Answering The Question: What Are The Real And Frightening Risks Within Healthcare Security?
Connected medical devices are transforming healthcare. Unfortunately, security is too often an afterthought for the clinical engineering and business technology (BT) management teams implementing these revolutionary new technologies. In a recent report, Forrester predicted that 2016 will be the year we see ransomware for a medical device or wearable. This is a delicate thought, considering: 1) the Healthcare Industry is actually behind on data security compared to other industries and 2) the FBI highlighted the risk posed to medical devices in their recent public service announcement: Internet Of Things Poses Opportunities For Cyber Crime.
This research initiative seeks to answer the following: Are there real threats posed by the emergence of connected medical devices? What can you do to protect your patients and employees from life threatening breaches? Is there an underground market for medical device exploits? This research will publish in early 2016 and will be featured in my talk at the RSA Conference this March.
We are looking for research interview candidates to support this initiative, specifically security professionals working in a healthcare setting or medical device security vendors with current solutions on the market. In exchange for your time, we will provide you with a complimentary copy of the final research. While anyone who participates will have the opportunity to be listed as an interviewee in the final report, all interviews will be treated as confidential unless expressly instructed otherwise.
You don’t have to be a Forrester client to participate. Please reach out to Sal Schiano (sschiano at forrester dot com) to coordinate scheduling.
In the meantime, see my Brief: Top 10 Security Priorities For US Healthcare Organizations if you are interested in learning more about the mounting risks unique to healthcare, or see An S&R Pro's Guide To IoT Security for more on “how the Internet of Things will shatter traditional enterprise security.”