David GuffreyBiomedical Cybersecurity Specialist, eCare Biomedical Device Integration Team
David Guffrey, M.S. is the Partners HealthCare Biomedical Cybersecurity Specialist. He is responsible for medical device cybersecurity research and operations efforts across the Partners HealthCare Enterprise. He conducts his medical device cybersecurity research in the MD PnP Lab. David works with diverse stakeholders across Partners including Radiology, Biomed, NetEng, NetSec, InfoSec and other departments for medical device remediation and response to global cyberattacks. He collaborates closely with Information Systems Personnel on medical device infrastructure assessment and is a leading Healthcare Delivery Organization voice on the AAMI Device Security Workgroup developing the next generation of medical device security standards. David came to the MD PnP Lab after 2.5 years as a Clinical Systems Engineer on the Partners eCare Biomedical Device Integration (PeC BMDI) Team. The PeC BMDI Team oversees the medical device data from generation at the bedside, through the networking and server systems, into the data center and medical records systems. David lead vendor/device integration projects as well as the cybersecurity and system monitoring responsibilities. David holds Masters Degrees in Biomedical Engineering and in Business Management. He has 8+ years of research experience in the neural engineering space including: brain computer interfacing and neural prosthetic systems, neural stimulation and feedback systems, virtual reality systems, signal processing, networking and server architecture design and implementation.
A true pioneer in the industry, experience first hand how the MD PnP Interoperability Lab is making interoperability the foundation of next generation patient care.
10:30 AM WORKSHOP A: ADOPT OPEN STANDARDS AND INTEROPERABLE TECHNOLOGIES TO SECURELY INTEGRATE YOUR MEDICAL DEVICE TO CLINICAL ENVIRONMENTS
Hospitals often have a lot of constraints when it comes to how the network is configured and system requirements for medical devices often vary from hospital to hospital. Though manufacturers are certainly experts when it comes to their own devices, at the enterprise level, hospitals need a clear map of device capabilities and constraints and should know how their equipment performs as part of an ecosystem made up of multiple systems and devices. Join this workshop and brainstorm with a nexus of clinicians, clinical engineers, computer scientists, hospital operations and IS Operation experts who work closely with medical device manufacturers, standards organizations, software companies, and other collaborators and
·Explore how the adoption of open standards and interoperable technologies have the potential to dramatically improve patient care
·Hear best practices to evaluate interoperability, plan future products that are interoperable and conceptualize the medical internet of things as the next generation of devices
·Discuss challenges Health IT leaders are facing to safely assemble medical device and HIT components to create a connected clinical system beyond EHR
·Walk away inspired to think about how you can contribute to the medical internet of things
·Learn about a larger body of work that’s been done that can be leveraged to accelerate your own product development so you don’t have to reinvent the wheel
Wannacry was the first significant global cyberattack that impacted critical infrastructure in multiple countries. Healthcare was not immune to this attack and medical systems across the globe were affected, most notably the UK National Health System. Healthcare cybersecurity attacks rose 320% from 2015 to 2016 according to Healthcare IT News. As the world increases its connectivity creating the Internet of Things, cybersecurity becomes increasingly crucial to robust operation of critical infrastructure. Medical devices are critical to healthcare organizations being able to provide safe and effective care. Medical devices also pose unique challenges since they touch nearly every facet of healthcare delivery including clinicians, patients, biomedical engineering personnel, information systems personnel and infrastructure. Support and maintenance of medical device systems can vary depending on the hospital department, hospital entity, organizational resources and structure and level of support provided by vendors. Design and implementation of security feature-sets and practices can vary by manufacturer and device line.
This workshop brings together experts with diverse experiences representing healthcare delivery organization (HDO) biomedical engineering and information systems and vendor quality, support and security perspectives. The goal of this workshop is to provide an overview of:
- What are lessons learned from last year’s cyberattacks?
- What is the state of the field of medical device cybersecurity from varying viewpoints?
- How do we, as healthcare delivery organizations, vendors and contractors/consultants improve the cybersecurity posture of the medical device ecosystem?