Do No Harm

Do No Harm
Автор книги: id книги: 2080052     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 2419,23 руб.     (23,74$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Медицина Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119794035 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Discover the security risks that accompany the widespread adoption of new medical devices and how to mitigate them  In  Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States , cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.  You’ll learn how the high barriers to entry for innovation in the field of healthcare are impeding necessary change and how innovation accessibility must be balanced against regulatory compliance and privacy to ensure safety.  In this important book, the author describes:  The increasing expansion of medical devices and the dark side of the high demand for medical devices The medical device regulatory landscape and the dilemmas hospitals find themselves in with respect medical devices Practical steps that individuals and businesses can take to encourage the adoption of safe and helpful medical devices or mitigate the risk of having insecure medical devices How to help individuals determine the difference between protected health information and the information from health devices–and protecting your data How to protect your health information from cell phones and applications that may push the boundaries of personal privacy Why cybercriminals can act with relative impunity against hospitals and other organizations Perfect for healthcare professionals, system administrators, and medical device researchers and developers,  Do No Harm  is an indispensable resource for anyone interested in the intersection of patient privacy, cybersecurity, and the world of Internet of Medical Things.

Оглавление

Matthew Webster. Do No Harm

Table of Contents

List of Tables

List of Illustrations

Guide

Pages

Do No Harm. Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States

Introduction

What Does This Book Cover?

How to Contact the Publisher

How to Contact the Author

Part I Defining the Challenge

CHAPTER 1 The Darker Side of High Demand

Connected Medical Device Risks

Ransomware

Risks to Data

Escalating Demand

Types of Internet-Connected Medical Devices

COVID-19 Trending Influences

By the Numbers

Telehealth

Home Healthcare

Remote Patient Monitoring

The Road to High Risk

Innovate or Die

In Summary

Notes

CHAPTER 2 The Internet of Medical Things in Depth

What Are Medical Things?

Telemedicine

Data Analytics

Historical IoMT Challenges

IoMT Technology

Electronic Boards

Operating Systems

Software Development

Wireless

Wired Connections

The Cloud

Mobile Devices and Applications

Clinal Monitors

Websites

Putting the Pieces Together

Current IoMT Challenges

In Summary

Notes

CHAPTER 3 It Is a Data-Centric World

The Volume of Health Data

Data Is That Important

This Is Data Aggregation?

Non-HIPAA Health Data?

Data Brokers

Big Data

Data Mining Automation

In Summary

Notes

CHAPTER 4 IoMT and Health Regulation

Health Regulation Basics

FDA to the Rescue?

The Veterans Affairs and UL 2900

In Summary

Notes

CHAPTER 5 Once More into the Breach

Grim Statistics

Breach Anatomy

Phishing, Pharming, Vishing, and Smishing

Web Browsing

Black-Hat Hacking

IoMT Hacking

Breach Locations

In Summary

Notes

CHAPTER 6 Say Nothing of Privacy

Why Privacy Matters

Privacy History in the United States

The 1990s Turning Point

HIPAA Privacy Rules

HIPAA and Pandemic Privacy

Contact Tracing

Corporate Temperature Screenings

A Step Backward

The New Breed of Privacy Regulations

California Consumer Privacy Act

CCPA, AB-713, and HIPAA

New York SHIELD Act

Nevada Senate Bill 220

Maine: An Act to Protect the Privacy of Online Consumer Information

States Striving for Privacy

International Privacy Regulations

Technical and Operational Privacy Considerations

Non-IT Considerations

Impact Assessments

Privacy, Technology, and Security

Privacy Challenges

Common Technologies

The Manufacturer's Quandary

Bad Behavior

In Summary

Notes

CHAPTER 7 The Short Arm of the Law

Legal Issues with Hacking

White-Hat Hackers

Gray-Hat Hackers

Black-Hat Hackers

Computer Fraud and Abuse Act

The Electronic Communications Privacy Act

Cybercrime Enforcement

Results of Legal Shortcomings

In Summary

Notes

CHAPTER 8 Threat Actors and Their Arsenal

The Threat Actors

Amateur Hackers

Insiders

Hacktivists

Advanced Persistent Threats

Organized Crime

Nation-States

Nation-States' Legal Posture

The Deep, Dark Internet

Tools of the Trade

Types of Malware

Malware Evolution

Too Many Strains

Malware Construction Kits

In Summary

Notes

Part II Contextual Challenges and Solutions

CHAPTER 9 Enter Cybersecurity

What Is Cybersecurity?

Cybersecurity Basics

Cybersecurity Evolution

Key Disciplines in Cybersecurity

Compliance

Patching

Antivirus

Network Architecture

Application Architecture

Threat and Vulnerability

Identity and Access Management

Monitoring

Incident Response

Digital Forensics

Configuration Management

Training

Risk Management

In Summary

Notes

CHAPTER 10 Network Infrastructure and IoMT

In the Beginning

Networking Basics: The OSI Model

Mistake: The Flat Network

Resolving the Flat Network Mistake

Alternate Network Defensive Strategies

Network Address Translation

Virtual Private Networks

Network Intrusion Detection Protection Tools

Deep Packet Inspection

Web Filters

Threat Intelligence Gateways

Operating System Firewalls

Wireless Woes

In Summary

Notes

CHAPTER 11 Internet Services Challenges

Internet Services

Network Services

Websites

IoMT Services

Other Operating System Services

Open-Source Tools Are Safe, Right?

Cloud Services

Internet-Related Services Challenges

Domain Name Services

Deprecated Services

Internal Server as an Internet Servers

The Evolving Enterprise

In Summary

Notes

CHAPTER 12 IT Hygiene and Cybersecurity

The IoMT Blues

IoMT and IT Hygiene

Past Their Prime

Selecting IoMT

IoMT as Workstations

Mixing IoMT with IoT

The Drudgery of Patching

Mature Patching Process

IoMT Patching

Windows Patching

Linux Patching

Mobile Device Patching

Final Patching Thoughts

Antivirus Is Enough, Right?

Antivirus Evolution

Solution Interconnectivity

Antivirus in Nooks and Crannies

Alternate Solutions

IoMT and Antivirus

The Future of Antivirus

Antivirus Summary

Misconfigurations Galore

The Process for Making Changes

Have a Configuration Strategy

IoMT Configurations

Windows System Configurations

Linux Configurations

Application Configurations

Firewall Configurations

Mobile Device Misconfigurations

Database Configurations

Configuration Drift

Configuration Tools

Exception Management

Enterprise Considerations

In Summary

Notes

CHAPTER 13 Identity and Access Management

Minimal Identity Practices

Local Accounts

Domain/Directory Accounts

Service Accounts

IoMT Accounts

Physical Access Accounts

Cloud Accounts

Consultants, Contractors, and Vendor Accounts

Identity Governance

Authentication

Password Pain

Multi-factor Authentication

Hard Tokens

Soft Tokens

Authenticator Applications

Short Message Service

QR Codes

Other Authentication Considerations

Dealing with Password Pain

MFA Applicability

Aging Systems

Privileged Access Management

Roles

Password Rotation

MFA Access

Adding Network Security

Other I&AM Technologies

Identity Centralization

Identity Management

Identity Governance Tools

Password Tools

In Summary

Notes

CHAPTER 14 Threat and Vulnerability

Vulnerability Management

Traditional Infrastructure Vulnerability Scans

Traditional Application Vulnerability Scans

IoMT Vulnerability Challenges

Rating Vulnerabilities

Vulnerability Management Strategies

Asset Exposure

Importance

Compensating Controls

Zero-Day Vulnerabilities

Less-Documented Vulnerabilities

Putting It All Together

Additional Vulnerability Management Uses

Penetration Testing

What Color Box?

What Color Team?

Penetration Testing Phases

Scope

Reconnaissance

Vulnerability Assessments

The Actual Penetration Test

Reporting

Penetration Testing Strategies

Cloud Considerations

New Tools of an Old Trade

MITRE ATT&CK Framework

Breach and Attack Simulation

Crowd Source Penetration Testing

Calculating Threats

In Summary

Note

CHAPTER 15 Data Protection

Data Governance

Data Governance: Ownership

Data Governance: Lifecycle

Data Governance: Encryption

Data Governance: Data Access

Closing Thoughts

Data Loss Prevention

Fragmented DLP Solutions

DLP Challenges

Enterprise Encryption

File Encryption

Encryption Gateways

Data Tokenization

In Summary

CHAPTER 16 Incident Response and Forensics

Defining the Context

Logs

Alerts

SIEM Alternatives

Incidents

Breaches

Incident Response

Evidence Handling

Forensic Tools

Automation

EDR and MDR

IoMT Challenges

Lessons Learned

In Summary

Note

CHAPTER 17 A Matter of Life, Death, and Data

Organizational Structure

Board of Directors

Chief Executive Officer

Chief Information Officer

General Counsel

Chief Technology Officer

Chief Medical Technology Officer

Chief Information Security Officer

Chief Compliance Officer

Chief Privacy Officer

Reporting Structures

Committees

Risk Management

Risk Frameworks

Determining Risk

Third-Party Risk

Risk Register

Enterprise Risk Management

Final Thoughts on Risk Management

Mindset Challenges

The Compliance-Only Mindset

Cost Centers

Us Versus Them

The Shiny Object Syndrome

Never Disrupt the Business

It's Just an IT Problem

Tools over People

We Are Not a Target

The Bottom Line

Final Mindset Challenges

Decision-Making

A Measured View

Communication Is Key

Enterprise Risk Management

Writing and Sign-Off

Data Protection Considerations

In Summary

Part III Looking Forward

CHAPTER 18 Seeds of Change

The Shifting Legal Landscape

Attention on Data Brokers

Data Protection Agency

IoT Legislation

Privacy Legislation

A Ray of Legal Light

International Agreements

Public-Private Partnerships

Better National Coordination

International Cooperation

Technology Innovation

Threat Intelligence

Machine Learning Revisited

Zero Trust

Final Technology Thoughts

Leadership Shakeups

Blended Approaches

In Summary

Notes

CHAPTER 19 Doing Less Harm

What IoMT Manufacturers Can Do

Cybersecurity as Differentiator

What Covered Entities Can Do

Cybersecurity Decision-Making

Compliance Anyone?

The Tangled Web of Privacy

Aggregation of Influence

Cybersecurity Innovators

Industrial Control Systems Overlap

What You Can Do

Personal Cybersecurity

Politics

In Summary

Notes

CHAPTER 20 Changes We Need

International Cooperation

Covered Entities

Questions a Board Should Ask

More IoMT Security Assurances

Active Directory Integration

Software Development

Independent Measures

In Summary

Note

Glossary

Index

About the Author

Acknowledgments

Preface

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Matthew Webster

This book is about the relationships between vulnerable internet-connected medical devices, cybercriminals, and nation-state actors and how they not only take advantage of exceptionally vulnerable devices, but also profit from it.

.....

To make matters worse, in many cases the interface to the machine completely obfuscates the operating system, making it difficult to assess the underlying technology. The manufacturer can also add security on the front end of the medical devices, making it seem as though the security is high. For example, some systems will provide strong password requirements such as long password length, complexity, password rotation, and so on, making it seem as though the system is built securely. That aspect of the system may be relatively secure, but not necessarily the rest of the product.

Many of you may be thinking that this is an old issue and that operating systems are usually up to date. The hard reality is that these outdated operating systems are almost par for the course when it comes to internet-connected medical devices. Recently Palo Alto Networks put out a report demonstrating that 83% of medical imaging devices had operating systems that could not be updated.33 This is very serious as it means those operating systems have vulnerabilities that were not previously known and they cannot be remediated. From a hacker's perspective, these internet-connected medical devices are a metaphorical gold mine—not only because they have data, but also because they are relatively easy to hack—often allowing hackers to jump from one system to another within an organization.

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Do No Harm
Подняться наверх