Originally posted on SecurityWeek. I recently had reason to spend an overnight visit in the hospital. When friends and family left me late in the evening I was confronted with a subject that I had considered professionally but never had to face personally: the connected medical device. When software security gets personal The device that […]
Continue Reading...
Posted in Embedded Software Testing, Healthcare Security, Medical Device Security | Comments Off on Sobering thoughts when a connected medical device is connected to you
In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. The Synopsys report, Medical Device Security: An Industry Under Attack and Unprepared to […]
Continue Reading...
Posted in Application Security, Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report from Synopsys and the Ponemon Institute on medical device security. You can always join […]
Continue Reading...
Posted in Application Security, Healthcare Security, Medical Device Security | Comments Off on Fault Injection Podcast .001: Paging Dr. McCoy
Howard A. Schmidt, a friend to many in the security community, has died. A statement on his Facebook page says that he died today “in the presence of his wife and four sons … following a long battle with cancer.” Schmidt served as the White House Cybersecurity Advisor to Presidents Barack Obama and George W. […]
Continue Reading...
Posted in Fuzz Testing, Government Security, Medical Device Security, Network Security, Software Security Testing | Comments Off on Howard Schmidt, the United States’ first Cybersecurity Czar, has died
This year’s Medical Device Security 101 Conference is just days away. We’re looking forward to meeting attendees January 15-17 in sunny Lake Buena Vista, Florida. Identify, prevent, recover. We’d like to thank the University of Michigan’s Archimedes Center for Medical Device Security for hosting the two-day educational workshop. This synergistic environment explores how to identify, […]
Continue Reading...
Posted in Healthcare Security, Medical Device Security, Security Conference or Event | Comments Off on What to look forward to at the 2017 Medical Device Security 101 Conference
On Wednesday, Philips named Mike Ahmadi, Global Director of Critical Systems Security for Synopsys Software Integrity Group, to its Responsible Disclosure Hall of Honors. Responsible Disclosure, also known as Coordinated Vulnerability Disclosure, means that the first reporter of a new vulnerability has chosen to work with the vendor to demonstrate the validity of the finding […]
Continue Reading...
Posted in Medical Device Security | Comments Off on Philips honors Synopsys researcher with responsible disclosure honor
On Monday, St. Jude Medical said that it planned to set up its own medical advisory board focused on cyber-security issues affecting patient care and safety. According to the Reuters news service, the U.S. Food and Drug Administration has started an investigation into the company’s medical devices after a report in August from short-seller Muddy […]
Continue Reading...
Posted in Healthcare Security, Medical Device Security | Comments Off on St. Jude plans cyber security medical advisory board
They say that laughter is the best medicine. Dr. Kevin Fu, one of the first security researchers to test medical devices, took to the stage at this year’s CodenomiCON for a short, standup comedy routine. Nothing was safe. Fu talked about himself and about recent politics. And of course he also made fun of cybersecurity. […]
Continue Reading...
Posted in Medical Device Security, Security Conference or Event | Comments Off on The comedic stylings of Dr. Kevin Fu
Following recent vulnerabilities disclosed in medical devices, a panel of experts discussed current remediation efforts and steps toward developing industry best practices. On the CodenomiCON 2016 panel The Digital Doctors Are In – Are You Covered? moderated by Chenxi Wang, Chief Strategy Officer at Twistlock, security experts debated the challenges facing the healthcare and medical […]
Continue Reading...
Posted in Medical Device Security, Security Conference or Event | Comments Off on The digital doctors are in: Are you covered?
It took a few years to make it happen, but the AAMI TIR57 “Principles for medical device security – Risk management” standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out. It really is no surprise that the FDA […]
Continue Reading...
Posted in Medical Device Security, Security Standards and Compliance | Comments Off on AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices