Feb 4, 2019
Stephanie Domas: Maybe Your Pacemaker Can’t Kill You
48 min

Stephanie Domas: Maybe Your Pacemaker Can’t Kill You 

Being a CISO for a large healthcare organization has a degree of difficulty that will give you a headache. For a second… forget about the fact that hospitals are here to heal, cure and research. Take a cold, clinical look just at the medical technology involved in a hospital

Let’s look at one Healthcare org as an example: The Mayo Clinic has

  • 25,000 networkd medical devices
  • More than 6,000 unique makes and models
  • Industry Best Practices states that each device should have
    • A unique 20 character password
      • For every employee
      • On every device
    • A system that locks users out after 10 minutes of inactivity
    • A new passwords every 30 days
  • Mayo Clinic has 63,000 doctors, and allied health staff

Do the math... That’s around 19,000,000,000 passwords to be entered. And that’s assuming no one is automatically logged out after 10 minutes of inactivity.

In the healthcare industry, inefficiency can cost lives. But so can a lack of security.

In this week’s episode of InSecurity, Matt Stephenson talks with Stephanie Domas. Stephanie is the Vice President of Research & Development at MedSec. Her job is to oversee the design and manufacture of connected medical device solutions that save lives, but are also secure. File this one under “be careful what you wish for.”

About Stephanie Domas

Stephanie Domas is a driven leader and respected industry authority in healthcare, and device cybersecurity. Her passion for cybersecurity, secure product design, and healthcare has earned her industry recognition and presentations at dozens of cybersecurity and healthcare conferences.  In her current role as Vice President of Research & Development at MedSec she leads business strategy, engineering and research teams to deliver service and product offerings that help the Healthcare community meet the unique challenges of cybersecurity in medical devices. Her current focus is leading product cyber security teams, software development teams, and business strategy for a wide range of services and product offerings, along with implementing security governance programs into quality systems and design process

Stephanie has presented security talks at some of the most important events in the world, including Black Hat, DEFCON, DerbyCon and a myriad of notable Healthcare conferences. Make sure to check out Stephanies Ted Talk: Protecting Medical Devices from Cyberharm 

About Matt Stephenson

Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV 

Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come

Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. 

Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as

ThreatVector InSecurity Podcasts:

iTunes/Apple Podcasts link:

GooglePlay Music link:

Make sure you Subscribe, Rate and Review!

More episodes
Clear search
Close search
Google apps
Main menu