• Home

  • Documents

  • Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical...
14
Cyber Security for Pharma and Medical Device Companies Thomas G.A. Brown, JD Managing Director, Global Practice Leader – Cyber Security & Investigations, Berkeley Research Group; Former AUSA, U.S. Attorney’s Office for the Southern District of New York; New York, NY Justin Herring, JD Assistant United States Attorney, United States Attorney’s Office, District of New Jersey, US Department of Justice, Newark, NJ William J. Hughes, Jr., JD, LLM Principal, Porzio, Bromberg & Newman, PC; Assistant US Attorney and Trial Attorney, US Department of Justice, Morristown, NJ (Moderator) 1

Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

Cyber Security for Pharma and Medical Device Companies

Thomas G.A. Brown, JDManaging Director, Global Practice Leader – Cyber Security & Investigations, Berkeley Research Group; Former AUSA, U.S. Attorney’s Office for the Southern District of New York; New York, NY

Justin Herring, JDAssistant United States Attorney, United States Attorney’s Office, District of New Jersey, US Department of Justice, Newark, NJ

William J. Hughes, Jr., JD, LLMPrincipal, Porzio, Bromberg & Newman, PC; Assistant US Attorney and Trial Attorney, US Department of Justice, Morristown, NJ (Moderator)

1

Page 2: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

2017 Data Breaches

2

Page 3: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

2017 Data Breaches

3

Page 4: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

2017 Data Breaches

4

Page 5: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

2017 Data Breaches

5

Page 6: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

2017 Data Breaches

6

Sept. 7, 2017

Page 7: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

Number Of Records Exposed From Reported Data Breaches in 2016

4,149 Reported Data Breaches

4.2 Billion Records

MySpace & Yahoo Data Breaches Accounted for 2.2 Billion Records Compromised

Source: Risk Based Security, 2016 Year End Data Breach Quick View Report.

7

Page 8: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

2016 Cost of a Data Breach?

Average Consolidated Cost: $4.0 Million

Cost Per Breached Record: $158

Source: Ponemon Institute, 2016 Cost of a Data Breach Study.

8

Page 9: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

What are the Sources of Data Breaches

9

Source: Risk Based Security, 2016 Year End Data Breach Quick View Report.

Page 10: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

Who is Behind the Breach?

State Actors• China• Iran• North Korea• Russia

Organized Fraud Gangs for Profit• Eastern Europe/Russia• Nigeria• ISIS/Terrorist-Based Organizations

Individual Free-Lance Hackers for Profit (Guccifer)Loosely Organized Ideology-Based Teams (Anonymous/Hacktivists)Miscellaneous Anarchists

10

Page 11: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

Data Breach Scenario: Multinational Life Sciences Company

Life Sciences Company:• Subsidiaries in Europe, South America and Asia

Computer Servers and Individual Laptops Connected to Servers• PII of Employees: SSN, Payroll, Bank Account• PII of Patients Involved in Studies• Vendor/Partner/Customer Financial Information (Bank

Accounts, Financials, FCPA Due Diligence)• Health Records of Patients Involved In Studies• Confidential Market/Strategy Information and Documents• Intellectual Property

11

Page 12: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

Data Breach Scenario: The Virus

Phishing Incident• Employee E-Mail in Europe• Infection Spreads to US

Wannacry/EternalBlue Type Virus• Computer Uploads DoublePulsar Type Virus• Hackers Gain Administrator Status• Individual Computers Frozen with Ransom Demand• Hackers Start to Mine information from Servers/Computers• Files Transferred to Hackers

12

Page 13: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

13

Page 14: Cyber Security for Pharma and Medical Device Companies · Cyber Security for Pharma and Medical Device Companies Thomas G.A . Brown, JD Managing Director, Global Practice Leader –

14


PHARMA PRESENTATION · pharma The pharma industry must fight “vendor indifference” so suppliers and services companies are not prey to cyber attacks that can lose drug companies

PHARMA PRESENTATION · pharma The pharma industry must fight “vendor indifference” so suppliers and services companies are not prey to cyber attacks that can lose drug companies

Documents
Understanding Unmet Needs in China’s Pharma and Med Device Distribution

Understanding Unmet Needs in China’s Pharma and Med Device Distribution

Business
A HYBRID CONFERENCE AND INTERNET EVENT Twentieth …pharmacomplianceforum.org/docs/Congress2019Brochure.pdfJoin pharma and device compliance professionals, in-house counsel, regulators,

A HYBRID CONFERENCE AND INTERNET EVENT Twentieth …pharmacomplianceforum.org/docs/Congress2019Brochure.pdfJoin pharma and device compliance professionals, in-house counsel, regulators,

Documents
Whitepaper Cyber-Security Trends 2015 · 2020-08-02 · Whitepaper Cyber-Security Trends 2015 Whitepaper ... Familien von unterwegs aus per Mobile Device zu managen, legen zunehmend

Whitepaper Cyber-Security Trends 2015 · 2020-08-02 · Whitepaper Cyber-Security Trends 2015 Whitepaper ... Familien von unterwegs aus per Mobile Device zu managen, legen zunehmend

Documents
Anti-Corruption Risks and Compliance for Pharma and Medical Device

Anti-Corruption Risks and Compliance for Pharma and Medical Device

Documents
Smart Device Cyber Security - Purdue University

Smart Device Cyber Security - Purdue University

Documents
The Medical Device Paradox - Cylance Inc....The Medical Device Paradox Hospital Systems and Device OEMs Race Against Time To Close the Patient Safety Cyber Gap W T PPR. Introduction

The Medical Device Paradox - Cylance Inc....The Medical Device Paradox Hospital Systems and Device OEMs Race Against Time To Close the Patient Safety Cyber Gap W T PPR. Introduction

Documents
Guideline Pharma Ratan 2018 - Rab Di Meher · GUIDELINE PHARMA RATAN 2018 ... 25 Best Pathology Lab 26 Medical Device Company 27 Best Cancer Hospital ... Mr. Sandeep Arora, C EO,

Guideline Pharma Ratan 2018 - Rab Di Meher · GUIDELINE PHARMA RATAN 2018 ... 25 Best Pathology Lab 26 Medical Device Company 27 Best Cancer Hospital ... Mr. Sandeep Arora, C EO,

Documents
Cyber Risk Management & The Medical Device Dilemma · 2019-11-19 · FALL SUMMIT 2019 Cyber Risk Management & The Medical Device Dilemma Mark Sexton, MPA, CISSP, HCISPP, CISA, CCSK

Cyber Risk Management & The Medical Device Dilemma · 2019-11-19 · FALL SUMMIT 2019 Cyber Risk Management & The Medical Device Dilemma Mark Sexton, MPA, CISSP, HCISPP, CISA, CCSK

Documents
GLOBAL CYBER SECURITY IN HEALTHCARE PHARMA SUMMIT · global cyber security in healthcare & pharma summit / blockchain in ... research & engineering, ... global cyber security in healthcare

GLOBAL CYBER SECURITY IN HEALTHCARE PHARMA SUMMIT · global cyber security in healthcare & pharma summit / blockchain in ... research & engineering, ... global cyber security in healthcare

Documents
Participating Company List · Medical device or technology Biotech - food & agriculture Biotech or pharma, therapeutic R&D United States Abcam CMO, CRO Biotech or pharma, animal health

Participating Company List · Medical device or technology Biotech - food & agriculture Biotech or pharma, therapeutic R&D United States Abcam CMO, CRO Biotech or pharma, animal health

Documents
Cyber-Physical Device Authentication for Smart Grid EV Ecosystem

Cyber-Physical Device Authentication for Smart Grid EV Ecosystem

Documents
Evolution of Cyber-liability: Mitigation - AFP Online · Evolution of Cyber-liability: Mitigation Kevin ... • Lose a laptop or other device ... Review sample contracts from its

Evolution of Cyber-liability: Mitigation - AFP Online · Evolution of Cyber-liability: Mitigation Kevin ... • Lose a laptop or other device ... Review sample contracts from its

Documents
Vehicle Cyber-Security: Carry-in Device Vulnerabilitiestrbcybersecurity.erau.edu/resources/20151030_Vehicle_Cyber... · Challenges to protect vehicle cyber security against attacks

Vehicle Cyber-Security: Carry-in Device Vulnerabilitiestrbcybersecurity.erau.edu/resources/20151030_Vehicle_Cyber... · Challenges to protect vehicle cyber security against attacks

Documents
The Sixth Asia Pacific Pharmaceutical and Medical Device ... · PDF fileThe Congress is the leading pharma and medical device compliance event in ... Reimbursement Tendering and

The Sixth Asia Pacific Pharmaceutical and Medical Device ... · PDF fileThe Congress is the leading pharma and medical device compliance event in ... Reimbursement Tendering and

Documents
Cyber Resilient Module and Building Block Requirements · 12.2.1 Scenario-Based Device Security and Management Requirements In this scenario, a device requires secure and reliable

Cyber Resilient Module and Building Block Requirements · 12.2.1 Scenario-Based Device Security and Management Requirements In this scenario, a device requires secure and reliable

Documents
PMMI 2012 Pharma-Med Device - Exec Summary

PMMI 2012 Pharma-Med Device - Exec Summary

Documents
FCC TAC Cyber Mobile Device Security TAC Cyber Mobile Device Security 11/05/2015 Version 1.0 Contents 1 Purpose 2 2 Scope

FCC TAC Cyber Mobile Device Security TAC Cyber Mobile Device Security 11/05/2015 Version 1.0 Contents 1 Purpose 2 2 Scope

Documents
The Public Perception of the Pharma, Biotech and Device ... · The Public Perception of the Pharma, Biotech and Device Sectors A Special Report Prepared for the Pharma Colloquium

The Public Perception of the Pharma, Biotech and Device ... · The Public Perception of the Pharma, Biotech and Device Sectors A Special Report Prepared for the Pharma Colloquium

Documents
Antares Pharma Investor Presentation April 2018 · Antares Pharma » Expertise in drug/device combination product regulatory filings » Two combination products approved and on the

Antares Pharma Investor Presentation April 2018 · Antares Pharma » Expertise in drug/device combination product regulatory filings » Two combination products approved and on the

Documents
GLOBAL CYBER SECURITY IN HEALTHCARE PHARMA SUMMIT · Cyber Security in Healthcare & Pharma Summit The number of cyber-attacks in healthcare is on the rise, and the industry must do

GLOBAL CYBER SECURITY IN HEALTHCARE PHARMA SUMMIT · Cyber Security in Healthcare & Pharma Summit The number of cyber-attacks in healthcare is on the rise, and the industry must do

Documents
Medical Device Cyber Security for Safer Device and ... · Medical Device Innovation, Safety and Security Consortium dalenordenberg@mdiss.org Acknowledgement All work presented has

Medical Device Cyber Security for Safer Device and ... · Medical Device Innovation, Safety and Security Consortium [email protected] Acknowledgement All work presented has

Documents
DHC Webinar PHARMA SOCIAL MEDIA BEST …...DIGITAL HEALTH COALITION • 501c3 (non-profit) based in NYC • Members include pharma, device, agencies, publishers, and technology firms

DHC Webinar PHARMA SOCIAL MEDIA BEST …...DIGITAL HEALTH COALITION • 501c3 (non-profit) based in NYC • Members include pharma, device, agencies, publishers, and technology firms

Documents
South Korea pharma and medical device companies

South Korea pharma and medical device companies

Health & Medicine
Bring Your Own Device By Cyber Security Space

Bring Your Own Device By Cyber Security Space

Technology
Wireless Cyber Assets Discovery Visualization...Wireless Cyber Assets Discovery Visualization 5 device was detected with no encryption. This device can be annotated and flagged as

Wireless Cyber Assets Discovery Visualization...Wireless Cyber Assets Discovery Visualization 5 device was detected with no encryption. This device can be annotated and flagged as

Documents
AST Device Development: The Pharma Perspective · PDF file4 Three Fundamental Challenges Need to be Addressed • Eliminate delay between drug and AST device approval • Timely data

AST Device Development: The Pharma Perspective · PDF file4 Three Fundamental Challenges Need to be Addressed • Eliminate delay between drug and AST device approval • Timely data

Documents
Evolving IoT with · Device OS Mobile Device Managment Cyber-Security PLM / ERP Cloud connection 3D DMU preparation for AR /VR Device OS Device Motion Tracking Device. Some of our

Evolving IoT with · Device OS Mobile Device Managment Cyber-Security PLM / ERP Cloud connection 3D DMU preparation for AR /VR Device OS Device Motion Tracking Device. Some of our

Documents
Pharma 4 · 2019-11-21 · Pharma 4.0 - The usual excuses ... Digital Transformation Envisioning ... syringes in place so that a plunger device would not move. Parts were made quickly

Pharma 4 · 2019-11-21 · Pharma 4.0 - The usual excuses ... Digital Transformation Envisioning ... syringes in place so that a plunger device would not move. Parts were made quickly

Documents
Pharma Change Room Lockers, Pharma Work Tables , Pharma Trolleys

Pharma Change Room Lockers, Pharma Work Tables , Pharma Trolleys

Business