Medical Device Manufacturer Secure Development Lifecycle

A mature Secure Software Development Lifecycle requires tight integration between engineering and release processes with supply chain and customer (HDO) needs, all supported by the appropriate security tools, technologies, processes, and training.

Five security lessons healthcare should keep in mind post-COVID

What are the five security lessons healthcare should keep in mind post-COVID? Vidya Murthy describes the changes we've seen in connectivity, supply chains, and medical devices and the steps the healthcare industry should take to manage cybersecurity risk.

From SBOM to Vulnerability Management: Crawl, Walk, Run

Do you know whether your devices are affected by the latest bluetooth vulnerability du jour? Are your product security teams so stretched and need more efficient processes to ease the burden, but don’t know where to start? We outline suggestions to help you move from a crawl to a walk or from a walk to a run.

4 Key Constraints Preventing Healthcare from Proper Cybersecurity

Healthcare providers rightfully prioritize healthcare delivery and patient safety, but security measures continue to take a back seat which leaves the healthcare industry exposed to cyber risks. Seth Carnody outlines the unique constraints that hold the healthcare industry back from proper cybersecurity and explains how the industry must “shift left” to develop a proactive approach to medical device cybersecurity.

Why We Adopted the CycloneDX SBOM Format

When we started solving the vulnerability identification and management problem for our customers we evaluated SBOM formats, including our own, but soon realized our friends at CycloneDX had already done a great job in trying to standardize their format.

Medical Device Cyber-Vulnerability Casts a Cloud Over Growing Use

Seth Carmody shares his view in an interview, outlining how the attack surface of healthcare is forecast to explode in size in the next few years, and why we need expertise to succeed.

AAMI Cyberinsights: Oh, What a Tangled Web We Weave

Solving complex problems is, unfortunately, a slow process, as it not only requires untangling of the individual pieces that are forming that complexity but also management of external dependencies. Seen another way: Solving the problem itself should not make something else worse.

Axel Wirth, shares his perspective on this topic, in particular that current discussions seem to focus on the sole importance of solving for security. We need to make devices more secure, of course, but we need to do so within what is practically and economically possible while maintaining functionality.

How are patient safety and medical device cybersecurity linked?

Discover the relationship between clinical care and security from industry experts from clinicians and cybersecurity experts.

Featuring contributions by Dr. Gabriel Ma, AbedGraham group Senior Clinical Strategist and Dr. Saif Abed, AbedGraham Director of Cybersecurity Advisory Services.

20/20 Hindsight is so 2020 in Healthcare Cybersecurity

…but after a year of entirely unpredictable occurrences, how can one speculate on what 2021 will bring? For some, the focus developed as they adopted new strategies overnight, while others have had to fundamentally change their way of working.

It will take more than the first cyberattack-related death for healthcare’s security wakeup call

Dr. Seth Carmody shares his thoughts on why this isn't theoretical anymore. The global pandemic has accelerated the number of devices deployed to operate outside of the hospital walls, providing remote patient monitoring and telehealth. This has expanded healthcare’s attack surface resulting in healthcare experiencing more attacks .

But has this increased attack surface hurt patients? Tying adverse clinical outcomes to security events is hard . Security events such as ransomware typically result in disruption of operations, news of redirecting emergency vehicles and doctors resorting to pen and paper during cyber attacks are prevalent.

We spent October busting myths on healthcare cybersecurity. Do you agree with our conclusions?

October was annual National Cybersecurity Awareness Month, a national initiative from the U.S. Cybersecurity and Infrastructure Security Agency. This year, MedCrypt launched our Myth|Hackers series throughout the month of October to help promote awareness for medical device cybersecurity, debunk common misconceptions, and dive into some of the biggest industry challenges.

What Medical Device Vendors Can Learn From Past Cybersecurity Vulnerability Disclosures

For a few years running we have pulled the vulnerability disclosures related to medical devices to see what we see. This year is no exception and offered some unique insights, in particular focusing on the role of researchers.

Destigmatizing Medical Device Vulnerability Disclosures to Improve Healthcare Cybersecurity

Vulnerability sharing arms stakeholders with the information they need to assess devices, minimize cybersecurity risks and proactively mitigate emerging risks to prevent exploitation. No software-based technology is completely free of cybersecurity risks and even if you could sell a perfectly secure medical device, vulnerabilities are expected to be found.

The good news? Recent FDA policy has incentivized medical device manufacturers (MDMs) to engage in coordinated disclosures of security weaknesses, as well as relaxed regulatory requirements when vulnerabilities are addressed responsibly.

Regulatory Cybersecurity Requirements for Medical Devices

Advancements in medical device technology has allowed for services, initiatives and changes in healthcare delivery to evolve at a break-neck pace. Smartphones are increasingly integrated into patient care planning, providing internet connectivity to share data with healthcare delivery organizations (HDO), doctors and researchers. It is unfortunately also true that as the medical treatment landscape has evolved, it has been challenged by cyber-attacks.

While TV shows like Homeland have portrayed the vice president’s wireless pacemaker introducing a vulnerability that can be used in an assassination attempt, individual patient harm is not the common scenario HDOs and patients face.

Staying vigilant on device cybersecurity during times of crisis and planning for the future

As we finish another week of COVID-19 dominating headlines, we’re seeing the impact of the disease seeping into almost every industry. Healthcare is feeling most of the heat as providers, in response to the growing infection, are being forced to rethink how they will monitor and treat the onslaught of critically ill patients. To top it off, hackers and cybercriminals may be tempted to exploit security weaknesses that could get exposed as our health system responds to this global pandemic, as we have already seen in targeted attacks on health agencies and hospitals be it for financial gain or out of political motivation.

Where We Are on the Cybersecurity Journey

Axel Wirth reflects on his last 12 years spent working in healthcare cybersecurity (health IT and medical devices) which have been equally rewarding, exciting, and frustrating. Although we, as an industry, have made progress in many areas, so have our adversaries. For the most part, it feels like we are running after a train that is leaving the station — we are certainly making the effort, yet we are not gaining as the train pulls away from us.