Virta Blabs

Cybersecurity was a big theme at this year's HIMSS expo. Beckers' summary is nice.

On the one hand, everybody wants their healthcare organizations to act faster on cybersecurity. The drumbeat keeps getting louder, and everyone hopes they won't be the next to be in the news. Some analysts say the reputational cost of a breach can be ten times the size of initial fines over an uncomfortable period of years.

On the other hand, organizations of every size are having a hard time getting started. The number one reason? Budget. Security ROI arguments are famously hard to make, because what's the monetary value of something bad not happening, when it might not have happened anyway, for free? In the battle of abstract versus concrete, concrete always wins.

Topics: Medical Device Security, Healthcare IT

Clinical engineers (CE) and biomeds need to be in the loop if healthcare organizations can hope to address cybersecurity risks.

Topics: Inventory Management, Clinical Cybersecurity, Healthcare IT

How is your health system recognizing October as National Cybersecurity Awareness Month? Last year, we were invited to speak in an exclusive webinar for clinical engineers and IT staff at the 12 hospitals within the University of California Health System. This year, we help hospitals recognize National Cybersecurity Awareness Month in two ways. First, we co-authored a commentary in Modern Healthcare with our colleagues from AAMI, UMHS, and BIDMC on why hospitals need better cybersecurity, not more fear. Second, we decided to make a live webinar available to any health system! To learn more, sign up for our Halloween Medical Device Security webinar. 

Topics: Medical Device Security, Healthcare IoT, Healthcare IT, Clinical Information Security, Connected Medical Devices

Topics: Medical Device Security, Clinical Engineering, Healthcare IT, Asset Discovery, Medical Device Risk Scoring, Shadow IT, Vulnerability Scanning, Clinical Databases, Medical Device Risk Assessments

People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance.  All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:

• raising the flag on potential issues in 2008;
• demonstrating the first attacks on a medical implant;
• signal-injection attacks in the analog domain;
• building novel nonintrusive defenses;
• organizing a series of successful workshops to bring together stakeholders for constructive discussions;
• conducting meta-analysis of postmarket security monitoring; and
• educating the National Academy of Engineering and numerous government bodies about the risks and rewards of medical device security

... among other things.  And we're thrilled to see that the FDA has taken the significant step of issuing this document.

We read the draft guidance so that you could tl;dr and get back to your own job.  Here are the highlights, as we see them.

Topics: FDA, Healthcare Cybersecurity, Medical Device Security, Clinical Engineering, Healthcare IT, Clinical Information Security

Topics: RECRUITING, Healthcare Cybersecurity, Clinical Security, Healthcare IT, Internet of Things / IoT

Topics: SXSW, Healthcare Cybersecurity, NSF SBIR, Clinical Security, Healthcare IT