Sponsored by
Cybersecurity and Interoperability:
Working together for Patient Safety
In his current role, Bill provides executive leadership and
oversight to Information Security programs and to the
Governance, Risk Management, and Compliance (GRC)
process, in support of CareFusion’s strategic business needs.
Before joining CareFusion, Bill’s work experience spanned
entrepreneurial start-ups, small business consulting, and
Security leadership roles for various institutions, some of
which include: EMC, Wells Fargo, On Semiconductor and
Motorola. Prior to that, Bill spent several years in the trade
publishing industry, as both a writer and editor, as well as
survived a brief descent into madness in advertising and public
relations.
Introducing our panelists
Director, Cerner Network and
Chair of the Commonwell Health Alliance Program Management
Committee
Scott Stuewe
Cerner
Today’s Session
Sponsored by
Introducing our panelists
Computer Scientist at the National Institute of Standards and
Technology (NIST) and National Cybersecurity Center of
Excellence (NCCoE)
Gavin O’brien
NIST / NCCoE
Today’s Session
Sponsored by
Introducing our panelists
Technical Director, Offensive Security Scenarios
Kurt Grutzmacher
CYLANCE
Today’s Session
Sponsored by
Introducing our panelists
Director of Interoperability
HIT Policy Committee’s Information Exchange Workgroup
Peter DeVault
Epic
Today’s Session
Sponsored by
And now…
We’d like to ask each of our panelists to
provide an introductory statement.
Introductory statement
Scott Stuewe
Today’s Session
Sponsored by
Committed to IHE
And to Interoperability
Cerner actively supports IHE efforts to foster national adoption of a consistent
set of information standards to enable interoperability of health IT systems.
1998 1st bedside medical device connection -Mayo 2003 Auto-programming for infusion pumps introduced 2007 Launched Cerner Certification Program for medical devices 2008 Industry First EHR-integrated connectivity and alerting solution to market 2009 Alarming solution introduced 2010 1st CareAware Infusion Suite implementati on -Wellspan 2011 Alarming solution integrated with nurse call system 2009
Since their inception, participated in the ONC
Health IT Policy and Standards Committee
Donated 200,000+ lines of Java code
since 2009 to the Direct Project Developed Interoperability
Certification program
2014
Demonstrated the use of FHIR standards
with Boston Children’s Hospital at HIMSS14
Participating in Argonaut Project
Created the Cerner Network business unit focused on interoperability 2007 Worked with clients to create SharedHealth, a medicaid driven HIE Deployed workflow-driven Direct capabilities to all US
clients
Safeguard doors…
Protect data at rest…
Protect data in transit…
Introductory statement
Gavin O’Brien
Today’s Session
Sponsored by
GOAL 1
PROVIDE PRACTICAL CYBERSECURITY
Help people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable
VISION
ADVANCE CYBERSECURITY A secure cyber infrastructure that inspires technological innovation and fosters economic growth
MISSION
ACCELERATE ADOPTION OF SECURE TECHNOLOGIES
Collaborate with innovators to provide real-world, standards-based
cybersecurity capabilities that address business needs
GOAL 2
INCREASE RATE OF ADOPTION
Enable companies to rapidly deploy commercially available cybersecurity technologies by reducing
technological, educational and economic barriers to adoption
GOAL 3
ACCELERATE INNOVATION
Empower innovators to creatively address businesses’ most pressing cybersecurity challenges in a state-of-the-art, collaborative environment
Welcome to the NCCoE
PARTNERSHIPS
Established in 2012 through a partnership between NIST, the State of Maryland and Montgomery County, the NCCoE meets businesses’ most pressing cybersecurity needs with reference designs that can be deployed rapidly.
NIST ITL
The NCCoE is part of the NIST Information Technology Laboratory and operates in close collaboration with the Computer Security Division. As a part of the NIST family, the center has access to a foundation of prodigious expertise, resources, relationships and experience.
NIST CYBERSECURITY THOUGHT LEADERSHIP
Cryptography Identity management Key management Risk management Secure virtualization Software assurance Security automation
Security for cloud and mobility
Hardware roots of trust Vulnerability management Secure networking
Usability and security
HEALTHCARE SECTOR PROJECTS
• EHR and Mobile Devices
• Medical Devices: Wireless Infusion Pumps
hit_nccoe@nist.gov
240-314-6800
9600 Gudelsky Drive
Rockville, MD 20850
http://nccoe.nist.gov
Introductory statement
Kurt Grutzmacher
Today’s Session
Sponsored by
Who am I?
Kurt Grutzmacher!
• Technical Director at Cylance, Inc.
• 17+ Years Offensive Security Experience
• Previous work at Cisco Systems, Pacific Gas & Electric and Federal Reserve System
• Hacker of embedded systems (aka the “Internet Of Things”)
Product/Solutions
Portfolio
• V-API • V-Forensics • V-Gateway • V-Helpdesk Detection Only • Endpoint Agent • Cloud management • Silent / small footprint • Execution Control• Detects Zero Day Malware
Detection and Protection
• Daily Activity Monitoring • Alert Processing
• Deep Malware Analysis • Weekly Alert Reports • Gap Protection
BlockPUPs & RATS
Ongoing Prevention Management
Alert Management
Services
• Services Engagement • Finds Compromised Credentials • Threat Priority • Supports All O/SDetection & Prevention Analytics
Compromise
How do we do it?
Algorithmic Science
EXTRACT
COLLECT
& CLUSTER
CLASSIFY
TRANSFORM,
VECTORIZE
& TRAIN
BAD GOOD
Introductory statement
Peter DeVault
Today’s Session
Sponsored by
54%
of the U.S. Population (174 million patients)
183 million worldwide (2.5%)
~342 customers
315,500 EHR physicians
RED
> 40% of patients are or will be covered by EpicCare
PINK
1-40% of patients are or will be covered by EpicCare
GREY
Patient Records
Exchanged Monthly