Modern Healthcare, among other outlets and blog posts, is reporting that a hacker group dubbed "Orangeworm" has been planting malware on medical devices that are critical to patient care. This post adds some perspective about some potential motivations and offers starting points for healthcare providers to respond.
How is your health system recognizing October as National Cybersecurity Awareness Month? Last year, we were invited to speak in an exclusive webinar for clinical engineers and IT staff at the 12 hospitals within the University of California Health System. This year, we help hospitals recognize National Cybersecurity Awareness Month in two ways. First, we co-authored a commentary in Modern Healthcare with our colleagues from AAMI, UMHS, and BIDMC on why hospitals need better cybersecurity, not more fear. Second, we decided to make a live webinar available to any health system! To learn more, sign up for our Halloween Medical Device Security webinar.
People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance. All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:
- raising the flag on potential issues in 2008;
- demonstrating the first attacks on a medical implant;
- signal-injection attacks in the analog domain;
- building novel nonintrusive defenses;
- organizing a series of successful workshops to bring together stakeholders for constructive discussions;
- conducting meta-analysis of postmarket security monitoring; and
- educating the National Academy of Engineering and numerous government bodies about the risks and rewards of medical device security
We read the draft guidance so that you could tl;dr and get back to your own job. Here are the highlights, as we see them.