Medical Device Security (Part 3 of 3): Program Development
The presentation will address critical components for developing and implementing an effective Medical Device Security Management Program.
Matt Dimino, Medical Device Security Consultant
Matt Dimino is an advocate to help our nation’s healthcare and public health sector recognize and prepare for tomorrow's cyber threat landscape. Mr. Dimino, HCISPP, is a medical device security consultant for CynergisTek, a top-ranked cybersecurity firm. Matt's prolific 13-year career involves roles such as clinical engineer, professor, and researcher and consultant for a non-profit public health and safety organization. Mr. Dimino holds a bachelor’s degree in clinical engineering and an MBA in healthcare and has earned numerous IT security industry certifications. Motivated by work that makes a difference, Mr. Dimino is proud to continue research and extend his expertise in the domains of education, medical device cyber threat mitigation and the implementation of prevention strategies.
Carrie Whysall, Director Managed Security Services
Carrie Whysall is the Director of Managed Security Services for CynergisTek. She is responsible for Vendor Security Management (VSM), Managed Security Service (MSS) and Medical Device Security. A healthcare veteran with over 20 years of experience in IT leadership, 12 of which have been specifically in security. Prior to joining CynergisTek, Carrie served as Senior Director of Security for Ascension Information Services, During her time there, she was part of the leadership team that implemented Ascension’s Security Operations Center (SOC) as well as the company’s eForensics, Security Training & Awareness, Medical Device Management, and Incident Response programs. Carrie was also responsible for the Access & Identity Management program which provided identity and access services for over 200,000 users across the Ascension system.
- MDS programs - Taking a lifestyle approach
- Assessing and categorizing risk
- Establishing effective policies and procedures
- Roles and responsibilities
- Threat and vulnerability assessments
- Wrap-up / QA