The State of IoT and Medical Device Security

In his role as Regional Director at Cynerio, James is leading efforts which combat cyber-attacks on UKI Healthcare Organisations. With experience in compliance, ransomware prevention and IoT security, James and his broader Cynerio team routinely prevent attacks that threaten patients and the medical technology they rely on. Prior to his time in the cyber industry, James held roles as an EPR Implementation manager, FE Lecturer and semi-professional / professional rugby player, playing tighthead prop in Wales, England and France

In recent years’ healthcare environments have become a prime target for cybercriminals due to underfunding, lack of expertise and lagging cybersecurity practices. From WannaCry’s impact on NHS Trusts in 2017 to the HSE outage in 2021 to the hundreds of ransomware attacks that hit US hospitals on an annual basis, it is clear that cyber criminals have found a prime target. One positive by-product of these attacks is increased investigation into their root causes, impacts on patient care, resulting financial losses and a variety of other topics. This talk will focus on several recent high profile studies including “The State of IoT Device Security 2023” and “ENISA Threat Landscape: Health Sector” and a variety of other organizations including IBM, Ponemon Institute, Proofpoint, Cynerio, and CISA. As the data is presented it will include examples of attacks, the real life effects and methods that can be used to limit the impact of similar attacks today. The talk will also address the increasingly important topic of risks posed by medical devices including IoT, IoMT, OT and unmanaged IT. With quickly increasing adoption many healthcare providers are finding increased risks not just within the devices themselves, but also within their networks and broader environments. This expanding connectivity footprint is often a prime component in enabling widespread attacks that result in facility outages. Finally, and more importantly, the discussion will include insight into protections being adopted by leading healthcare organizations to reduce the spread and impact of attacks. Ranging from improved network-level detection to the use of Generative AI, all participants will have a clear understanding of common cybersecurity gaps in their environments and how to address them.