Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
November 1, 2019Columbia Convention Center
The Problem with mHealth
Conflict of Interest
•Conflict of Interest DisclosureThomas Graham; CISSP, HCISPP; CISO, CynergisTek
Gerald Auger, Ph.D, Medical University of South Carolina
Have no real or apparent
conflicts of interest to report.
The Problem with mHealth – Refocusing on the Patient, not the Technology
Today’s Speakers
Thomas GrahamCISSP, HCISPP
CISO, CynergisTek
Gerald AugerCyber Security Architect,
Medical University of South Carolina
Agenda
1
2
3
mHealth
The Problem
Behaviors
4
5
6
Compliance
What Can You Do?
Q&A
What is mHealth?
• “mHealth” first used by Robert
Istepanian
• Biosensors, wearable personal tech.,
precision medicine
• Patient Data in Apps
• Real Life
mHealth in Real Life
• Real Results
• Everyday Life
• Variety of Locations
• Real Time
• Don’t have to wait
• Discern Trends
• Integration
• Treatment
• Remote
The Problem
Insecure IP, third parties, Bluetooth, logging, Storage, side channels, What else?Security
Number, market, attacks, valueProliferation
Functionality, operational, safeUse
“How to,” cookie cutterTraining
Security
• Outside control of organizations
• Internal systems connection
• Unknown permissions
• Insufficient training
• Not just healthcare
• Who are they talking to?
• Elevated value on black market
Not just a technology issue:
Proliferataion
Number
• >300K mHealth applications available (Larson, 2018)
• 20 million types of mHealth malware (Davis & Samani, 2018)
Market
• >$26 Billion (Zubaydi et al., 2015)
• >$151 Billion by 2025 (Grand View Research, 2018)
Attacks
• 18% of healthcare providers malware attacks
• 3,400 targeted threats
Value
• $50/record (Clifford, 2016)
Use
Functionality• How to• Fiduciary responsibilities
Operational Only• X + Y = Z• Patients not taken into account
Safe• App/play store• Design limitations
Training
How To
• Turn on
• Align sensors
• Upload data
Cookie Cutter
• Training
• Behaviors
• Performance
• Habit
• Effort
Behaviors
Performance
• Does what it is supposed to
• Operates as advertised
• Younger age groups
Habit
• Repetition
• Automatic
• Older age groups (security)
Effort
• How hard is it?
• Impact on daily life
• Older age groups (use)
Behaviors: Older Age Groups
Who are we talking about?
• Elderly
• Most benefit
• Least understood
Security research data
• Performance/effort
• Habit
• 70% of usage
• Reliability 90%
• Regardless of demographics other than age
Compliance
HIPAA
• Grey area
– Connected to EHR
– Responsibility? Developers, administrators, users
Regulations
• CCPA & NY SHIELD
Upcoming
• U.S. House & Senate; UK
What Can You Do?
Analyze your Posture
• Understand devices
• What are you doing?
• Locks on your doors
Redesign Programs
• Look beyond your internal footprint
• Focus on Security AND Functionality
Understand Patients
• Tailor
• Teach
Questions?
Thomas GrahamCISO
Gerald Auger, [email protected]
www.linkedin.com/in/geraldaugerTwitter: @Gerald.Auger