Cybersecurity and Interoperability: Working together for Patient Safety Sponsored by
In his current role, Bill provides executive leadership and oversight to Information Security programs and to the Governance, Risk Management, and Compliance (GRC) process, in support of CareFusion s strategic business needs. Before joining CareFusion, Bill s work experience spanned entrepreneurial start-ups, small business consulting, and Security leadership roles for various institutions, some of which include: EMC, Wells Fargo, On Semiconductor and Motorola. Prior to that, Bill spent several years in the trade publishing industry, as both a writer and editor, as well as survived a brief descent into madness in advertising and public relations.
Today s Session Sponsored by Introducing our panelists Scott Stuewe Cerner Director, Cerner Network and Chair of the Commonwell Health Alliance Program Management Committee
Today s Session Sponsored by Introducing our panelists Gavin O brien NIST / NCCoE Computer Scientist at the National Institute of Standards and Technology (NIST) and National Cybersecurity Center of Excellence (NCCoE)
Today s Session Sponsored by Introducing our panelists Kurt Grutzmacher CYLANCE Technical Director, Offensive Security Scenarios
Today s Session Sponsored by Introducing our panelists Peter DeVault Epic Director of Interoperability HIT Policy Committee s Information Exchange Workgroup
And now We d like to ask each of our panelists to provide an introductory statement.
Introductory statement Scott Stuewe Today s Session Sponsored by
Committed to IHE And to Interoperability Cerner actively supports IHE efforts to foster national adoption of a consistent set of information standards to enable interoperability of health IT systems. 1998 1 st bedside medical device connection -Mayo 2003 Autoprogramming for infusion pumps introduced 2007 Launched Cerner Certification Program for medical devices 2008 Industry First EHRintegrated connectivity and alerting solution to market 2009 Alarming solution introduced 2010 1 st CareAware Infusion Suite implementati on -Wellspan 2011 Alarming solution integrated with nurse call system 1995 2000 2005 2010 2015 2007 Worked with clients to create SharedHealth, a medicaid driven HIE 2009 Since their inception, participated in the ONC Health IT Policy and Standards Committee Developed Interoperability Certification program 2014 Demonstrated the use of FHIR standards with Boston Children s Hospital at HIMSS14 Created the Cerner Network business unit focused on interoperability Donated 200,000+ lines of Java code since 2009 to the Direct Project Participating in Argonaut Project Deployed workflow-driven Direct capabilities to all US clients
Safeguard doors Protect data at rest Protect data in transit
Introductory statement Gavin O Brien Today s Session Sponsored by
NCCoE VISION ADVANCE CYBERSECURITY A secure cyber infrastructure that inspires technological innovation and fosters economic growth MISSION ACCELERATE ADOPTION OF SECURE TECHNOLOGIES Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs GOAL 1 Welcome to the NCCoE PROVIDE PRACTICAL CYBERSECURITY Help people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable GOAL 2 INCREASE RATE OF ADOPTION Enable companies to rapidly deploy commercially available cybersecurity technologies by reducing technological, educational and economic barriers to adoption GOAL 3 ACCELERATE INNOVATION Empower innovators to creatively address businesses most pressing cybersecurity challenges in a state-ofthe-art, collaborative environment
NIST ITL The NCCoE is part of the NIST Information Technology Laboratory and operates in close collaboration with the Computer Security Division. As a part of the NIST family, the center has access to a foundation of prodigious expertise, resources, relationships and experience. PARTNERSHIPS Established in 2012 through a partnership between NIST, the State of Maryland and Montgomery County, the NCCoE meets businesses most pressing cybersecurity needs with reference designs that can be deployed rapidly. NIST CYBERSECURITY THOUGHT LEADERSHIP Cryptography Identity management Key management Risk management Secure virtualization Software assurance Security automation Security for cloud and mobility Hardware roots of trust Vulnerability management Secure networking Usability and security Welcome to the NCCoE
HEALTHCARE SECTOR PROJECTS EHR and Mobile Devices Medical Devices: Wireless Infusion Pumps 240-314-6800 hit_nccoe@nist.gov http://nccoe.nist.gov 9600 Gudelsky Drive Rockville, MD 20850
Introductory statement Kurt Grutzmacher Today s Session Sponsored by
Who am I? Kurt Grutzmacher! Technical Director at Cylance, Inc. 17+ Years Offensive Security Experience Previous work at Cisco Systems, Pacific Gas & Electric and Federal Reserve System Hacker of embedded systems (aka the Internet Of Things )
Product/Solutions Portfolio Alert Management Services Compromise Assessment V-API V-Forensics V-Gateway V-Helpdesk Endpoint Agent Cloud management Silent / small footprint Execution Control Detects Zero Day Malware Daily Activity Monitoring Alert Processing Deep Malware Analysis Weekly Alert Reports Gap Protection Block PUPs & RATS Services Engagement Finds Compromised Credentials Threat Priority Supports All O/S Detection Only Detection and Protection Ongoing Prevention Management Detection & Prevention Analytics
How do we do it? Algorithmic Science EXTRACT TRANSFORM, VECTORIZE & TRAIN COLLECT GOOD CLASSIFY & CLUSTER BAD
Introductory statement Peter DeVault Today s Session Sponsored by
54% of the U.S. Population (174 million patients) 183 million worldwide (2.5%) ~342 customers 315,500 EHR physicians RED > 40% of patients are or will be covered by EpicCare PINK 1-40% of patients are or will be covered by EpicCare GREY Non-Clinical Customers
8.3 million Patient Records Exchanged Monthly More than 12,500 Live Interfaces 69 billion messages in 2014 664 different vendors via Standards-Based Exchange of CCD/C-CDA Documents both Epic to Epic and Epic to non-epic
Today s Session Sponsored by Please think of questions to ask our panelists Scott Stuewe Director, Cerner Network Chair of the Commonwell Health Alliance Program Management Committee Gavin O brien Computer Scientist at the National Institute of Standards and Technology (NIST) Kurt Grutzmacher Technical Director, Offensive Security Scenarios Peter DeVault Director of Interoperability, Epic HIT Policy Committee s Information Exchange Workgroup
Final Audience Q&A Thank you!!! Today s Session Sponsored by