{"product_id":"do-no-harm-isbn-9781119794028","title":"Do No Harm","description":"\u003cp\u003e\u003cb\u003eDiscover the security risks that accompany the widespread adoption of new medical devices and how to mitigate them\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIn \u003ci\u003eDo No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States\u003c\/i\u003e, cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.\u003c\/p\u003e \u003cp\u003eYou'll learn how the high barriers to entry for innovation in the field of healthcare are impeding necessary change and how innovation accessibility must be balanced against regulatory compliance and privacy to ensure safety.\u003c\/p\u003e \u003cp\u003eIn this important book, the author describes:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eThe increasing expansion of medical devices and the dark side of the high demand for medical devices\u003c\/li\u003e \u003cli\u003eThe medical device regulatory landscape and the dilemmas hospitals find themselves in with respect medical devices\u003c\/li\u003e \u003cli\u003ePractical steps that individuals and businesses can take to encourage the adoption of safe and helpful medical devices or mitigate the risk of having insecure medical devices\u003c\/li\u003e \u003cli\u003eHow to help individuals determine the difference between protected health information and the information from health devices—and protecting your data\u003c\/li\u003e \u003cli\u003eHow to protect your health information from cell phones and applications that may push the boundaries of personal privacy\u003c\/li\u003e \u003cli\u003eWhy cybercriminals can act with relative impunity against hospitals and other organizations\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003ePerfect for healthcare professionals, system administrators, and medical device researchers and developers, \u003ci\u003eDo No Harm\u003c\/i\u003e is an indispensable resource for anyone interested in the intersection of patient privacy, cybersecurity, and the world of Internet of Medical Things.\u003c\/p\u003e \u003cp\u003ePreface xviii\u003c\/p\u003e \u003cp\u003eIntroduction xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Defining the Challenge 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 The Darker Side of High Demand 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eConnected Medical Device Risks 4\u003c\/p\u003e \u003cp\u003eRansomware 4\u003c\/p\u003e \u003cp\u003eRisks to Data 7\u003c\/p\u003e \u003cp\u003eEscalating Demand 10\u003c\/p\u003e \u003cp\u003eTypes of Internet-Connected Medical Devices 11\u003c\/p\u003e \u003cp\u003eCOVID-19 Trending Influences 12\u003c\/p\u003e \u003cp\u003eBy the Numbers 13\u003c\/p\u003e \u003cp\u003eTelehealth 15\u003c\/p\u003e \u003cp\u003eHome Healthcare 15\u003c\/p\u003e \u003cp\u003eRemote Patient Monitoring 16\u003c\/p\u003e \u003cp\u003eThe Road to High Risk 16\u003c\/p\u003e \u003cp\u003eInnovate or Die 19\u003c\/p\u003e \u003cp\u003eIn Summary 26\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 The Internet of Medical Things in Depth 27\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Medical Things? 28\u003c\/p\u003e \u003cp\u003eTelemedicine 29\u003c\/p\u003e \u003cp\u003eData Analytics 30\u003c\/p\u003e \u003cp\u003eHistorical IoMT Challenges 31\u003c\/p\u003e \u003cp\u003eIoMT Technology 36\u003c\/p\u003e \u003cp\u003eElectronic Boards 36\u003c\/p\u003e \u003cp\u003eOperating Systems 37\u003c\/p\u003e \u003cp\u003eSoftware Development 38\u003c\/p\u003e \u003cp\u003eWireless 39\u003c\/p\u003e \u003cp\u003eWired Connections 43\u003c\/p\u003e \u003cp\u003eThe Cloud 43\u003c\/p\u003e \u003cp\u003eMobile Devices and Applications 46\u003c\/p\u003e \u003cp\u003eClinal Monitors 47\u003c\/p\u003e \u003cp\u003eWebsites 48\u003c\/p\u003e \u003cp\u003ePutting the Pieces Together 48\u003c\/p\u003e \u003cp\u003eCurrent IoMT Challenges 48\u003c\/p\u003e \u003cp\u003eIn Summary 50\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 It is a Data-Centric World 53\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Volume of Health Data 53\u003c\/p\u003e \u003cp\u003eData is That Important 55\u003c\/p\u003e \u003cp\u003eThis is Data Aggregation? 57\u003c\/p\u003e \u003cp\u003eNon-HIPAA Health Data? 59\u003c\/p\u003e \u003cp\u003eData Brokers 60\u003c\/p\u003e \u003cp\u003eBig Data 63\u003c\/p\u003e \u003cp\u003eData Mining Automation 68\u003c\/p\u003e \u003cp\u003eIn Summary 70\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 IoMT and Health Regulation 73\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHealth Regulation Basics 73\u003c\/p\u003e \u003cp\u003eFDA to the Rescue? 77\u003c\/p\u003e \u003cp\u003eThe Veterans Affairs and UL 2900 81\u003c\/p\u003e \u003cp\u003eIn Summary 83\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Once More into the Breach 85\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGrim Statistics 86\u003c\/p\u003e \u003cp\u003eBreach Anatomy 89\u003c\/p\u003e \u003cp\u003ePhishing, Pharming, Vishing, and Smishing 90\u003c\/p\u003e \u003cp\u003eWeb Browsing 92\u003c\/p\u003e \u003cp\u003eBlack-Hat Hacking 93\u003c\/p\u003e \u003cp\u003eIoMT Hacking 94\u003c\/p\u003e \u003cp\u003eBreach Locations 95\u003c\/p\u003e \u003cp\u003eIn Summary 95\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Say Nothing of Privacy 97\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Privacy Matters 98\u003c\/p\u003e \u003cp\u003ePrivacy History in the United States 101\u003c\/p\u003e \u003cp\u003eThe 1990s Turning Point 103\u003c\/p\u003e \u003cp\u003eHIPAA Privacy Rules 104\u003c\/p\u003e \u003cp\u003eHIPAA and Pandemic Privacy 104\u003c\/p\u003e \u003cp\u003eContact Tracing 106\u003c\/p\u003e \u003cp\u003eCorporate Temperature Screenings 107\u003c\/p\u003e \u003cp\u003eA Step Backward 107\u003c\/p\u003e \u003cp\u003eThe New Breed of Privacy Regulations 108\u003c\/p\u003e \u003cp\u003eCalifornia Consumer Privacy Act 108\u003c\/p\u003e \u003cp\u003eCCPA, AB-713, and HIPAA 109\u003c\/p\u003e \u003cp\u003eNew York SHIELD Act 111\u003c\/p\u003e \u003cp\u003eNevada Senate Bill 220 111\u003c\/p\u003e \u003cp\u003eMaine: An Act to Protect the Privacy of Online Consumer Information 112\u003c\/p\u003e \u003cp\u003eStates Striving for Privacy 112\u003c\/p\u003e \u003cp\u003eInternational Privacy Regulations 113\u003c\/p\u003e \u003cp\u003eTechnical and Operational Privacy Considerations 114\u003c\/p\u003e \u003cp\u003eNon-IT Considerations 115\u003c\/p\u003e \u003cp\u003eImpact Assessments 115\u003c\/p\u003e \u003cp\u003ePrivacy, Technology, and Security 115\u003c\/p\u003e \u003cp\u003ePrivacy Challenges 117\u003c\/p\u003e \u003cp\u003eCommon Technologies 118\u003c\/p\u003e \u003cp\u003eThe Manufacturer’s Quandary 119\u003c\/p\u003e \u003cp\u003eBad Behavior 121\u003c\/p\u003e \u003cp\u003eIn Summary 122\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 The Short Arm of the Law 123\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLegal Issues with Hacking 124\u003c\/p\u003e \u003cp\u003eWhite-Hat Hackers 125\u003c\/p\u003e \u003cp\u003eGray-Hat Hackers 125\u003c\/p\u003e \u003cp\u003eBlack-Hat Hackers 127\u003c\/p\u003e \u003cp\u003eComputer Fraud and Abuse Act 127\u003c\/p\u003e \u003cp\u003eThe Electronic Communications Privacy Act 128\u003c\/p\u003e \u003cp\u003eCybercrime Enforcement 128\u003c\/p\u003e \u003cp\u003eResults of Legal Shortcomings 131\u003c\/p\u003e \u003cp\u003eIn Summary 132\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Threat Actors and Their Arsenal 135\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Threat Actors 136\u003c\/p\u003e \u003cp\u003eAmateur Hackers 136\u003c\/p\u003e \u003cp\u003eInsiders 136\u003c\/p\u003e \u003cp\u003eHacktivists 137\u003c\/p\u003e \u003cp\u003eAdvanced Persistent Threats 138\u003c\/p\u003e \u003cp\u003eOrganized Crime 138\u003c\/p\u003e \u003cp\u003eNation-States 139\u003c\/p\u003e \u003cp\u003eNation-States’ Legal Posture 140\u003c\/p\u003e \u003cp\u003eThe Deep, Dark Internet 141\u003c\/p\u003e \u003cp\u003eTools of the Trade 143\u003c\/p\u003e \u003cp\u003eTypes of Malware 144\u003c\/p\u003e \u003cp\u003eMalware Evolution 146\u003c\/p\u003e \u003cp\u003eToo Many Strains 147\u003c\/p\u003e \u003cp\u003eMalware Construction Kits 148\u003c\/p\u003e \u003cp\u003eIn Summary 148\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Contextual Challenges and Solutions 151\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Enter Cybersecurity 153\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is Cybersecurity? 154\u003c\/p\u003e \u003cp\u003eCybersecurity Basics 154\u003c\/p\u003e \u003cp\u003eCybersecurity Evolution 156\u003c\/p\u003e \u003cp\u003eKey Disciplines in Cybersecurity 158\u003c\/p\u003e \u003cp\u003eCompliance 158\u003c\/p\u003e \u003cp\u003ePatching 160\u003c\/p\u003e \u003cp\u003eAntivirus 161\u003c\/p\u003e \u003cp\u003eNetwork Architecture 161\u003c\/p\u003e \u003cp\u003eApplication Architecture 162\u003c\/p\u003e \u003cp\u003eThreat and Vulnerability 162\u003c\/p\u003e \u003cp\u003eIdentity and Access Management 163\u003c\/p\u003e \u003cp\u003eMonitoring 164\u003c\/p\u003e \u003cp\u003eIncident Response 165\u003c\/p\u003e \u003cp\u003eDigital Forensics 166\u003c\/p\u003e \u003cp\u003eConfiguration Management 166\u003c\/p\u003e \u003cp\u003eTraining 168\u003c\/p\u003e \u003cp\u003eRisk Management 168\u003c\/p\u003e \u003cp\u003eIn Summary 169\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Network Infrastructure and IoMT 171\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIn the Beginning 172\u003c\/p\u003e \u003cp\u003eNetworking Basics: The OSI Model 173\u003c\/p\u003e \u003cp\u003eMistake: The Flat Network 175\u003c\/p\u003e \u003cp\u003eResolving the Flat Network Mistake 177\u003c\/p\u003e \u003cp\u003eAlternate Network Defensive Strategies 178\u003c\/p\u003e \u003cp\u003eNetwork Address Translation 178\u003c\/p\u003e \u003cp\u003eVirtual Private Networks 179\u003c\/p\u003e \u003cp\u003eNetwork Intrusion Detection Protection Tools 179\u003c\/p\u003e \u003cp\u003eDeep Packet Inspection 179\u003c\/p\u003e \u003cp\u003eWeb Filters 180\u003c\/p\u003e \u003cp\u003eThreat Intelligence Gateways 180\u003c\/p\u003e \u003cp\u003eOperating System Firewalls 181\u003c\/p\u003e \u003cp\u003eWireless Woes 181\u003c\/p\u003e \u003cp\u003eIn Summary 182\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Internet Services Challenges 185\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInternet Services 186\u003c\/p\u003e \u003cp\u003eNetwork Services 186\u003c\/p\u003e \u003cp\u003eWebsites 187\u003c\/p\u003e \u003cp\u003eIoMT Services 189\u003c\/p\u003e \u003cp\u003eOther Operating System Services 189\u003c\/p\u003e \u003cp\u003eOpen-Source Tools Are Safe, Right? 190\u003c\/p\u003e \u003cp\u003eCloud Services 193\u003c\/p\u003e \u003cp\u003eInternet-Related Services Challenges 194\u003c\/p\u003e \u003cp\u003eDomain Name Services 195\u003c\/p\u003e \u003cp\u003eDeprecated Services 197\u003c\/p\u003e \u003cp\u003eInternal Server as an Internet Servers 197\u003c\/p\u003e \u003cp\u003eThe Evolving Enterprise 198\u003c\/p\u003e \u003cp\u003eIn Summary 199\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 IT Hygiene and Cybersecurity 201\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe IoMT Blues 202\u003c\/p\u003e \u003cp\u003eIoMT and IT Hygiene 202\u003c\/p\u003e \u003cp\u003ePast Their Prime 203\u003c\/p\u003e \u003cp\u003eSelecting IoMT 203\u003c\/p\u003e \u003cp\u003eIoMT as Workstations 204\u003c\/p\u003e \u003cp\u003eMixing IoMT with IoT 204\u003c\/p\u003e \u003cp\u003eThe Drudgery of Patching 206\u003c\/p\u003e \u003cp\u003eMature Patching Process 207\u003c\/p\u003e \u003cp\u003eIoMT Patching 208\u003c\/p\u003e \u003cp\u003eWindows Patching 208\u003c\/p\u003e \u003cp\u003eLinux Patching 209\u003c\/p\u003e \u003cp\u003eMobile Device Patching 209\u003c\/p\u003e \u003cp\u003eFinal Patching Thoughts 210\u003c\/p\u003e \u003cp\u003eAntivirus is Enough, Right? 210\u003c\/p\u003e \u003cp\u003eAntivirus Evolution 211\u003c\/p\u003e \u003cp\u003eSolution Interconnectivity 211\u003c\/p\u003e \u003cp\u003eAntivirus in Nooks and Crannies 212\u003c\/p\u003e \u003cp\u003eAlternate Solutions 213\u003c\/p\u003e \u003cp\u003eIoMT and Antivirus 214\u003c\/p\u003e \u003cp\u003eThe Future of Antivirus 215\u003c\/p\u003e \u003cp\u003eAntivirus Summary 215\u003c\/p\u003e \u003cp\u003eMisconfigurations Galore 215\u003c\/p\u003e \u003cp\u003eThe Process for Making Changes 216\u003c\/p\u003e \u003cp\u003eHave a Configuration Strategy 217\u003c\/p\u003e \u003cp\u003eIoMT Configurations 218\u003c\/p\u003e \u003cp\u003eWindows System Configurations 218\u003c\/p\u003e \u003cp\u003eLinux Configurations 219\u003c\/p\u003e \u003cp\u003eApplication Configurations 219\u003c\/p\u003e \u003cp\u003eFirewall Configurations 220\u003c\/p\u003e \u003cp\u003eMobile Device Misconfigurations 220\u003c\/p\u003e \u003cp\u003eDatabase Configurations 221\u003c\/p\u003e \u003cp\u003eConfiguration Drift 222\u003c\/p\u003e \u003cp\u003eConfiguration Tools 222\u003c\/p\u003e \u003cp\u003eException Management 223\u003c\/p\u003e \u003cp\u003eEnterprise Considerations 224\u003c\/p\u003e \u003cp\u003eIn Summary 224\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Identity and Access Management 227\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMinimal Identity Practices 228\u003c\/p\u003e \u003cp\u003eLocal Accounts 229\u003c\/p\u003e \u003cp\u003eDomain\/Directory Accounts 229\u003c\/p\u003e \u003cp\u003eService Accounts 230\u003c\/p\u003e \u003cp\u003eIoMT Accounts 230\u003c\/p\u003e \u003cp\u003ePhysical Access Accounts 231\u003c\/p\u003e \u003cp\u003eCloud Accounts 231\u003c\/p\u003e \u003cp\u003eConsultants, Contractors, and Vendor Accounts 232\u003c\/p\u003e \u003cp\u003eIdentity Governance 232\u003c\/p\u003e \u003cp\u003eAuthentication 233\u003c\/p\u003e \u003cp\u003ePassword Pain 233\u003c\/p\u003e \u003cp\u003eMulti-factor Authentication 236\u003c\/p\u003e \u003cp\u003eHard Tokens 236\u003c\/p\u003e \u003cp\u003eSoft Tokens 237\u003c\/p\u003e \u003cp\u003eAuthenticator Applications 238\u003c\/p\u003e \u003cp\u003eShort Message Service 238\u003c\/p\u003e \u003cp\u003eQR Codes 238\u003c\/p\u003e \u003cp\u003eOther Authentication Considerations 239\u003c\/p\u003e \u003cp\u003eDealing with Password Pain 239\u003c\/p\u003e \u003cp\u003eMFA Applicability 240\u003c\/p\u003e \u003cp\u003eAging Systems 240\u003c\/p\u003e \u003cp\u003ePrivileged Access Management 240\u003c\/p\u003e \u003cp\u003eRoles 241\u003c\/p\u003e \u003cp\u003ePassword Rotation 242\u003c\/p\u003e \u003cp\u003eMFA Access 242\u003c\/p\u003e \u003cp\u003eAdding Network Security 242\u003c\/p\u003e \u003cp\u003eOther I\u0026amp;AM Technologies 243\u003c\/p\u003e \u003cp\u003eIdentity Centralization 243\u003c\/p\u003e \u003cp\u003eIdentity Management 244\u003c\/p\u003e \u003cp\u003eIdentity Governance Tools 244\u003c\/p\u003e \u003cp\u003ePassword Tools 244\u003c\/p\u003e \u003cp\u003eIn Summary 245\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Threat and Vulnerability 247\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eVulnerability Management 248\u003c\/p\u003e \u003cp\u003eTraditional Infrastructure Vulnerability Scans 248\u003c\/p\u003e \u003cp\u003eTraditional Application Vulnerability Scans 249\u003c\/p\u003e \u003cp\u003eIoMT Vulnerability Challenges 249\u003c\/p\u003e \u003cp\u003eRating Vulnerabilities 250\u003c\/p\u003e \u003cp\u003eVulnerability Management Strategies 251\u003c\/p\u003e \u003cp\u003eAsset Exposure 251\u003c\/p\u003e \u003cp\u003eImportance 252\u003c\/p\u003e \u003cp\u003eCompensating Controls 252\u003c\/p\u003e \u003cp\u003eZero-Day Vulnerabilities 252\u003c\/p\u003e \u003cp\u003eLess-Documented Vulnerabilities 253\u003c\/p\u003e \u003cp\u003ePutting It All Together 253\u003c\/p\u003e \u003cp\u003eAdditional Vulnerability Management Uses 254\u003c\/p\u003e \u003cp\u003ePenetration Testing 254\u003c\/p\u003e \u003cp\u003eWhat Color Box? 255\u003c\/p\u003e \u003cp\u003eWhat Color Team? 255\u003c\/p\u003e \u003cp\u003ePenetration Testing Phases 256\u003c\/p\u003e \u003cp\u003eScope 256\u003c\/p\u003e \u003cp\u003eReconnaissance 256\u003c\/p\u003e \u003cp\u003eVulnerability Assessments 257\u003c\/p\u003e \u003cp\u003eThe Actual Penetration Test 257\u003c\/p\u003e \u003cp\u003eReporting 258\u003c\/p\u003e \u003cp\u003ePenetration Testing Strategies 258\u003c\/p\u003e \u003cp\u003eCloud Considerations 258\u003c\/p\u003e \u003cp\u003eNew Tools of an Old Trade 259\u003c\/p\u003e \u003cp\u003eMITRE ATT\u0026amp;CK Framework 259\u003c\/p\u003e \u003cp\u003eBreach and Attack Simulation 259\u003c\/p\u003e \u003cp\u003eCrowd Source Penetration Testing 260\u003c\/p\u003e \u003cp\u003eCalculating Threats 260\u003c\/p\u003e \u003cp\u003eIn Summary 261\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Data Protection 263\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eData Governance 264\u003c\/p\u003e \u003cp\u003eData Governance: Ownership 264\u003c\/p\u003e \u003cp\u003eData Governance: Lifecycle 265\u003c\/p\u003e \u003cp\u003eData Governance: Encryption 265\u003c\/p\u003e \u003cp\u003eData Governance: Data Access 267\u003c\/p\u003e \u003cp\u003eClosing Thoughts 268\u003c\/p\u003e \u003cp\u003eData Loss Prevention 268\u003c\/p\u003e \u003cp\u003eFragmented DLP Solutions 269\u003c\/p\u003e \u003cp\u003eDLP Challenges 270\u003c\/p\u003e \u003cp\u003eEnterprise Encryption 270\u003c\/p\u003e \u003cp\u003eFile Encryption 271\u003c\/p\u003e \u003cp\u003eEncryption Gateways 271\u003c\/p\u003e \u003cp\u003eData Tokenization 272\u003c\/p\u003e \u003cp\u003eIn Summary 273\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Incident Response and Forensics 275\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefining the Context 276\u003c\/p\u003e \u003cp\u003eLogs 277\u003c\/p\u003e \u003cp\u003eAlerts 278\u003c\/p\u003e \u003cp\u003eSIEM Alternatives 279\u003c\/p\u003e \u003cp\u003eIncidents 280\u003c\/p\u003e \u003cp\u003eBreaches 281\u003c\/p\u003e \u003cp\u003eIncident Response 281\u003c\/p\u003e \u003cp\u003eEvidence Handling 282\u003c\/p\u003e \u003cp\u003eForensic Tools 283\u003c\/p\u003e \u003cp\u003eAutomation 283\u003c\/p\u003e \u003cp\u003eEDR and MDR 284\u003c\/p\u003e \u003cp\u003eIoMT Challenges 284\u003c\/p\u003e \u003cp\u003eLessons Learned 285\u003c\/p\u003e \u003cp\u003eIn Summary 285\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 A Matter of Life, Death, and Data 287\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOrganizational Structure 288\u003c\/p\u003e \u003cp\u003eBoard of Directors 288\u003c\/p\u003e \u003cp\u003eChief Executive Officer 289\u003c\/p\u003e \u003cp\u003eChief Information Officer 289\u003c\/p\u003e \u003cp\u003eGeneral Counsel 290\u003c\/p\u003e \u003cp\u003eChief Technology Officer 290\u003c\/p\u003e \u003cp\u003eChief Medical Technology Officer 290\u003c\/p\u003e \u003cp\u003eChief Information Security Officer 291\u003c\/p\u003e \u003cp\u003eChief Compliance Officer 291\u003c\/p\u003e \u003cp\u003eChief Privacy Officer 291\u003c\/p\u003e \u003cp\u003eReporting Structures 292\u003c\/p\u003e \u003cp\u003eCommittees 293\u003c\/p\u003e \u003cp\u003eRisk Management 294\u003c\/p\u003e \u003cp\u003eRisk Frameworks 294\u003c\/p\u003e \u003cp\u003eDetermining Risk 295\u003c\/p\u003e \u003cp\u003eThird-Party Risk 296\u003c\/p\u003e \u003cp\u003eRisk Register 297\u003c\/p\u003e \u003cp\u003eEnterprise Risk Management 297\u003c\/p\u003e \u003cp\u003eFinal Thoughts on Risk Management 298\u003c\/p\u003e \u003cp\u003eMindset Challenges 298\u003c\/p\u003e \u003cp\u003eThe Compliance-Only Mindset 298\u003c\/p\u003e \u003cp\u003eCost Centers 299\u003c\/p\u003e \u003cp\u003eUs Versus Them 300\u003c\/p\u003e \u003cp\u003eThe Shiny Object Syndrome 300\u003c\/p\u003e \u003cp\u003eNever Disrupt the Business 301\u003c\/p\u003e \u003cp\u003eIt’s Just an IT Problem 301\u003c\/p\u003e \u003cp\u003eTools over People 303\u003c\/p\u003e \u003cp\u003eWe Are Not a Target 303\u003c\/p\u003e \u003cp\u003eThe Bottom Line 304\u003c\/p\u003e \u003cp\u003eFinal Mindset Challenges 304\u003c\/p\u003e \u003cp\u003eDecision-Making 304\u003c\/p\u003e \u003cp\u003eA Measured View 305\u003c\/p\u003e \u003cp\u003eCommunication is Key 306\u003c\/p\u003e \u003cp\u003eEnterprise Risk Management 307\u003c\/p\u003e \u003cp\u003eWriting and Sign-Off 308\u003c\/p\u003e \u003cp\u003eData Protection Considerations 308\u003c\/p\u003e \u003cp\u003eIn Summary 309\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III Looking Forward 311\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Seeds of Change 313\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Shifting Legal Landscape 314\u003c\/p\u003e \u003cp\u003eAttention on Data Brokers 314\u003c\/p\u003e \u003cp\u003eData Protection Agency 316\u003c\/p\u003e \u003cp\u003eIoT Legislation 317\u003c\/p\u003e \u003cp\u003ePrivacy Legislation 318\u003c\/p\u003e \u003cp\u003eA Ray of Legal Light 318\u003c\/p\u003e \u003cp\u003eInternational Agreements 319\u003c\/p\u003e \u003cp\u003ePublic-Private Partnerships 319\u003c\/p\u003e \u003cp\u003eBetter National Coordination 320\u003c\/p\u003e \u003cp\u003eInternational Cooperation 322\u003c\/p\u003e \u003cp\u003eTechnology Innovation 323\u003c\/p\u003e \u003cp\u003eThreat Intelligence 323\u003c\/p\u003e \u003cp\u003eMachine Learning Revisited 323\u003c\/p\u003e \u003cp\u003eZero Trust 324\u003c\/p\u003e \u003cp\u003eFinal Technology Thoughts 325\u003c\/p\u003e \u003cp\u003eLeadership Shakeups 325\u003c\/p\u003e \u003cp\u003eBlended Approaches 326\u003c\/p\u003e \u003cp\u003eIn Summary 327\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19 Doing Less Harm 329\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat IoMT Manufacturers Can Do 330\u003c\/p\u003e \u003cp\u003eCybersecurity as Differentiator 332\u003c\/p\u003e \u003cp\u003eWhat Covered Entities Can Do 332\u003c\/p\u003e \u003cp\u003eCybersecurity Decision Making 333\u003c\/p\u003e \u003cp\u003eCompliance Anyone? 334\u003c\/p\u003e \u003cp\u003eThe Tangled Web of Privacy 335\u003c\/p\u003e \u003cp\u003eAggregation of Influence 335\u003c\/p\u003e \u003cp\u003eCybersecurity Innovators 337\u003c\/p\u003e \u003cp\u003eIndustrial Control Systems Overlap 338\u003c\/p\u003e \u003cp\u003eWhat You Can Do 339\u003c\/p\u003e \u003cp\u003ePersonal Cybersecurity 339\u003c\/p\u003e \u003cp\u003ePolitics 341\u003c\/p\u003e \u003cp\u003eIn Summary 342\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 20 Changes We Need 343\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInternational Cooperation 344\u003c\/p\u003e \u003cp\u003eCovered Entities 344\u003c\/p\u003e \u003cp\u003eQuestions a Board Should Ask 345\u003c\/p\u003e \u003cp\u003eMore IoMT Security Assurances 346\u003c\/p\u003e \u003cp\u003eActive Directory Integration 347\u003c\/p\u003e \u003cp\u003eSoftware Development 347\u003c\/p\u003e \u003cp\u003eIndependent Measures 348\u003c\/p\u003e \u003cp\u003eIn Summary 348\u003c\/p\u003e \u003cp\u003eGlossary 351\u003c\/p\u003e \u003cp\u003eIndex 367\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eMATTHEW WEBSTER\u003c\/b\u003e is a Chief Information Security Officer with 25 years of IT and information security experience. During that time, he has worked with many sizes and sectors of organizations including Fortune 100. Matthew has built several security programs from the ground up, significantly reduced risk, and helped companies pass multiple types of security audits.  \u003c\/p\u003e\u003cp\u003e\u003cb\u003eMITIGATE THE SECURITY RISKS ASSOCIATED WITH NEW MEDICAL DEVICES\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAs the Internet of Medical Things (IoMT) expands in scope and importance, it’s become increasingly apparent that these convenient and useful devices also come with hidden security risks—not just to people, but to hospitals and, ultimately, our data.\u003c\/p\u003e \u003cp\u003eIn \u003ci\u003eDo No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States\u003c\/i\u003e, cybersecurity expert Matthew Webster draws on over 25 years of experience in IT and information security to walk you through an insightful exploration of the health benefits offered by the IoMT, the security risks they create, and the concrete steps you can take to protect yourself, your organization, and your patients from harm.\u003c\/p\u003e \u003cp\u003eYou’ll discover how the high barriers for protecting connected medical devices interfere with lifesaving innovations that could disrupt the healthcare industry and change the way disease is treated. You’ll also learn why the healthcare industry is one in which change is desperately needed, and why that need for change must be balanced against regulatory requirements that protect patient data and health.\u003c\/p\u003e \u003cp\u003ePerfect for medical device researchers, manufacturers, business leaders, cybersecurity professionals, healthcare professionals, and system administrators, the book includes vital information for anyone interested in patient privacy, cybersecurity, and the Internet of Medical Things, including:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eThe reasons behind the expansion of the medical device industry\u003c\/li\u003e \u003cli\u003eThe dark side of the demand for IoMT devices\u003c\/li\u003e \u003cli\u003eThe regulatory landscape of IoMT devices and common roadblocks to safe adoption\u003c\/li\u003e \u003cli\u003eHow to protect health data from cell phones and commonly used applications\u003c\/li\u003e \u003cli\u003eHow the various disciplines of cybersecurity can enable hospitals and other entities to protect themselves from cybercriminals and threats from nation states who act with relative impunity\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989080359141,"sku":"NP9781119794028","price":30.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119794028.jpg?v=1761782714","url":"https:\/\/k12savings.com\/es\/products\/do-no-harm-isbn-9781119794028","provider":"K12savings","version":"1.0","type":"link"}