Early last year, in response to the Cybersecurity Act of 2015, the US Department of Health and Human Services (HHS) established The Health Care Industry Cybersecurity Task Force. This month the task force published its recommendations to improve healthcare cybersecurity. While non-binding (today), the recommendations should be considered a heads up to health care organizations, “covered […]
Continue Reading...
Posted in Healthcare Security, Medical Device Security
Originally posted on SecurityWeek. I recently had reason to spend an overnight visit in the hospital. When friends and family left me late in the evening I was confronted with a subject that I had considered professionally but never had to face personally: the connected medical device. When software security gets personal The device that […]
Continue Reading...
Posted in Healthcare Security, Medical Device Security
In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. The Synopsys report, Medical Device Security: An Industry Under Attack and Unprepared to […]
Continue Reading...
Posted in Medical Device Security
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report from Synopsys and the Ponemon Institute on medical device security. You can always join […]
Continue Reading...
Posted in Healthcare Security, Medical Device Security, Podcasts
On December 28, 2016, the US Food and Drug Administration (FDA) finalized its guidance on the “Postmarket Management of Cybersecurity in Medical Devices.” The release of the guidance was accompanied by an official blog post, which points out that as medical devices become increasingly sophisticated and connected, they become more prone to attack. Successful attacks can […]
Continue Reading...
Posted in Medical Device Security, Open Source Security
This year’s Medical Device Security 101 Conference is just days away. We’re looking forward to meeting attendees January 15-17 in sunny Lake Buena Vista, Florida. Identify, prevent, recover. We’d like to thank the University of Michigan’s Archimedes Center for Medical Device Security for hosting the two-day educational workshop. This synergistic environment explores how to identify, […]
Continue Reading...
Posted in Events, Healthcare Security, Medical Device Security, Webinars
Philips has named Mike Ahmadi, global director of critical systems security for Synopsys Software Integrity Group, to its Responsible Disclosure Hall of Honors. Responsible disclosure, also known as coordinated vulnerability disclosure, means that the first reporter of a new vulnerability has chosen to work with the vendor to demonstrate the validity of the finding and […]
Continue Reading...
Posted in Medical Device Security, Software Composition Analysis
On Monday, St. Jude Medical said that it planned to set up its own medical advisory board focused on cyber-security issues affecting patient care and safety. According to the Reuters news service, the U.S. Food and Drug Administration has started an investigation into the company’s medical devices after a report in August from short-seller Muddy […]
Continue Reading...
Posted in Healthcare Security, Medical Device Security
Following recent vulnerabilities disclosed in medical devices, a panel of experts discussed current remediation efforts and steps toward developing industry best practices. On the CodenomiCON 2016 panel The Digital Doctors Are In – Are You Covered? moderated by Chenxi Wang, Chief Strategy Officer at Twistlock, security experts debated the challenges facing the healthcare and medical […]
Continue Reading...
Posted in Medical Device Security, Webinars
It took a few years to make it happen, but the AAMI TIR57 “Principles for medical device security – Risk management” standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out. It really is no surprise that the FDA […]
Continue Reading...
Posted in Medical Device Security, Security Standards and Compliance