Why Should You Attend:
Medical device security risk has become an executive management issue, requiring commitment and funding to develop proactive procurement processes and controls to decrease the risks of potential harm to patients and threats to hospital networks. Incorporating a new and consistent approach for procuring connected medical devices and gaining visibility into their risk is critical in identifying and addressing risks to safety, security, and privacy.
For many healthcare delivery organizations, security is an afterthought when procuring medical devices and is the responsibility of healthcare technology management and information technology to secure the devices when put into the healthcare delivery organization environment. Many of those who do include security within procurement have proprietary questionnaires that are unique to each individual healthcare delivery organization.
Considerations offered and discussed will be related to how to integrate security into device procurement and take a risk-based approach to acquiring and fielding devices based on specifications, published guidance, and insights from industry leading practices.
Areas Covered in the Webinar:
Medical device security landscape
Medical device manufacturer leading practices
Overview of security integration with device procurement
Vendor-level assessment approach and available resources
Device-level assessment approach and available resources
Security questionnaire
Security risk assessment
Technical security testing
Inclusion of security into contractual terms and available resources
Medical device security risk has become an executive management issue, requiring commitment and funding to develop proactive procurement processes and controls to decrease the risks of potential harm to patients and threats to hospital networks. Incorporating a new and consistent approach for procuring connected medical devices and gaining visibility into their risk is critical in identifying and addressing risks to safety, security, and privacy.
For many healthcare delivery organizations, security is an afterthought when procuring medical devices and is the responsibility of healthcare technology management and information technology to secure the devices when put into the healthcare delivery organization environment. Many of those who do include security within procurement have proprietary questionnaires that are unique to each individual healthcare delivery organization.
Considerations offered and discussed will be related to how to integrate security into device procurement and take a risk-based approach to acquiring and fielding devices based on specifications, published guidance, and insights from industry leading practices.
Areas Covered in the Webinar:
Medical device security landscape
Medical device manufacturer leading practices
Overview of security integration with device procurement
Vendor-level assessment approach and available resources
Device-level assessment approach and available resources
Security questionnaire
Security risk assessment
Technical security testing
Inclusion of security into contractual terms and available resources
Speakers
Nick Sikorski, Manager, Deloitte & Touche LLPGlobal Strategy and Solutions Leader for Deloitte & Touche’s Product Safety and Security practice responsible for securing connected products across various industries
Primarily works with Medical Device Manufacturers and Healthcare Providers designing, developing, and implementing enterprise level Product Security Programs
Extensive experience assisting product manufacturers and consumer organizations with the securing of their connected products throughout the product lifecycle
With product manufacturers, Nick has worked to implement security and privacy by design practices and to conduct postmarket patch and vulnerability management
With consumer organizations (e.g., healthcare providers), Nick has worked to integrate security into product procurement and to implement asset management, vulnerability monitoring, and risk management practices
Beyond consulting, Nick is active across the life sciences and health care industry through his work on the Association for the Advancement of Medical Instrumentation’s (AAMI) medical device security workgroup
Nick received a B.S. degree in Civil Engineering from the University of Notre Dame and holds Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP) credentialsPhil Englert, Specialist Leader, Deloitte & Touche LLP
Over 23 years of operational leadership for a large healthcare system
While primarily focused on leading strategy, operations, and security for healthcare technology management, additional responsibilities included leading the enterprise business resilience effort, and key roles in IT security governance, incident response, and IT security standards
Provided active governance and oversight roles for data privacy, protection, and enterprise response to data related incidents, which included incident analysis, responses based on impacted data sets and exploit vectors and governance requirements
Provided key leadership in the development and delivery of a cooperative and integrated Clinical Engineering, IT Security, Legal, and Corporate Responsibility effort enabling a comprehensive medical device security program and ensured sustaining the mission in a cyber-hostile environment
Technical and management experience with manufacturing and third party service organizations and has lead strategy, operations, and security for healthcare delivery vertical
Lead multidisciplinary teams to assess and address medical device security, developed operational and quality benchmarking programs, and created and delivered successful life cycle management strategies
A key leader in strategy and tactics development for $250M multifunctional services organization supporting over 100 Acute Care facilities in 20 states
Championed the First Initiatives extended warranty program, resulting in more than $20M savings
Fostered key vendor relationships & negotiated master agreement terms that altered service delivery across the industry
Developed collaborative and flexible partnerships enabling optimal engagement in an evolving market
