Being a CISO for a large healthcare organization has a degree of difficulty that will give you a headache. Quite aside from all the human-related factors involved in the equation, let’s take a clinical look just at the medical technology found in a modern hospital.
To give just one example, the Mayo Clinic has:
- 63,000 doctors and allied health staff
- 25,000 networked medical devices
- More than 6,000 unique makes and models of devices
- Industry Best Practices states that each device should have a unique 20 character password for every employee on every device
- A system that locks users out after 10 minutes of inactivity
- New passwords for every employee on all devices they use every 30 days
Do the math…
That’s an unwieldy number of passwords to be created and entered monthly. In the healthcare industry, inefficiency can cost lives – and so too can a lack of security.
In this week’s episode of InSecurity, Matt Stephenson talks with Stephanie Domas, Vice President of Research & Development at MedSec. Her job is to oversee the design and manufacture of connected medical device solutions that save lives and also remain secure. File this one under “be careful what you wish for…”
About Stephanie Domas
Stephanie Domas is a leader and respected industry authority in healthcare and device cybersecurity. Her passion for cybersecurity, secure product design, and healthcare has earned her industry recognition and presentations at dozens of cybersecurity and healthcare conferences.
In her current role as Vice President of Research & Development at MedSec, she leads business strategy, engineering, and research teams to deliver service and product offerings that help the Healthcare community meet the unique challenges of securing medical devices. Her current focus is leading product cybersecurity teams, software development teams, and business strategy for a wide range of services and product offerings, along with implementing security governance programs into quality systems and design processes.
Stephanie has presented security talks at some of the most important events in the world, including Black Hat, DEFCON, DerbyCon, and a myriad of notable Healthcare conferences. Make sure to check out Stephanie’s Ted Talk: Protecting Medical Devices from Cyberharm.
About Matt Stephenson
Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity Podcast and host of CylanceTV
Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before.