We've written before about our sharp and industrious intern Jessica Wilson, who hacks medical devices to learn then better and who has contributed to many parts of BlueFlow, most recently our Active Directory integration.
Topics: RECRUITING, Healthcare Cybersecurity, Penetration Testing
American Hospital Association Advice on cybersecurity
Medical Device Security is an Inventory Problem
Last week, the American Hospital Association (AHA) interviewed us on how to improve medical device security for its podcast to member hospitals. The AHA represents and serves all types of hospitals, health care networks, and their patients and communities in the United States. Nearly 5,000 hospitals, health care systems, networks, other providers of care and 43,000 individual members come together to form the AHA.
Our colleagues at the AHA get a lot of questions from their members on medical device security. How can a healthcare delivery organization assess the cybersecurity of its inventory of medical devices without resorting to manual entry? How much security is enough? What are the roles of ISAOs?
Visit the AHA website to listen to their podcast interview of Dr. Kevin Fu of Virta Labs.
Topics: Asset Discovery
Safety first: cybersecurity of assets on clinical networks
It's been an amazingly busy year for medical device security. In 2015, the average hospital had not heard of ransomware. (We warned of the hospital malware onslaught in 2012!) In 2016, the hospital C-suites began asking us, "Could that happen here??" after neighboring health systems were taken offline for days by malware. Duh, yes. The important question is how will you ensure that hospital operations continue to remain available to deliver patient care despite legacy capital equipment, cybersecurity risks, and the shifting threat landscape.
Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS
Pacemaker Programmers (Rogue Ones): Detecting MICS Band Intruders with Software Radio
The healthcare world is abuzz about potential vulnerabilities in cardiac implants. It seems that every few months, hackers publish yet another attack paper. We know the hospital C-suites are concerned about it, because protecting health delivery organizations is our business. The good news is that there are cost-effective ways for healthcare delivery organizations to manage many of the cybersecurity risks against implantable medical devices.
Topics: Healthcare Cybersecurity, Medical Device Security, Internet of Things / IoT
How health systems recognize cybersecurity awareness month: medical device security webinars
How is your health system recognizing October as National Cybersecurity Awareness Month? Last year, we were invited to speak in an exclusive webinar for clinical engineers and IT staff at the 12 hospitals within the University of California Health System. This year, we help hospitals recognize National Cybersecurity Awareness Month in two ways. First, we co-authored a commentary in Modern Healthcare with our colleagues from AAMI, UMHS, and BIDMC on why hospitals need better cybersecurity, not more fear. Second, we decided to make a live webinar available to any health system! To learn more, sign up for our Halloween Medical Device Security webinar.
Topics: Medical Device Security, Healthcare IoT, Healthcare IT, Clinical Information Security, Connected Medical Devices
Back to Business: Continuity of Clinical Operations
We have no financial relationship with Muddy Waters Research LLC, St. Jude Medical, or MedSec Ltd. We plan to release a peer-reviewed report shortly so that the greater community may analyze our findings and results.
Topics: Medical Device Security, Clinical Engineering, Healthcare IT, Asset Discovery, Medical Device Risk Scoring, Shadow IT, Vulnerability Scanning, Clinical Databases, Medical Device Risk Assessments
This blog post is about the long awaited fact sheet from HHS Office of Civil Rights (OCR) on ransomware, and why you should take this one seriously in terms of having an accurate inventory of networked medical devices to reduce the probability of enjoying the pleasure of reporting a breach to OCR.
Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS
Ransomware is just the tip of the iceberg.
As we roll out BlueFlow™, we wanted to take some time to share two quick graphics with you that we've used to help us frame our conversations with healthcare delivery organizations (HDOs).
Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Breaches, Network Assets, Enterprise Security, Network Security, Network Scanning, Inventory Discovery, Vulnerability Management, Downtime
FDA Postmarket Cybersecurity Guidance Respects Clinical Workflow
Last week, the Food and Drug Adminstration (FDA) closed the public comment period on the draft guidelines for Postmarket Management of Cybersecurity in Medical Devices.
Topics: FDA, Healthcare Cybersecurity, Ransomware, Medical Device Security, Clinical Security, Clinical Information Systems, Medical Device ePHI
Virta Labs Receives $750K Grant for Healthcare Security
Ann Arbor, MI, March 25, 2016 — Healthcare security company Virta Laboratories, Inc. received a $750K grant from the NSF Small Business Innovation Research (SBIR) program. Virta Labs provides solutions for hospitals and medical device manufacturers to measure and visualize exposure to cybersecurity risks without interrupting clinical workflow. The company plans to use the federal grant to extend its product lines into healthcare delivery organizations that face serious cybersecurity challenges. Virta Labs received a Phase I grant from the same program in 2015.
Topics: Healthcare Cybersecurity, NSF SBIR, Medical Device Security, Healthcare IoT, Clinical Engineering, Connected Medical Devices