Software Integrity Blog

Archive for the 'Medical Device Security' Category

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices and systems introduce. They may not be as extreme as Hollywood portrayals, but security vulnerabilities and data breaches in medical devices and systems can put patient safety at risk and expose healthcare companies to data-disclosure and HIPAA regulatory risks.

Continue Reading...

Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Synopsys finds 460 software vulnerabilities in hospital information system

On Thursday researchers Mike Ahmadi of Synopsys and Billy Rios of WhiteScope disclosed 460 vulnerabilities in Philips Xper Connect, an optional bidirectional hospital information system (HIS) interface. 272 of these vulnerabilities they said are present in five software packages in the Xper IM Connect system software. 188 of the vulnerabilities are associated with Windows XP operating system, which is no longer supported by Microsoft.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Synopsys finds 460 software vulnerabilities in hospital information system

 

VA to adopt UL Cybersecurity Assurance Program

The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories) have signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches.

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on VA to adopt UL Cybersecurity Assurance Program

 

New hospital ransomware targets JBoss flaws

Ransomware is malicious software that encrypts data until a ransom is paid. Recently there has been a spate of attacks against healthcare organizations. On Monday, Washington-based MedStar Health had to shut down operations because of ransomware.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on New hospital ransomware targets JBoss flaws

 

Synopsys finds 1,418 medical device vulnerabilities in 1 product

Back in my Codenomicon days security researcher Billy Rios and I began looking at software running on medical devices using our AppCheck product (now known as Black Duck Binary Analysis). We were hoping to find a few software vulnerabilities to determine how effective our product was at finding such bugs. Once we began investigating we were quite taken aback by how many vulnerabilities were present on the medical devices. We typically saw bugs numbering in the two digit range on the low side, and into the thousands on the high side. Wow!

Continue Reading...

Posted in Medical Device Security | Comments Off on Synopsys finds 1,418 medical device vulnerabilities in 1 product

 

FDA clarifies medical device security

Hoping to end manufacturer responsibility around the issuance of software updates for medical devices, and whether or not such updates change the device’s compliance status, the Food & Drug Administration (FDA) last Friday released a new draft document that also calls for greater collaboration among medical device manufacturers around cybersecurity in general. The document looks at both pre-market considerations as well as post-market considerations for the mitigation of patient risk when improving the security posture of their products.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on FDA clarifies medical device security

 

What happens at Archimedes: All there is to know about medical device security

From a security viewpoint, medical devices differ from conventional web applications, mobile applications, and other types of embedded applications which security researchers commonly encounter.

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Web Application Security | Comments Off on What happens at Archimedes: All there is to know about medical device security

 

Medical app users: How safe is your personal information?

I recently attended the MobCon Digital Health conference in downtown Minneapolis, which highlighted the healthcare hot topic: mobile digital health. The sessions I attended ranged from FDA representative Bakul Patel’s on FDA’s classification of mobile apps to PhysIQ and the Mayo Clinic’s combined talk about remote care platform opportunities and challenges.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Medical app users: How safe is your personal information?

 

Medical device security: Building it in or bolting it on?

Making connected healthcare devices safer requires building security into medical devices during development, not bolting it on later or relying on patches.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Medical device security: Building it in or bolting it on?

 

Making strides in medical device security

Groups are stepping up to meet the medical device security challenge head on. Find out what developments are being made to improve medical device security.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Making strides in medical device security