Software Integrity Blog

Archive for the 'Medical Device Security' Category

 

Physician hackers: Healthcare security is in critical condition

FUD—fear, uncertainty, and doubt—is usually met with relentless mockery in the cyber security world, since it’s sometimes used to try to frighten people into buying a product.

Continue Reading...

Posted in Healthcare Security & Privacy, Medical Device Security | Comments Off on Physician hackers: Healthcare security is in critical condition

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of just about every one. So you can keep “attending” for months to come. But from a small slice of it in real time: It didn’t get nearly as much buzz as the keynote from Monica Lewinsky of Bill-Clinton-and-blue-dress fame, but the message was still powerful: Behavioral analytics is changing the world of security.

Continue Reading...

Posted in Automotive Cyber Security, Medical Device Security | Comments Off on Behavioral security at RSA Conference 2018

 

6 recommendations for healthcare cybersecurity

Early last year, in response to the Cybersecurity Act of 2015, the US Department of Health and Human Services (HHS) established The Health Care Industry Cybersecurity Task Force. This month the task force published its recommendations to improve healthcare cybersecurity.

Continue Reading...

Posted in Healthcare Security & Privacy, Medical Device Security | Comments Off on 6 recommendations for healthcare cybersecurity

 

Sobering thoughts when a connected medical device is connected to you

I was recently confronted with a subject I’d considered professionally but never had to face personally: the security of connected medical devices.

Continue Reading...

Posted in Healthcare Security & Privacy, Medical Device Security | Comments Off on Sobering thoughts when a connected medical device is connected to you

 

Synopsys report finds the medical device industry vulnerable to attack

A new report investigates whether medical device makers and healthcare delivery organizations align on the need to address cyber security risks.

Continue Reading...

Posted in Healthcare Security & Privacy, Medical Device Security | Comments Off on Synopsys report finds the medical device industry vulnerable to attack

 

Medical device manufacturers and open source security vulnerabilities

On December 28, 2016, the US Food and Drug Administration (FDA) finalized its guidance on the “Postmarket Management of Cybersecurity in Medical Devices.” The release of the guidance was accompanied by an official blog post, which points out that as medical devices become increasingly sophisticated and connected, they become more prone to attack. Successful attacks can result in physical harm or even death to real people.

Continue Reading...

Posted in Medical Device Security, Open Source Security | Comments Off on Medical device manufacturers and open source security vulnerabilities

 

Philips honors Synopsys researcher with responsible disclosure honor

Philips has named Mike Ahmadi, global director of critical systems security for Synopsys Software Integrity Group, to its Responsible Disclosure Hall of Honors.

Continue Reading...

Posted in Medical Device Security, Software Composition Analysis (SCA) | Comments Off on Philips honors Synopsys researcher with responsible disclosure honor

 

AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

The FDA has formally recognized AAMI TIR57 “Principles for medical device security – Risk management” as a cybersecurity standard for medical devices.

Continue Reading...

Posted in Medical Device Security, Software Compliance, Quality & Standards | Comments Off on AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to.

Continue Reading...

Posted in Healthcare Security & Privacy, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Synopsys finds 1,418 medical device vulnerabilities in 1 product

Back in my Codenomicon days security researcher Billy Rios and I began looking at software running on medical devices using our AppCheck product (now known as Black Duck Binary Analysis). We were hoping to find a few software vulnerabilities to determine how effective our product was at finding such bugs. Once we began investigating we were quite taken aback by how many vulnerabilities were present on the medical devices. We typically saw bugs numbering in the two digit range on the low side, and into the thousands on the high side. Wow!

Continue Reading...

Posted in Medical Device Security | Comments Off on Synopsys finds 1,418 medical device vulnerabilities in 1 product