The AAMI Summer Learning Series is your opportunity to gain insights from leading health technology, regulatory, and sterilization experts in an interactive virtual format. Each custom track connects you with the content most relevant to success in your role. Registration includes live streaming access and recordings of the sessions. Learn when—and where—you want this summer at an incredible value! Each webinar is worth one (1) for up to six (6) CEU's for your ACI certification, to which you will receive upon completion of the final webinar in this series.
—Includes all 6 sessions in the track!—
'Hope' Is Not a Strategy for Dealing with Legacy Medical DevicesMonday, June 15, 2:00 p.m to 3:00 p.m ET
Maintaining the cybersecurity posture of legacy medical devices is challenge faced by all healthcare technology management departments. This includes the need for establishing effective collaboration between disparate HTM and IT support staffs and services, the mixed medical and IT infrastructure elements, and the potential implications to patient care and safety—all while minimizing the security exposure of these systems in light of technical, practical, and budget limitations. This session will introduce and review common best practices that mitigate the unique risks legacy systems pose and the steps HTM, IT, manufacturers, and others can take to successfully develop security layers around these particularly vulnerable systems.
- Axel Wirth, MedCrypt
- Stephen Grimes, Strategic Healthcare Technology Associates, LLC
Medical Device Patching: Finding a Way Past the RoadblocksMonday, June 22, 2:00 p.m to 3:00 p.m ET
Conventional cybersecurity wisdom suggests that one of the simplest ways to mitigate risk is to keep systems updated. Corporate IT environments have well-established procedures for this, as evidenced by general understanding of the phrase "Patch Tuesday." But medical device environments introduce additional layers of complexity, constraints, and requirements that complicate the device patching process. This panel will give a brief presentation about the major gaps that still affect timely medical device patch rollout, followed by a forum for discussion about how both hospitals and manufacturers are approaching and addressing the “patching problem.”
- Kyle Wallace, The MITRE Corporation
- Jay Radcliffe, Thermofisher Scientific
- Keith Whitby, Mayo Clinic
Introduction to CybersecurityMonday, July 6, 2:00 p.m to 3:00 p.m ET
Today, it would be difficult to find medical device technology that does not critically depend on computer software. Network connectivity and wireless communication has transformed the delivery of patient care. The technology often enables patients to lead more normal and healthy lives. However, medical devices that rely on software (e.g., drug infusion pumps, linear accelerators, pacemakers) also inherit the pesky cybersecurity risks endemic to computing. What's special about medical devices and cybersecurity? What's hype and what's real? What can history teach us? How are international standards bodies and regulatory cybersecurity requirements changing the global manufacture of medical devices? This talk will provide a glimpse into the risks, benefits, and regulatory issues for medical device cybersecurity and innovation of trustworthy medical device software.
- Kevin Fu, PhD, University of Michigan
Considering a Discovery and Security Platform Solution? Parkland Health shares their Decision MethodologyMonday, July 13, 2:00 p.m to 3:00 p.m ET
- Thomas Finn, Medigate
- Carter Groome, First Health Advisory
- Travis Kobernick, Parkland Health & Hospital
- Jack Wagner, First Health Advisory-Cyber Health Solutions
Assessing Cybersecurity Risks Before You BuyMonday, July 20, 2:00 p.m to 3:00 p.m ET
Medical devices and systems are increasingly capable of storing patient data and connecting to healthcare networks. The ability of network-connected medical devices and systems to data presents several benefits that allow for timely and effective care. However, network-connected health technology also poses potential risks for the healthcare facility, such as increased bandwidth competition on the network, the risk of exposure to malware, system integration challenges, data storage requirements, and the possibility of losing sensitive patient data stored on the devices or system. This session will guide participants in assessing and categorizing cybersecurity risks posed by network-connected medical devices prior to procurement. Attendees will gain insights into developing policies specific to the procurement of network-connected medical devices and medical devices that store sensitive information, ensuring the procurement process accounts for established cybersecurity posture requirements, and establishing a risk assessment and acceptance strategy for medical devices.
- Megan Friel, Department of Veterans Affairs
- Steven Hughes, Department of Veterans Affairs
- Stephanie Larson, Department of Veterans Affairs
- Dema Helou, Sigma Health Consulting, LLC
Selecting and Implementing a Risk Management Solution for Connected DevicesTuesday, July 21, 2:00 p.m to 3:00 p.m ET — Rescheduled from June 29
This session will describe a case in which an integrated delivery network, software solution provider, and service provider worked together to implement a strategic medical device security program. The trio collaborated to gain executive buy in at the integrated delivery network, vetted and selected a medical device risk management platform, conducted a medical device cybersecurity program and technical assessment, and deployed the strategy. The presenters will share evaluation methodologies and provide guidance on how to successfully use the risk management platform across different domains in the health system.
- Cory Brennan, Hall Render Advisory Services
- Priyanka Upendra, Banner Health