november 1, 2019 columbia convention center€¦ · gerald auger, ph.d, medical university of south...
TRANSCRIPT
![Page 1: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/1.jpg)
November 1, 2019Columbia Convention Center
The Problem with mHealth
![Page 2: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/2.jpg)
Conflict of Interest
•Conflict of Interest DisclosureThomas Graham; CISSP, HCISPP; CISO, CynergisTek
Gerald Auger, Ph.D, Medical University of South Carolina
Have no real or apparent
conflicts of interest to report.
![Page 3: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/3.jpg)
The Problem with mHealth – Refocusing on the Patient, not the Technology
![Page 4: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/4.jpg)
Today’s Speakers
Thomas GrahamCISSP, HCISPP
CISO, CynergisTek
Gerald AugerCyber Security Architect,
Medical University of South Carolina
![Page 5: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/5.jpg)
Agenda
1
2
3
mHealth
The Problem
Behaviors
4
5
6
Compliance
What Can You Do?
Q&A
![Page 6: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/6.jpg)
What is mHealth?
• “mHealth” first used by Robert
Istepanian
• Biosensors, wearable personal tech.,
precision medicine
• Patient Data in Apps
• Real Life
![Page 7: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/7.jpg)
mHealth in Real Life
• Real Results
• Everyday Life
• Variety of Locations
• Real Time
• Don’t have to wait
• Discern Trends
• Integration
• Treatment
• Remote
![Page 8: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/8.jpg)
The Problem
Insecure IP, third parties, Bluetooth, logging, Storage, side channels, What else?Security
Number, market, attacks, valueProliferation
Functionality, operational, safeUse
“How to,” cookie cutterTraining
![Page 9: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/9.jpg)
Security
• Outside control of organizations
• Internal systems connection
• Unknown permissions
• Insufficient training
• Not just healthcare
• Who are they talking to?
• Elevated value on black market
Not just a technology issue:
![Page 10: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/10.jpg)
Proliferataion
Number
• >300K mHealth applications available (Larson, 2018)
• 20 million types of mHealth malware (Davis & Samani, 2018)
Market
• >$26 Billion (Zubaydi et al., 2015)
• >$151 Billion by 2025 (Grand View Research, 2018)
Attacks
• 18% of healthcare providers malware attacks
• 3,400 targeted threats
Value
• $50/record (Clifford, 2016)
![Page 11: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/11.jpg)
Use
Functionality• How to• Fiduciary responsibilities
Operational Only• X + Y = Z• Patients not taken into account
Safe• App/play store• Design limitations
![Page 12: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/12.jpg)
Training
How To
• Turn on
• Align sensors
• Upload data
Cookie Cutter
• Training
• Behaviors
• Performance
• Habit
• Effort
![Page 13: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/13.jpg)
Behaviors
Performance
• Does what it is supposed to
• Operates as advertised
• Younger age groups
Habit
• Repetition
• Automatic
• Older age groups (security)
Effort
• How hard is it?
• Impact on daily life
• Older age groups (use)
![Page 14: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/14.jpg)
Behaviors: Older Age Groups
Who are we talking about?
• Elderly
• Most benefit
• Least understood
Security research data
• Performance/effort
• Habit
• 70% of usage
• Reliability 90%
• Regardless of demographics other than age
![Page 15: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/15.jpg)
Compliance
HIPAA
• Grey area
– Connected to EHR
– Responsibility? Developers, administrators, users
Regulations
• CCPA & NY SHIELD
Upcoming
• U.S. House & Senate; UK
![Page 16: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/16.jpg)
What Can You Do?
Analyze your Posture
• Understand devices
• What are you doing?
• Locks on your doors
Redesign Programs
• Look beyond your internal footprint
• Focus on Security AND Functionality
Understand Patients
• Tailor
• Teach
![Page 17: November 1, 2019 Columbia Convention Center€¦ · Gerald Auger, Ph.D, Medical University of South Carolina Have no real or apparent conflicts of interest to report. The Problem](https://reader033.vdocuments.site/reader033/viewer/2022060705/607157a5dc015c7fca052144/html5/thumbnails/17.jpg)
Questions?
Thomas GrahamCISO
Gerald Auger, [email protected]
www.linkedin.com/in/geraldaugerTwitter: @Gerald.Auger