Virta Labs Blog


Ben Ransford

CTO and Co-Founder of Virta Laboratories, Inc.
Find me on:

Recent Posts

EMU CTF and the Power of Thinking Outside the Box

Posted by Ben Ransford on Mar 8, 2017 1:00:00 PM

We've written before about our sharp and industrious intern Jessica Wilson, who hacks medical devices to learn then better and who has contributed to many parts of BlueFlow, most recently our Active Directory integration.

Read More

Topics: RECRUITING, Healthcare Cybersecurity, Penetration Testing

American Hospital Association Advice on cybersecurity

Posted by Ben Ransford on Mar 7, 2017 12:23:09 PM

Medical Device Security is an Inventory Problem

Last week, the American Hospital Association (AHA) interviewed us on how to improve medical device security for its podcast to member hospitals. The AHA represents and serves all types of hospitals, health care networks, and their patients and communities in the United States. Nearly 5,000 hospitals, health care systems, networks, other providers of care and 43,000 individual members come together to form the AHA.

Our colleagues at the AHA get a lot of questions from their members on medical device security. How can a healthcare delivery organization assess the cybersecurity of its inventory of medical devices without resorting to manual entry? How much security is enough? What are the roles of ISAOs? 

Visit the AHA website to listen to their podcast interview of Dr. Kevin Fu of Virta Labs.  

Read More

Topics: Asset Discovery

Back to Business: Continuity of Clinical Operations

Posted by Ben Ransford on Sep 6, 2016 12:53:33 PM
Virta Labs provides a managed cybersecurity service to help hospitals manage their clinical assets and ensure continuity of operations. But our team has an interesting history: we coauthored the first research on cardiac implant security in 2008 and have published extensively on medical device security since then.  As a result, we recently received a flood of technical questions unrelated to our normal menu of services. Virta Labs engineers took time away from building BlueFlow to provide a seminar, white paper, and consultations and to develop our own scientific experimental methods. We're glad that the industry is developing interest in improving medical device security as we've urged for nearly a decade. While this was a necessary and important diversion for us, we are getting back to our core business and clinical tests of BlueFlow.

We have no financial relationship with Muddy Waters Research LLC, St. Jude Medical, or MedSec Ltd. We plan to release a peer-reviewed report shortly so that the greater community may analyze our findings and results.
Read More

Topics: Medical Device Security, Clinical Engineering, Healthcare IT, Asset Discovery, Medical Device Risk Scoring, Shadow IT, Vulnerability Scanning, Clinical Databases, Medical Device Risk Assessments

FDA's Draft Guidance: The Long and the Short Of It

Posted by Ben Ransford on Jan 20, 2016 11:28:41 AM

People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance.  All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:

... among other things.  And we're thrilled to see that the FDA has taken the significant step of issuing this document.

We read the draft guidance so that you could tl;dr and get back to your own job.  Here are the highlights, as we see them.

Read More

Topics: FDA, Healthcare Cybersecurity, Medical Device Security, Clinical Engineering, Healthcare IT, Clinical Information Security