Software Integrity Blog

Archive for the 'Medical Device Security' Category

 

AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

It took a few years to make it happen, but the AAMI TIR57 “Principles for medical device security – Risk management” standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out.

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

 

Researchers question Muddy Water’s security report on St. Jude Medical

New research suggests that parts of a report from a capital investment firm alleging vulnerabilities in St Jude Medical devices were inaccurate.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Researchers question Muddy Water’s security report on St. Jude Medical

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices and systems introduce. They may not be as extreme as Hollywood portrayals, but security vulnerabilities and data breaches in medical devices and systems can put patient safety at risk and expose healthcare companies to data-disclosure and HIPAA regulatory risks.

Continue Reading...

Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Synopsys finds 460 software vulnerabilities in hospital information system

On Thursday researchers Mike Ahmadi of Synopsys and Billy Rios of WhiteScope disclosed 460 vulnerabilities in Philips Xper Connect, an optional bidirectional hospital information system (HIS) interface. 272 of these vulnerabilities they said are present in five software packages in the Xper IM Connect system software. 188 of the vulnerabilities are associated with Windows XP operating system, which is no longer supported by Microsoft.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Synopsys finds 460 software vulnerabilities in hospital information system

 

CodenomiCON 2016 brings elite hackers together in Las Vegas

Once again Synopsys will host an elite group of cybersecurity professionals during Black Hat for an evening of thought leadership, networking, and entertainment.

Continue Reading...

Posted in Automotive Security, Internet of Things, Medical Device Security, Security Standards and Compliance | Comments Off on CodenomiCON 2016 brings elite hackers together in Las Vegas

 

Feds consider a ‘hack the FDA’ bug bounty program

Coming on the heels of a successful “Hack the Pentagon” bug bounty program, in which one 18-year old received a $1K prize, the U.S. Federal Government is considering a similar program for healthcare.

Continue Reading...

Posted in Medical Device Security | Comments Off on Feds consider a ‘hack the FDA’ bug bounty program

 

Old malware creates new headaches for healthcare IT

A new study finds that old malware is actively being exploited in healthcare environments.

Continue Reading...

Posted in Medical Device Security | Comments Off on Old malware creates new headaches for healthcare IT

 

VA to adopt UL Cybersecurity Assurance Program

The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories) have signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches.

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on VA to adopt UL Cybersecurity Assurance Program

 

New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks.

Continue Reading...

Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws

 

Anti-virus scan shuts down medical device … During a procedure

In February 2016, a patient undergoing a routine cardiac catheterization procedure had to remain sedated five additional minutes while the device rebooted as the result of ant-virus scan.

Continue Reading...

Posted in Medical Device Security | Comments Off on Anti-virus scan shuts down medical device … During a procedure