It took a few years to make it happen, but the AAMI TIR57 “Principles for medical device security – Risk management” standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out.
New research suggests that parts of a report from a capital investment firm alleging vulnerabilities in St Jude Medical devices were inaccurate.
A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices and systems introduce. They may not be as extreme as Hollywood portrayals, but security vulnerabilities and data breaches in medical devices and systems can put patient safety at risk and expose healthcare companies to data-disclosure and HIPAA regulatory risks.
On Thursday researchers Mike Ahmadi of Synopsys and Billy Rios of WhiteScope disclosed 460 vulnerabilities in Philips Xper Connect, an optional bidirectional hospital information system (HIS) interface. 272 of these vulnerabilities they said are present in five software packages in the Xper IM Connect system software. 188 of the vulnerabilities are associated with Windows XP operating system, which is no longer supported by Microsoft.
Once again Synopsys will host an elite group of cybersecurity professionals during Black Hat for an evening of thought leadership, networking, and entertainment.
Coming on the heels of a successful “Hack the Pentagon” bug bounty program, in which one 18-year old received a $1K prize, the U.S. Federal Government is considering a similar program for healthcare.
Posted in Medical Device Security | Comments Off on Feds consider a ‘hack the FDA’ bug bounty program
A new study finds that old malware is actively being exploited in healthcare environments.
Posted in Medical Device Security | Comments Off on Old malware creates new headaches for healthcare IT
The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories) have signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches.
On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks.
Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws
In February 2016, a patient undergoing a routine cardiac catheterization procedure had to remain sedated five additional minutes while the device rebooted as the result of ant-virus scan.
Posted in Medical Device Security | Comments Off on Anti-virus scan shuts down medical device … During a procedure