ben Kokx,
PhilipsBen Kokx joined Philips in 2001 as a software designer. He quickly moved into a new role as a product security and privacy officer and worked as such in several business and market positions. As Director Product Security within the central Philips Product Security Office, he is responsible for security related standards and regulations next for the Philips Product Security Policy and Process Framework since 2013. Ben is a healthcare and IoT security expert who leads and participates in several industry associations and standard development organizations like ISO/IEC JTC 1/SC 27, IEC ACSEC, IEC TC62/ISO TC 215, IEC TC65, ETSI TC-CYBER and others. He is the convenor of CEN/CENELEC JTC 13/WG 6 on product security. Ben is an ENISA eHealth cybersecurity expert, chairs the COCIR Cybersecurity focus group and through DITTA, participates in several public-private organizations such as the IMDRF cybersecurity workgroup.
Who Should Attend
- Security and privacy specialists
- Risk managers and architects
- R&D, product and project managers
- Regulatory and quality managers
- Software engineers
- Healthcare IT consultants and auditors