Sign up to save your podcasts
Or
Share Traceability in Cyber Security: Lessons Learned from the Medical Sector | A Conversation with Kostas Papapanagiotou | Redefining CyberSecurity with Sean Martin
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Traceability in Cyber Security: Lessons Learned from the Medical Sector | A Conversation with Kostas Papapanagiotou | Redefining CyberSecurity with Sean Martin
Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.
On LinkedIn | https://www.linkedin.com/in/kpapapan/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors
___________________________
Episode Notes
Cybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.
No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.
Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.
Furthermore, Kostas points out that regulations like the FDA’s post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.
Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.
The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.
This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.
___________________________
Sponsors
Imperva: https://itspm.ag/imperva277117988
LevelBlue: https://itspm.ag/attcybersecurity-3jdk3
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Traceability in cyber security: lessons learned from the medical sector (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTbW/traceability-in-cyber-security-lessons-learned-from-the-medical-sector
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By Sean Martin, ITSPmagazine
5
33 ratings
Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.
On LinkedIn | https://www.linkedin.com/in/kpapapan/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors
___________________________
Episode Notes
Cybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.
No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.
Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.
Furthermore, Kostas points out that regulations like the FDA’s post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.
Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.
The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.
This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.
___________________________
Sponsors
Imperva: https://itspm.ag/imperva277117988
LevelBlue: https://itspm.ag/attcybersecurity-3jdk3
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Traceability in cyber security: lessons learned from the medical sector (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTbW/traceability-in-cyber-security-lessons-learned-from-the-medical-sector
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like Redefining CyberSecurity
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
Smashing Security
322 Listeners
ITSPmagazine
31 Listeners
Darknet Diaries
7,999 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Hard Fork
5,479 Listeners
The Ezra Klein Show
16,097 Listeners
Cybersecurity Where You Are (video)
13 Listeners
Audio Signals Podcast
2 Listeners
HBR On Leadership
158 Listeners
Stories From Space
4 Listeners
Redefining Society and Technology Podcast
0 Listeners