Do No Harm
Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States
1st Edition
Published on 9. June 2021
400 pages
978-1-119-79404-2 (ISBN)
Description
Discover the security risks that accompany the widespread adoption of new medical devices and how to mitigate them
In Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States, cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.
You'll learn how the high barriers to entry for innovation in the field of healthcare are impeding necessary change and how innovation accessibility must be balanced against regulatory compliance and privacy to ensure safety.
In this important book, the author describes:
* The increasing expansion of medical devices and the dark side of the high demand for medical devices
* The medical device regulatory landscape and the dilemmas hospitals find themselves in with respect medical devices
* Practical steps that individuals and businesses can take to encourage the adoption of safe and helpful medical devices or mitigate the risk of having insecure medical devices
* How to help individuals determine the difference between protected health information and the information from health devices--and protecting your data
* How to protect your health information from cell phones and applications that may push the boundaries of personal privacy
* Why cybercriminals can act with relative impunity against hospitals and other organizations
Perfect for healthcare professionals, system administrators, and medical device researchers and developers, Do No Harm is an indispensable resource for anyone interested in the intersection of patient privacy, cybersecurity, and the world of Internet of Medical Things.
In Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States, cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.
You'll learn how the high barriers to entry for innovation in the field of healthcare are impeding necessary change and how innovation accessibility must be balanced against regulatory compliance and privacy to ensure safety.
In this important book, the author describes:
* The increasing expansion of medical devices and the dark side of the high demand for medical devices
* The medical device regulatory landscape and the dilemmas hospitals find themselves in with respect medical devices
* Practical steps that individuals and businesses can take to encourage the adoption of safe and helpful medical devices or mitigate the risk of having insecure medical devices
* How to help individuals determine the difference between protected health information and the information from health devices--and protecting your data
* How to protect your health information from cell phones and applications that may push the boundaries of personal privacy
* Why cybercriminals can act with relative impunity against hospitals and other organizations
Perfect for healthcare professionals, system administrators, and medical device researchers and developers, Do No Harm is an indispensable resource for anyone interested in the intersection of patient privacy, cybersecurity, and the world of Internet of Medical Things.
More details
Other editions
Additional editions
Matthew Webster
Do No Harm
Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States
Book
09/2021
1st Edition
Wiley
€28.50
Shipment within 15-20 days
Person
MATTHEW WEBSTER is a Chief Information Security Officer with 25 years of IT and information security experience. During that time, he has worked with many sizes and sectors of organizations including Fortune 100. Matthew has built several security programs from the ground up, significantly reduced risk, and helped companies pass multiple types of security audits.
Content
- Cover
- Title Page
- Copyright Page
- About the Author
- Acknowledgments
- Contents at a Glance
- Contents
- Preface
- Introduction
- What Does This Book Cover?
- How to Contact the Publisher
- How to Contact the Author
- Part 1 Defining the Challenge
- Chapter 1 The Darker Side of High Demand
- Connected Medical Device Risks
- Ransomware
- Risks to Data
- Escalating Demand
- Types of Internet-Connected Medical Devices
- COVID-19 Trending Influences
- By the Numbers
- Telehealth
- Home Healthcare
- Remote Patient Monitoring
- The Road to High Risk
- Innovate or Die
- In Summary
- Chapter 2 The Internet of Medical Things in Depth
- What Are Medical Things?
- Telemedicine
- Data Analytics
- Historical IoMT Challenges
- IoMT Technology
- Electronic Boards
- Operating Systems
- Software Development
- Wireless
- Wired Connections
- The Cloud
- Mobile Devices and Applications
- Clinal Monitors
- Websites
- Putting the Pieces Together
- Current IoMT Challenges
- In Summary
- Chapter 3 It Is a Data-Centric World
- The Volume of Health Data
- Data Is That Important
- This Is Data Aggregation?
- Non-HIPAA Health Data?
- Data Brokers
- Big Data
- Data Mining Automation
- In Summary
- Chapter 4 IoMT and Health Regulation
- Health Regulation Basics
- FDA to the Rescue?
- The Veterans Affairs and UL 2900
- In Summary
- Chapter 5 Once More into the Breach
- Grim Statistics
- Breach Anatomy
- Phishing, Pharming, Vishing, and Smishing
- Web Browsing
- Black-Hat Hacking
- IoMT Hacking
- Breach Locations
- In Summary
- Chapter 6 Say Nothing of Privacy
- Why Privacy Matters
- Privacy History in the United States
- The 1990s Turning Point
- HIPAA Privacy Rules
- HIPAA and Pandemic Privacy
- Contact Tracing
- Corporate Temperature Screenings
- A Step Backward
- The New Breed of Privacy Regulations
- California Consumer Privacy Act
- CCPA, AB-713, and HIPAA
- New York SHIELD Act
- Nevada Senate Bill 220
- Maine: An Act to Protect the Privacy of Online Consumer Information
- States Striving for Privacy
- International Privacy Regulations
- Technical and Operational Privacy Considerations
- Non-IT Considerations
- Impact Assessments
- Privacy, Technology, and Security
- Privacy Challenges
- Common Technologies
- The Manufacturer's Quandary
- Bad Behavior
- In Summary
- Chapter 7 The Short Arm of the Law
- Legal Issues with Hacking
- White-Hat Hackers
- Gray-Hat Hackers
- Black-Hat Hackers
- Computer Fraud and Abuse Act
- The Electronic Communications Privacy Act
- Cybercrime Enforcement
- Results of Legal Shortcomings
- In Summary
- Chapter 8 Threat Actors and Their Arsenal
- The Threat Actors
- Amateur Hackers
- Insiders
- Hacktivists
- Advanced Persistent Threats
- Organized Crime
- Nation-States
- Nation-States' Legal Posture
- The Deep, Dark Internet
- Tools of the Trade
- Types of Malware
- Malware Evolution
- Too Many Strains
- Malware Construction Kits
- In Summary
- Part 2 Contextual Challenges and Solutions
- Chapter 9 Enter Cybersecurity
- What Is Cybersecurity?
- Cybersecurity Basics
- Cybersecurity Evolution
- Key Disciplines in Cybersecurity
- Compliance
- Patching
- Antivirus
- Network Architecture
- Application Architecture
- Threat and Vulnerability
- Identity and Access Management
- Monitoring
- Incident Response
- Digital Forensics
- Configuration Management
- Training
- Risk Management
- In Summary
- Chapter 10 Network Infrastructure and IoMT
- In the Beginning
- Networking Basics: The OSI Model
- Mistake: The Flat Network
- Resolving the Flat Network Mistake
- Alternate Network Defensive Strategies
- Network Address Translation
- Virtual Private Networks
- Network Intrusion Detection Protection Tools
- Deep Packet Inspection
- Web Filters
- Threat Intelligence Gateways
- Operating System Firewalls
- Wireless Woes
- In Summary
- Chapter 11 Internet Services Challenges
- Internet Services
- Network Services
- Websites
- IoMT Services
- Other Operating System Services
- Open-Source Tools Are Safe, Right?
- Cloud Services
- Internet-Related Services Challenges
- Domain Name Services
- Deprecated Services
- Internal Server as an Internet Servers
- The Evolving Enterprise
- In Summary
- Chapter 12 IT Hygiene and Cybersecurity
- The IoMT Blues
- IoMT and IT Hygiene
- Past Their Prime
- Selecting IoMT
- IoMT as Workstations
- Mixing IoMT with IoT
- The Drudgery of Patching
- Mature Patching Process
- IoMT Patching
- Windows Patching
- Linux Patching
- Mobile Device Patching
- Final Patching Thoughts
- Antivirus Is Enough, Right?
- Antivirus Evolution
- Solution Interconnectivity
- Antivirus in Nooks and Crannies
- Alternate Solutions
- IoMT and Antivirus
- The Future of Antivirus
- Antivirus Summary
- Misconfigurations Galore
- The Process for Making Changes
- Have a Configuration Strategy
- IoMT Configurations
- Windows System Configurations
- Linux Configurations
- Application Configurations
- Firewall Configurations
- Mobile Device Misconfigurations
- Database Configurations
- Configuration Drift
- Configuration Tools
- Exception Management
- Enterprise Considerations
- In Summary
- Chapter 13 Identity and Access Management
- Minimal Identity Practices
- Local Accounts
- Domain/Directory Accounts
- Service Accounts
- IoMT Accounts
- Physical Access Accounts
- Cloud Accounts
- Consultants, Contractors, and Vendor Accounts
- Identity Governance
- Authentication
- Password Pain
- Multi-factor Authentication
- Other Authentication Considerations
- Dealing with Password Pain
- MFA Applicability
- Aging Systems
- Privileged Access Management
- Roles
- Password Rotation
- MFA Access
- Adding Network Security
- Other I&AM Technologies
- Identity Centralization
- Identity Management
- Identity Governance Tools
- Password Tools
- In Summary
- Chapter 14 Threat and Vulnerability
- Vulnerability Management
- Traditional Infrastructure Vulnerability Scans
- Traditional Application Vulnerability Scans
- IoMT Vulnerability Challenges
- Rating Vulnerabilities
- Vulnerability Management Strategies
- Asset Exposure
- Importance
- Compensating Controls
- Zero-Day Vulnerabilities
- Less-Documented Vulnerabilities
- Putting It All Together
- Additional Vulnerability Management Uses
- Penetration Testing
- What Color Box?
- What Color Team?
- Penetration Testing Phases
- Penetration Testing Strategies
- Cloud Considerations
- New Tools of an Old Trade
- MITRE ATT&CK Framework
- Breach and Attack Simulation
- Crowd Source Penetration Testing
- Calculating Threats
- In Summary
- Chapter 15 Data Protection
- Data Governance
- Data Governance: Ownership
- Data Governance: Lifecycle
- Data Governance: Encryption
- Data Governance: Data Access
- Closing Thoughts
- Data Loss Prevention
- Fragmented DLP Solutions
- DLP Challenges
- Enterprise Encryption
- File Encryption
- Encryption Gateways
- Data Tokenization
- In Summary
- Chapter 16 Incident Response and Forensics
- Defining the Context
- Logs
- Alerts
- SIEM Alternatives
- Incidents
- Breaches
- Incident Response
- Evidence Handling
- Forensic Tools
- Automation
- EDR and MDR
- IoMT Challenges
- Lessons Learned
- In Summary
- Chapter 17 A Matter of Life, Death, and Data
- Organizational Structure
- Board of Directors
- Chief Executive Officer
- Chief Information Officer
- General Counsel
- Chief Technology Officer
- Chief Medical Technology Officer
- Chief Information Security Officer
- Chief Compliance Officer
- Chief Privacy Officer
- Reporting Structures
- Committees
- Risk Management
- Risk Frameworks
- Determining Risk
- Third-Party Risk
- Risk Register
- Enterprise Risk Management
- Final Thoughts on Risk Management
- Mindset Challenges
- The Compliance-Only Mindset
- Cost Centers
- Us Versus Them
- The Shiny Object Syndrome
- Never Disrupt the Business
- It's Just an IT Problem
- Tools over People
- We Are Not a Target
- The Bottom Line
- Final Mindset Challenges
- Decision-Making
- A Measured View
- Communication Is Key
- Enterprise Risk Management
- Writing and Sign-Off
- Data Protection Considerations
- In Summary
- Part 3 Looking Forward
- Chapter 18 Seeds of Change
- The Shifting Legal Landscape
- Attention on Data Brokers
- Data Protection Agency
- IoT Legislation
- Privacy Legislation
- A Ray of Legal Light
- International Agreements
- Public-Private Partnerships
- Better National Coordination
- International Cooperation
- Technology Innovation
- Threat Intelligence
- Machine Learning Revisited
- Zero Trust
- Final Technology Thoughts
- Leadership Shakeups
- Blended Approaches
- In Summary
- Chapter 19 Doing Less Harm
- What IoMT Manufacturers Can Do
- Cybersecurity as Differentiator
- What Covered Entities Can Do
- Cybersecurity Decision-Making
- Compliance Anyone?
- The Tangled Web of Privacy
- Aggregation of Influence
- Cybersecurity Innovators
- Industrial Control Systems Overlap
- What You Can Do
- Personal Cybersecurity
- Politics
- In Summary
- Chapter 20 Changes We Need
- International Cooperation
- Covered Entities
- Questions a Board Should Ask
- More IoMT Security Assurances
- Active Directory Integration
- Software Development
- Independent Measures
- In Summary
- Glossary
- Index
- EULA
