TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices



I. Information Security Background (Speaker = Kevin McDonald)

  • 1.Evolution of Medical Devices
  • 2.Living and Working in a Hostile Environment
  • 3.Attack Motivations
  • 4.Attack Vectors
  • 5.Simple Safety Strategies
  • 6.Medical Device Security in the News
  • 7.Medical Devices and Vendors
  • 8.Summary

II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran)

  • 1.Hardware Security
    • a.Double-lock Requirements
    • b.“Foreign” computer systems
    • c.Portable Device Encryption
    • d.Patient Data Storage
    • e.System Requirements
  • 2.Network Configuration
    • a.Isolating Critical Devices
    • b.Isolating Clinical Networks
    • c.Remote Access Considerations
  • 3.Software Applications / Configuration
    • a.Passwords / Screen Savers
    • b.Restricted Services / access
    • c.Software Configuration Restriction
    • d.Use of DNS to restrict accesse. Patches / Upgrades
  • 4.Awareness
    • a.Intrusion Prevention
    • b.Intrusion Detection
    • c.Threat Risk Analysis
  • 5.Conclusion

Learning Objectives:

  • 1.Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems.
  • 2.Illustrating sample practices for hardware, network, and software security.
  • 3.Discussing implementation of good IT security practices in radiation oncology.
  • 4.Understand overall risk and threats scenario in a networked environment.