The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.
UL 2900-2-1 calls for the secure design and security testing of medical devices. What does the FDA’s adoption of the standard mean for your development team?
FDA cybersecurity guidance is informed by a long list of standards and recommendations. How can manufacturers translate these documents into practices?
Posted in Healthcare Security | Comments Off on Complex but helpful: Negotiating FDA guidance to build a cybersecurity program
Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then.
The Internet of Things is all around us. But it doesn’t stop there—now it’s inside us too. As the era of “connected everything” explodes, so does the use of network-connected medical devices. These interconnected devices, ranging from hospital imaging equipment to implantable pacemakers to infusion pumps, help healthcare providers and patients in a variety of tasks—monitoring vitals, regulating dosages, improving diagnostics, and more. But the convenience of this functionality comes with a trade-off: vulnerability. If attackers gain access to a connected medical device, the potential consequences include severe injury and even death. Consider this:
Will the cyber security of medical devices improve with the FDA’s adoption of UL 2900-2-1? Most devices weren’t designed to be connected to the internet.
It’s never good news to find out that both your personal and clinical information could be compromised by the software platform your healthcare provider is using.
What makes medical devices hackable? The same thing that makes websites hackable: software vulnerabilities. But the consequences are far worse than stolen data.
The FDA’s adoption of UL 2900-2-1 as a consensus standard for premarket certification of medical devices means the world is about to change—for the better.
We keep hearing that privacy is dead. But there is a good chance that a lot of us still aren’t aware of just how dead. So this week Synopsys presented codenomi-con, in connection with the Black Hat conference in Las Vegas, offering reminders about that reality in both government and the private sector. At the most exclusive cyber security event of the year, Black Hat attendees networked and boosted their data privacy knowledge. Codenomi-con, whose agenda was packed full of experts in both cyber security and data privacy, kick-started Black Hat. Your data should be private, but is it? Cyrus Farivar, senior tech policy reporter at Ars Technica and one of those who are very much aware, presented the government’s role in data privacy in a keynote based on his most recent book, “Habeas Data.”