Virta Labs Blog


Between the Lines at HIMSS18

Posted by Ben Ransford on Mar 12, 2018 9:08:09 AM

Cybersecurity was a big theme at this year's HIMSS expo. Beckers' summary is nice.

On the one hand, everybody wants their healthcare organizations to act faster on cybersecurity. The drumbeat keeps getting louder, and everyone hopes they won't be the next to be in the news. Some analysts say the reputational cost of a breach can be ten times the size of initial fines over an uncomfortable period of years.

On the other hand, organizations of every size are having a hard time getting started. The number one reason? Budget. Security ROI arguments are famously hard to make, because what's the monetary value of something bad not happening, when it might not have happened anyway, for free? In the battle of abstract versus concrete, concrete always wins.

Read More

Topics: Medical Device Security, Healthcare IT

Should I 510(k) or Should I Go? What New FDA Guidance Means and Why it Matters

Posted by Ben Ransford on Oct 27, 2017 4:30:00 AM

This week FDA released several crucial guidance documents that are strongly relevant to cybersecurity. In regulatory fashion, the documents have very different names and are easy to tell apart, making it easy to talk about them at the same time.

Read More

Topics: Medical Device Security, IoT, Connected Medical Devices

Safety first: cybersecurity of assets on clinical networks

Posted by Kevin Fu on Mar 4, 2017 12:39:54 PM

It's been an amazingly busy year for medical device security. In 2015, the average hospital had not heard of ransomware. (We warned of the hospital malware onslaught in 2012!) In 2016, the hospital C-suites began asking us, "Could that happen here??" after neighboring health systems were taken offline for days by malware. Duh, yes. The important question is how will you ensure that hospital operations continue to remain available to deliver patient care despite legacy capital equipment, cybersecurity risks, and the shifting threat landscape.

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS

Pacemaker Programmers (Rogue Ones): Detecting MICS Band Intruders with Software Radio

Posted by Denis Foo Kune on Dec 15, 2016 9:17:07 PM

The healthcare world is abuzz about potential vulnerabilities in cardiac implants. It seems that every few months, hackers publish yet another attack paper. We know the hospital C-suites are concerned about it, because protecting health delivery organizations is our business. The good news is that there are cost-effective ways for healthcare delivery organizations to manage many of the cybersecurity risks against implantable medical devices.

Read More

Topics: Healthcare Cybersecurity, Medical Device Security, Internet of Things / IoT

How health systems recognize cybersecurity awareness month: medical device security webinars

Posted by Kevin Fu on Oct 13, 2016 7:30:48 PM

How is your health system recognizing October as National Cybersecurity Awareness Month? Last year, we were invited to speak in an exclusive webinar for clinical engineers and IT staff at the 12 hospitals within the University of California Health System. This year, we help hospitals recognize National Cybersecurity Awareness Month in two ways. First, we co-authored a commentary in Modern Healthcare with our colleagues from AAMI, UMHS, and BIDMC on why hospitals need better cybersecurity, not more fear. Second, we decided to make a live webinar available to any health system! To learn more, sign up for our Halloween Medical Device Security webinar. 
Register for Free Webinar

Read More

Topics: Medical Device Security, Healthcare IoT, Healthcare IT, Clinical Information Security, Connected Medical Devices

Back to Business: Continuity of Clinical Operations

Posted by Ben Ransford on Sep 6, 2016 12:53:33 PM
Virta Labs provides a managed cybersecurity service to help hospitals manage their clinical assets and ensure continuity of operations. But our team has an interesting history: we coauthored the first research on cardiac implant security in 2008 and have published extensively on medical device security since then.  As a result, we recently received a flood of technical questions unrelated to our normal menu of services. Virta Labs engineers took time away from building BlueFlow to provide a seminar, white paper, and consultations and to develop our own scientific experimental methods. We're glad that the industry is developing interest in improving medical device security as we've urged for nearly a decade. While this was a necessary and important diversion for us, we are getting back to our core business and clinical tests of BlueFlow.

We have no financial relationship with Muddy Waters Research LLC, St. Jude Medical, or MedSec Ltd. We plan to release a peer-reviewed report shortly so that the greater community may analyze our findings and results.
Read More

Topics: Medical Device Security, Clinical Engineering, Healthcare IT, Asset Discovery, Medical Device Risk Scoring, Shadow IT, Vulnerability Scanning, Clinical Databases, Medical Device Risk Assessments

OCR on ransomware and why inventory matters

Posted by Kevin Fu on Jul 13, 2016 5:19:46 PM

This blog post is about the long awaited fact sheet from HHS Office of Civil Rights (OCR) on ransomware, and why you should take this one seriously in terms of having an accurate inventory of networked medical devices to reduce the probability of enjoying the pleasure of reporting a breach to OCR.

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS

Don't Let Ransomware Be The JBoss Of You

Posted by Michael Holt on May 3, 2016 8:15:00 AM

Ransomware is just the tip of the iceberg.

As we roll out BlueFlow™, we wanted to take some time to share two quick graphics with you that we've used to help us frame our conversations with healthcare delivery organizations (HDOs).

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Breaches, Network Assets, Enterprise Security, Network Security, Network Scanning, Inventory Discovery, Vulnerability Management, Downtime

FDA Postmarket Cybersecurity Guidance Respects Clinical Workflow

Posted by Michael Holt on Apr 26, 2016 11:28:56 AM

Last week, the Food and Drug Adminstration (FDA) closed the public comment period on the draft guidelines for Postmarket Management of Cybersecurity in Medical Devices.

Read More

Topics: FDA, Healthcare Cybersecurity, Ransomware, Medical Device Security, Clinical Security, Clinical Information Systems, Medical Device ePHI

Virta Labs Receives $750K Grant for Healthcare Security

Posted by Ann Gookin on Mar 25, 2016 3:00:00 AM

Ann Arbor, MI, March 25, 2016 — Healthcare security company Virta Laboratories, Inc. received a $750K grant from the NSF Small Business Innovation Research (SBIR) program. Virta Labs provides solutions for hospitals and medical device manufacturers to measure and visualize exposure to cybersecurity risks without interrupting clinical workflow. The company plans to use the federal grant to extend its product lines into healthcare delivery organizations that face serious cybersecurity challenges. Virta Labs received a Phase I grant from the same program in 2015.

Read More

Topics: Healthcare Cybersecurity, NSF SBIR, Medical Device Security, Healthcare IoT, Clinical Engineering, Connected Medical Devices