We have no financial relationship with Muddy Waters Research LLC, St. Jude Medical, or MedSec Ltd. We plan to release a peer-reviewed report shortly so that the greater community may analyze our findings and results.
Topics: Medical Device Security, Clinical Engineering, Healthcare IT, Asset Discovery, Medical Device Risk Scoring, Shadow IT, Vulnerability Scanning, Clinical Databases, Medical Device Risk Assessments
This blog post is about the long awaited fact sheet from HHS Office of Civil Rights (OCR) on ransomware, and why you should take this one seriously in terms of having an accurate inventory of networked medical devices to reduce the probability of enjoying the pleasure of reporting a breach to OCR.
Ransomware is just the tip of the iceberg.
As we roll out BlueFlow™, we wanted to take some time to share two quick graphics with you that we've used to help us frame our conversations with healthcare delivery organizations (HDOs).
Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Breaches, Network Assets, Enterprise Security, Network Security, Network Scanning, Inventory Discovery, Vulnerability Management, Downtime
Last week, the Food and Drug Adminstration (FDA) closed the public comment period on the draft guidelines for Postmarket Management of Cybersecurity in Medical Devices.
Ann Arbor, MI, March 25, 2016 — Healthcare security company Virta Laboratories, Inc. received a $750K grant from the NSF Small Business Innovation Research (SBIR) program. Virta Labs provides solutions for hospitals and medical device manufacturers to measure and visualize exposure to cybersecurity risks without interrupting clinical workflow. The company plans to use the federal grant to extend its product lines into healthcare delivery organizations that face serious cybersecurity challenges. Virta Labs received a Phase I grant from the same program in 2015.
I asked our (now famous) intern Jessica to share a sampling of some of the "crazier" things she's seen during her time at Virta. Read on for a selection of her findings while poking around on some medical devices.
People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance. All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:
- raising the flag on potential issues in 2008;
- demonstrating the first attacks on a medical implant;
- signal-injection attacks in the analog domain;
- building novel nonintrusive defenses;
- organizing a series of successful workshops to bring together stakeholders for constructive discussions;
- conducting meta-analysis of postmarket security monitoring; and
- educating the National Academy of Engineering and numerous government bodies about the risks and rewards of medical device security
We read the draft guidance so that you could tl;dr and get back to your own job. Here are the highlights, as we see them.
In our last post, we brought you some information about internships at Virta Labs and our recruiting process.
Recently we've been fielding a lot of questions about internships at Virta Labs ('tis the season), and we wanted to share some answers to the questions we hear most often. We're always happy to hear from prospective candidates. tl;dr: get in touch if you're amazing and you want to take ownership of a meaningful project during an internship.
Also, keep your eyes peeled in the coming days for an interview with hacker extraordinaire and current intern Jessica Wilson.