How To Be A Successful Health Care Security Consultant

Transcription

1 Cybersecurity and Interoperability: Working together for Patient Safety Sponsored by

2 In his current role, Bill provides executive leadership and oversight to Information Security programs and to the Governance, Risk Management, and Compliance (GRC) process, in support of CareFusion s strategic business needs. Before joining CareFusion, Bill s work experience spanned entrepreneurial start-ups, small business consulting, and Security leadership roles for various institutions, some of which include: EMC, Wells Fargo, On Semiconductor and Motorola. Prior to that, Bill spent several years in the trade publishing industry, as both a writer and editor, as well as survived a brief descent into madness in advertising and public relations.

3 Today s Session Sponsored by Introducing our panelists Scott Stuewe Cerner Director, Cerner Network and Chair of the Commonwell Health Alliance Program Management Committee

4 Today s Session Sponsored by Introducing our panelists Gavin O brien NIST / NCCoE Computer Scientist at the National Institute of Standards and Technology (NIST) and National Cybersecurity Center of Excellence (NCCoE)

5 Today s Session Sponsored by Introducing our panelists Kurt Grutzmacher CYLANCE Technical Director, Offensive Security Scenarios

6 Today s Session Sponsored by Introducing our panelists Peter DeVault Epic Director of Interoperability HIT Policy Committee s Information Exchange Workgroup

7 And now We d like to ask each of our panelists to provide an introductory statement.

8 Introductory statement Scott Stuewe Today s Session Sponsored by

9 Committed to IHE And to Interoperability Cerner actively supports IHE efforts to foster national adoption of a consistent set of information standards to enable interoperability of health IT systems st bedside medical device connection -Mayo 2003 Autoprogramming for infusion pumps introduced 2007 Launched Cerner Certification Program for medical devices 2008 Industry First EHRintegrated connectivity and alerting solution to market 2009 Alarming solution introduced st CareAware Infusion Suite implementati on -Wellspan 2011 Alarming solution integrated with nurse call system Worked with clients to create SharedHealth, a medicaid driven HIE 2009 Since their inception, participated in the ONC Health IT Policy and Standards Committee Developed Interoperability Certification program 2014 Demonstrated the use of FHIR standards with Boston Children s Hospital at HIMSS14 Created the Cerner Network business unit focused on interoperability Donated 200,000+ lines of Java code since 2009 to the Direct Project Participating in Argonaut Project Deployed workflow-driven Direct capabilities to all US clients

10 Safeguard doors Protect data at rest Protect data in transit

11 Introductory statement Gavin O Brien Today s Session Sponsored by

12 NCCoE VISION ADVANCE CYBERSECURITY A secure cyber infrastructure that inspires technological innovation and fosters economic growth MISSION ACCELERATE ADOPTION OF SECURE TECHNOLOGIES Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs GOAL 1 Welcome to the NCCoE PROVIDE PRACTICAL CYBERSECURITY Help people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable GOAL 2 INCREASE RATE OF ADOPTION Enable companies to rapidly deploy commercially available cybersecurity technologies by reducing technological, educational and economic barriers to adoption GOAL 3 ACCELERATE INNOVATION Empower innovators to creatively address businesses most pressing cybersecurity challenges in a state-ofthe-art, collaborative environment

13 NIST ITL The NCCoE is part of the NIST Information Technology Laboratory and operates in close collaboration with the Computer Security Division. As a part of the NIST family, the center has access to a foundation of prodigious expertise, resources, relationships and experience. PARTNERSHIPS Established in 2012 through a partnership between NIST, the State of Maryland and Montgomery County, the NCCoE meets businesses most pressing cybersecurity needs with reference designs that can be deployed rapidly. NIST CYBERSECURITY THOUGHT LEADERSHIP Cryptography Identity management Key management Risk management Secure virtualization Software assurance Security automation Security for cloud and mobility Hardware roots of trust Vulnerability management Secure networking Usability and security Welcome to the NCCoE

14 HEALTHCARE SECTOR PROJECTS EHR and Mobile Devices Medical Devices: Wireless Infusion Pumps Gudelsky Drive Rockville, MD 20850

15 Introductory statement Kurt Grutzmacher Today s Session Sponsored by

16 Who am I? Kurt Grutzmacher! Technical Director at Cylance, Inc. 17+ Years Offensive Security Experience Previous work at Cisco Systems, Pacific Gas & Electric and Federal Reserve System Hacker of embedded systems (aka the Internet Of Things )

17 Product/Solutions Portfolio Alert Management Services Compromise Assessment V-API V-Forensics V-Gateway V-Helpdesk Endpoint Agent Cloud management Silent / small footprint Execution Control Detects Zero Day Malware Daily Activity Monitoring Alert Processing Deep Malware Analysis Weekly Alert Reports Gap Protection Block PUPs & RATS Services Engagement Finds Compromised Credentials Threat Priority Supports All O/S Detection Only Detection and Protection Ongoing Prevention Management Detection & Prevention Analytics

18 How do we do it? Algorithmic Science EXTRACT TRANSFORM, VECTORIZE & TRAIN COLLECT GOOD CLASSIFY & CLUSTER BAD

19 Introductory statement Peter DeVault Today s Session Sponsored by

20 54% of the U.S. Population (174 million patients) 183 million worldwide (2.5%) ~342 customers 315,500 EHR physicians RED > 40% of patients are or will be covered by EpicCare PINK 1-40% of patients are or will be covered by EpicCare GREY Non-Clinical Customers

21 8.3 million Patient Records Exchanged Monthly More than 12,500 Live Interfaces 69 billion messages in different vendors via Standards-Based Exchange of CCD/C-CDA Documents both Epic to Epic and Epic to non-epic

22 Today s Session Sponsored by Please think of questions to ask our panelists Scott Stuewe Director, Cerner Network Chair of the Commonwell Health Alliance Program Management Committee Gavin O brien Computer Scientist at the National Institute of Standards and Technology (NIST) Kurt Grutzmacher Technical Director, Offensive Security Scenarios Peter DeVault Director of Interoperability, Epic HIT Policy Committee s Information Exchange Workgroup

23 Final Audience Q&A Thank you!!! Today s Session Sponsored by