1 / 11

WHISTL

WHISTL. World Health Information Security Testing Lab. Basics. Who: Federated Medical Device Cybersecurity Testing Laboratories What: Test and Reduce Exploitable Weaknesses and Attacks in Medical Devices and Systems Where: 3 Levels of Laboratory Certification

gnolte
Download Presentation

WHISTL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WHISTL World Health Information Security Testing Lab

  2. Basics • Who: Federated Medical Device Cybersecurity Testing Laboratories • What: Test and Reduce Exploitable Weaknesses and Attacks in Medical Devices and Systems • Where: 3 Levels of Laboratory Certification • Why: Reduce Vulnerability and Threat Surface in Healthcare environments related to Medical Devices

  3. Certification Levels • Level 1 – Verify and validate control and mitigation claims • Level 2 - Attempt to apply risk control mechanisms to validate control strategy efficacy • Level 3 - Simulates real attacks in a controlled environment to confirm or discover real or unknown vulnerabilities

  4. University of Vermont • HTM Shared Service • Healthcare Organizations 15-500 beds • 400+ clinics • 70,000 assets

  5. Healthcare Technology Life Cycle • Cyber Risks throughout the Lifecyle • New Installs to Patches • Assess upfront • Manage to Disposal

  6. HTLC & WHISTL Must Identify to be able to implement controls The Focus of WHISTL

  7. HTLC - WHISTL Lab Skill Challenge • Skill Sets Required • Clinical Engineering • IT • Cybersecurity • Training A Must! Collaboration

  8. The Data Gathered

  9. The Data - Challenges • Is the data? • Standardized • Comparable site to site • Complete

  10. Data Best Practice Process • Entered at the Source • Scrubbed • Reviewed & Validated • Periodic Reviews • WHISTL will depend on good data to share

  11. WHITSL Central Theme • Understand • Reduce • Control • Single device to population

More Related