We've written before about our sharp and industrious intern Jessica Wilson, who hacks medical devices to learn then better and who has contributed to many parts of BlueFlow, most recently our Active Directory integration.
Medical Device Security is an Inventory Problem
Last week, the American Hospital Association (AHA) interviewed us on how to improve medical device security for its podcast to member hospitals. The AHA represents and serves all types of hospitals, health care networks, and their patients and communities in the United States. Nearly 5,000 hospitals, health care systems, networks, other providers of care and 43,000 individual members come together to form the AHA.
Our colleagues at the AHA get a lot of questions from their members on medical device security. How can a healthcare delivery organization assess the cybersecurity of its inventory of medical devices without resorting to manual entry? How much security is enough? What are the roles of ISAOs?
Topics: Asset Discovery
We have no financial relationship with Muddy Waters Research LLC, St. Jude Medical, or MedSec Ltd. We plan to release a peer-reviewed report shortly so that the greater community may analyze our findings and results.
Topics: Medical Device Security, Clinical Engineering, Healthcare IT, Medical Device Risk Assessments, Medical Device Risk Scoring, Shadow IT, Vulnerability Scanning, Clinical Databases, Asset Discovery
People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance. All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:
- raising the flag on potential issues in 2008;
- demonstrating the first attacks on a medical implant;
- signal-injection attacks in the analog domain;
- building novel nonintrusive defenses;
- organizing a series of successful workshops to bring together stakeholders for constructive discussions;
- conducting meta-analysis of postmarket security monitoring; and
- educating the National Academy of Engineering and numerous government bodies about the risks and rewards of medical device security
We read the draft guidance so that you could tl;dr and get back to your own job. Here are the highlights, as we see them.