UL 2900-2-1 calls for the secure design and security testing of medical devices. What does the FDA’s adoption of the standard mean for your development team?
The Internet of Things is all around us. But it doesn’t stop there—now it’s inside us too. As the era of “connected everything” explodes, so does the use of network-connected medical devices. These interconnected devices, ranging from hospital imaging equipment to implantable pacemakers to infusion pumps, help healthcare providers and patients in a variety of tasks—monitoring vitals, regulating dosages, improving diagnostics, and more. But the convenience of this functionality comes with a trade-off: vulnerability. If attackers gain access to a connected medical device, the potential consequences include severe injury and even death. Consider this:
Will the cyber security of medical devices improve with the FDA’s adoption of UL 2900-2-1? Most devices weren’t designed to be connected to the internet.
It’s never good news to find out that both your personal and clinical information could be compromised by the software platform your healthcare provider is using.
What makes medical devices hackable? The same thing that makes websites hackable: software vulnerabilities. But the consequences are far worse than stolen data.
The FDA’s adoption of UL 2900-2-1 as a consensus standard for premarket certification of medical devices means the world is about to change—for the better.
The FDA now recognizes UL 2900-2-1 and UL 2900-1, the first guidance that sets specific criteria for cyber security testing of connected medical devices.
The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve.
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. Watch the episode below:
FUD—fear, uncertainty, and doubt—is usually met with relentless mockery in the cyber security world, since it’s sometimes used to try to frighten people into buying a product.