Medical Device Security 101: Event Details
The Center for Medical Device Cybersecurity is proud to host Medical Device Security 101. This full-day event, sponsored by MedCrypt and chaired by Boston Scientific's Dan Lyon and Ken Hoyme, will feature a number of speakers who will be sharing their different perspectives on medical devices and healthcare security.
Join us on April 11, 2022 from 8 am-4 pm.
Registration closes at noon at April 7, 2022.
Frequently Asked Questions
+
Where is the event being held?
The event will be held at McNamara Alumni Center at the University of Minnesota.
However, in-person attendance is at capacity. Registration remains open for those wishing to attend remotely until noon on April 7, 2022.
+
What is the cost to attend?
CMDC & Archimedes Members: $100/per person
Industry Members: $300
Academic Faculty/Staff: $200
Students: $50
+
What is the agenda for the day?
AGENDA:
8-8:30 am: Guest check-in and breakfast
8:30-8:45 am: Welcome from CMDC Managing Director, Bill Aerts
8:45-9:30 am: Kevin Fu: Update up Med Device Security from the FDA
9:30-10:15 am: Debra Bruemmer: HDO Perspective on Medical Device Security
10:15-10:30 am: Break
10:30-11:15 am: Soundharya Nagasubramanian: Elements of a Successful Product Security Program
11:15-12:00 pm: Sudar Shields & Dave Presuhn: Medical Device IoT from Selection Implementation
12:00-1:00 pm: Lunch Break
1:00-1:45 pm: Steve Christey Coley, Kyle Wallace & Matt Weir: Playbook for Threat Modeling Medical Devices
1:45-2:00 pm: Break
2:00-2:45 pm: Ed Heierman: SBOMs for Medical Devices
2:45-3:30 pm: Shannon Lantzy: Learning from the Field
3:30-4:00 pm: Wrap up and adjourn
+
Where should I park?
The closest parking ramps are the University Avenue Ramp or the Washington Avenue Ramp which each charge a $13.00 daily maximum. There is street parking located in various places around the hotel and McNamara Alumni Center that have meters that accept credit cards. The event does not validate.
For more detailed parking instructions, access the Medical Device Security 101 parking map.
+
Are there hotel accommodations nearby?
The closest hotel to the venue is The Graduate Minneapolis. You can make reservations online.
Other nearby hotels include:
Days Hotel by Wyndham- University Ave SE
Hilton Garden Inn- University area
Courtyard Minneapolis Downtown
+
What transportation options are available?
Public transportation is available through Metro Transit, which provides both Light Rail Transit and public Bus Service within the Twin Cities metropolitan area. Lyft and Uber are always great options as well.
+
Is the WiFi available?
Guests attending the event in person may use the UofM-Guest network at no charge.
+
Are meals provided?
Breakfast, lunch, snacks, and beverages will be provided for all registrants.
+
Are there any current COVID restrictions on campus?
To get the most up-to-date information on masks and other COVID-19-related restrictions visit the University of Minnesota's COVID-19 page.
Learn more about each of the event speakers
+
Kevin Fu
Kevin Fu is Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity, Digital Health Center of Excellence (DHCoE). Fu is also Associate Professor of EECS at the University of Michigan where he directs the Security and Privacy Research Group. He is most known for the original 2008 cybersecurity research paper showing vulnerabilities in an implantable cardiac defibrillator by sending specially crafted radio waves to induce uncontrolled ventricular fibrillation via an unintended wireless control channel. The prescient research led to over a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies just as ransomware and other malicious software began to disrupt clinical workflow at hospitals worldwide.
Kevin was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, Fed100 Award recipient, and recipient of an IEEE Security and Privacy Test of Time Award. Fu has testified in the U.S. House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the U.S. National Academy of Medicine. He co-chaired the AAMI cybersecurity working group to create the first FDA-recognized standards to improve the security of medical device manufacturing. He founded the Archimedes Center for Healthcare and Device. Kevin serves on the Editorial Board of the Association for the Advancement of Medical Instrumentation (AAMI) on Biomedical Instrumentation & Technology. He is a founding member of the N95decon.org team for emergency reuse decontamination of N95 masks during PPE shortages. Fu served as a member of the U.S. NIST Information Security and Privacy Advisory Board and federal science advisory groups. Eleven years ago, Fu served as a visiting scientist at the U.S. Food & Drug Administration. Fu received his B.S., M.Eng., and Ph.D. from MIT.
+
Dr. Ed Heierman
Dr. Ed Heierman is a Product Cybersecurity Architect at Abbott, where he provides Abbott product development teams guidance on product cybersecurity risk assessments, cybersecurity technologies, vulnerability surveillance, and cybersecurity incident response. He led the effort to establish a product cybersecurity program for Core Diagnostics at Abbott that incorporated cybersecurity risk management into the product development lifecycle. Previously Dr. Heierman was the cybersecurity lead for Abbott’s web-based remote instrument monitoring application (Internet of Things) that provides secure remote access to diagnostic instruments installed at Abbott customer sites worldwide.
Dr. Heierman represents Abbott in the Healthcare Proof-of-Concept working group of the NTIA Software Transparency initiative (now sponsored by CISA), where he leads a team of medical device manufacturers in the effort to define SBOM content. This effort led to the creation of a how-to guide for SBOM generation.
Dr. Heierman holds a Ph.D. in Computer Science from the University of Texas at Arlington, a Master of Computer Science from the University of Texas at Arlington, and a Bachelor of Computer Science and Math from the United States Air Force Academy.
+
Shannon Lantzy
Shannon Lantzy has a 18+ year career in consulting, strategy, R&D, and technology adoption. At MedCrypt, she supports clients in identifying cybersecurity ROI, measuring success, adopting and embedding threat modeling, vulnerability process optimization, and more. In her previous position, she co-founded Booz Allen’s Secure Connected Health practice focusing on cybersecurity, digital health, patient safety. Prior to Secure Connected Health, she led Booz Allen’s Regulatory Innovation consulting practice. Her team of 25+ consultants delivered strategic transformation engagements at FDA’s product Centers. Before Booz Allen Shannon advised clients at NASA headquarters on enterprise architecture, national capability assessments, and IT strategy.
Shannon holds a PhD in Business with a focus on decision-making under uncertainty, a Masters in Information Management, and a BA in Mathematics and Philosophy, from the University of Maryland, College Park.
+
Soundharya Nagasubramanian
Soundharya Nagasubramanian leads Product security at Hillrom, now a part of Baxter. As the Director of Product Information Security, she is responsible in establishing the product security program and strategic roadmap and execution at Hillrom, now a part of Baxter. In her previous roles at Hillrom, she served as the Director of Software Architecture and Security and was responsible for architecting and securing high growth products patient monitors, diabetic retinopathy solutions and systems. Prior to that role she worked as a Director of embedded software at Welch Allyn, where she lead the execution and delivery of multi parameter patient monitors.
She is passionate about medical device security and delivery of innovative and secure products by building highly talented and collaborative teams. Having worked with the medical deviceindustry for over 20 years, she is still fascinated by the opportunity in delivering secure products that can help diagnose and treat patients.
Soundharya holds a master’s degree in biomedical engineering from Drexel University and an Executive Certificate in the Business of Life Sciences (ECBLS) from Kelley School of business, Indiana University.
+
Dave Presuhn
Dave Presuhn has been working in technology since the last millennium. In his current role, he manages the IoT system to manage medical devices for several product divisions across Boston Scientific.
+
Sudar Shields
Sudar Shields is a R&D Fellow (Systems Security Architect) at Boston Scientific. She has over 15 years of experience in the medical device industry, previously as a security engineer, systems engineer and developer. Her Master of Science degree is in Electrical Engineering.
+
Debra Bruemmer
Debra Bruemmer is a Senior Manager at Mayo Clinic within the Office of Information Security. She is accountable for leading a team to address cyber security resiliency for foundational assets (e.g. servers, workstations, applications, medical devices, IoT devices), maintain secure identity and access management practices, and uphold security principles in network segmentation. Debra received her Bachelor of Science in Finance from Winona State University, a Masters in Business Administration from Cardinal Stritch University, and is CISSP certified.
+
Steve Christey Coley
Steve Christey Coley is a Principal INFOSEC Engineer at The MITRE Corporation. He was the co-founder and technical lead of CVE, and chair of its Editorial Board from 1999 to 2015. He co-authored the "Responsible Vulnerability Disclosure Process" IETF draft and contributed to CVSS v2. He is the technical lead for the Common Weakness Enumeration (CWE), including leading the CWE Top 25 from 2009-2011. He supports FDA on medical device security, including vulnerability handling, risk assessment, threat modeling, and policy development. He co-developed the rubric for applying CVSS to medical devices. He seeks to make the cybersecurity profession more inclusive, diverse, and accessible to everybody who seeks a place in it.
+
Event Chair, Dan Lyon
Dan Lyon is an accomplished leader and engineer specialized in the security of medical devices with expertise in regulated medical devices, product security initiatives, and security/ software/ system engineering. He has worked in medical devices as both an engineer (17 years at Medtronic) and as a consultant (7 years at Cigital/Synopsys). He has worked with global medical device manufacturers to establish and mature Product Security Initiatives by creating security cultures, developing new processes, and training engineers. He has performed product security risk assessments and design reviews for numerous medical device systems, including implanted devices, infusion pumps, surgical products, patient monitors, mobile devices, mobile applications, web applications, and cloud services. Dan created content for multiple industry guidance documents on product security including AAMI TIR57, IEEE’s Software Building Code for Medical Devices, Design Flaws and Security Considerations for Telematics and Infotainment Systems and co-chaired Consumer Technology Association’s connected devices working group CTA-CEB33 – Securing Connected Devices for Consumers in the Home.
Medical Device Security 101 is a proud part of the Institute for Engineering in Medicine's (IEM) Innovation Week at the University of Minnesota. Visit the IEM Week web page to learn more about each event.
+
Kyle Wallace
Kyle Wallace is a graduate from The College of William and Mary with a PhD specializing in mobile and embedded systems security. His technical background covers a wide range of tools and techniques for working with hardware and software alike. At MITRE, he has been the Principal Investigator on two internal research projects addressing medical device security. Furthermore, he made major contributions toward developing realistic examples for the Medical Device Threat Modeling Playbook. His current work focuses on applying this guidance to build out more robust threat models for medical systems.
+
Matt Weir
Dr. Matt Weir is a principal applied cybersecurity engineer at MITRE. His background ranges from testing the security of identify and access management solutions to developing security orchestration automation and response (SOAR) solutions. Over the last three years he has focused on investigating the security of systems used in clinical settings and has partnered with several different organizations such as the Biohacking Village and the Open Ventilator Remote Monitoring group to provide outreach for creating more secure medical devices. He is also one of the authors of the Playbook for Threat Modeling Medical Devices.
Contact Information:
For questions, please email cmdc@umn.edu
About our sponsor
MedCrypt provides proactive cybersecurity solutions, services, and tools to medical device manufacturers to improve the security posture of new and deployed devices. MedCrypt offers an array of easy-to-implement solutions focusing on cryptography, vulnerability management, and security event monitoring. Our products were designed to meet the unique security needs of the medical device use case and help manufacturers meet evolving regulatory requirements.
Our team of medical device experts is laser-focused on bringing modern cybersecurity to the next generation of healthcare technology, providing benefits to business decision-makers through demonstrable return on the security investment and enabling engineers to achieve results today.