Virta Blabs

bac.jpg

EMU CTF and the Power of Thinking Outside the Box

Posted by Ben Ransford on Mar 8, 2017 4:00:00 PM

We've written before about our sharp and industrious intern Jessica Wilson, who hacks medical devices to learn then better and who has contributed to many parts of BlueFlow, most recently our Active Directory integration.

Read More

Topics: RECRUITING, Healthcare Cybersecurity, Penetration Testing

Safety first: cybersecurity of assets on clinical networks

Posted by Kevin Fu on Mar 4, 2017 3:39:54 PM

It's been an amazingly busy year for medical device security. In 2015, the average hospital had not heard of ransomware. (We warned of the hospital malware onslaught in 2012!) In 2016, the hospital C-suites began asking us, "Could that happen here??" after neighboring health systems were taken offline for days by malware. Duh, yes. The important question is how will you ensure that hospital operations continue to remain available to deliver patient care despite legacy capital equipment, cybersecurity risks, and the shifting threat landscape.

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS

Pacemaker Programmers (Rogue Ones): Detecting MICS Band Intruders with Software Radio

Posted by Denis Foo Kune on Dec 16, 2016 12:17:07 AM

The healthcare world is abuzz about potential vulnerabilities in cardiac implants. It seems that every few months, hackers publish yet another attack paper. We know the hospital C-suites are concerned about it, because protecting health delivery organizations is our business. The good news is that there are cost-effective ways for healthcare delivery organizations to manage many of the cybersecurity risks against implantable medical devices.

Read More

Topics: Healthcare Cybersecurity, Medical Device Security, Internet of Things / IoT

OCR on ransomware and why inventory matters

Posted by Kevin Fu on Jul 13, 2016 8:19:46 PM

This blog post is about the long awaited fact sheet from HHS Office of Civil Rights (OCR) on ransomware, and why you should take this one seriously in terms of having an accurate inventory of networked medical devices to reduce the probability of enjoying the pleasure of reporting a breach to OCR.

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS

Don't Let Ransomware Be The JBoss Of You

Posted by Michael Holt on May 3, 2016 11:15:00 AM

Ransomware is just the tip of the iceberg.

As we roll out BlueFlow™, we wanted to take some time to share two quick graphics with you that we've used to help us frame our conversations with healthcare delivery organizations (HDOs).

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Breaches, Network Assets, Enterprise Security, Network Security, Network Scanning, Inventory Discovery, Vulnerability Management, Downtime

FDA Postmarket Cybersecurity Guidance Respects Clinical Workflow

Posted by Michael Holt on Apr 26, 2016 2:28:56 PM

Last week, the Food and Drug Adminstration (FDA) closed the public comment period on the draft guidelines for Postmarket Management of Cybersecurity in Medical Devices.

Read More

Topics: FDA, Healthcare Cybersecurity, Ransomware, Medical Device Security, Clinical Security, Clinical Information Systems, Medical Device ePHI

Virta Labs Receives $750K Grant for Healthcare Security

Posted by Ann Gookin on Mar 25, 2016 6:00:00 AM

Ann Arbor, MI, March 25, 2016 — Healthcare security company Virta Laboratories, Inc. received a $750K grant from the NSF Small Business Innovation Research (SBIR) program. Virta Labs provides solutions for hospitals and medical device manufacturers to measure and visualize exposure to cybersecurity risks without interrupting clinical workflow. The company plans to use the federal grant to extend its product lines into healthcare delivery organizations that face serious cybersecurity challenges. Virta Labs received a Phase I grant from the same program in 2015.

Read More

Topics: Healthcare Cybersecurity, NSF SBIR, Medical Device Security, Healthcare IoT, Clinical Engineering, Connected Medical Devices

INTERN SPOTLIGHT: JESSICA HACKS MEDICAL DEVICES

Posted by Ann Gookin on Jan 26, 2016 4:33:24 PM

I asked our (now famous) intern Jessica to share a sampling of some of the "crazier" things she's seen during her time at Virta.  Read on for a selection of her findings while poking around on some medical devices.

 

Read More

Topics: RECRUITING, Healthcare Cybersecurity, Medical Device Security, Healthcare IoT, COTS, Connected Medical Devices

FDA's Draft Guidance: The Long and the Short Of It

Posted by Ben Ransford on Jan 20, 2016 2:28:41 PM

People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance.  All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:

... among other things.  And we're thrilled to see that the FDA has taken the significant step of issuing this document.

We read the draft guidance so that you could tl;dr and get back to your own job.  Here are the highlights, as we see them.

Read More

Topics: FDA, Healthcare Cybersecurity, Medical Device Security, Clinical Engineering, Healthcare IT, Clinical Information Security

INTERN SPOTLIGHT: Jessica Wilson

Posted by Ann Gookin on Jan 19, 2016 6:09:04 PM

In our last post, we brought you some information about internships at Virta Labs and our recruiting process.

Read More

Topics: RECRUITING, Healthcare Cybersecurity, Medical Device Security, Legacy Medical Devices