The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.
UL 2900-2-1 calls for the secure design and security testing of medical devices. What does the FDA’s adoption of the standard mean for your development team?
FDA cybersecurity guidance is informed by a long list of standards and recommendations. How can manufacturers translate these documents into practices?
Posted in Healthcare Security | Comments Off on Complex but helpful: Negotiating FDA guidance to build a cybersecurity program
Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then.
The Internet of Things is all around us. But it doesn’t stop there—now it’s inside us too. As the era of “connected everything” explodes, so does the use of network-connected medical devices. These interconnected devices, ranging from hospital imaging equipment to implantable pacemakers to infusion pumps, help healthcare providers and patients in a variety of tasks—monitoring vitals, regulating dosages, improving diagnostics, and more. But the convenience of this functionality comes with a trade-off: vulnerability. If attackers gain access to a connected medical device, the potential consequences include severe injury and even death. Consider this:
Will the cyber security of medical devices improve with the FDA’s adoption of UL 2900-2-1? Most devices weren’t designed to be connected to the internet.
It’s never good news to find out that both your personal and clinical information could be compromised by the software platform your healthcare provider is using.
What makes medical devices hackable? The same thing that makes websites hackable: software vulnerabilities. But the consequences are far worse than stolen data.
The FDA’s adoption of UL 2900-2-1 as a consensus standard for premarket certification of medical devices means the world is about to change—for the better.
The FDA now recognizes UL 2900-2-1 and UL 2900-1, the first guidance that sets specific criteria for cyber security testing of connected medical devices.