Healthcare Information Security

Medical Device Security

Medtronic Ventilator Recalled by FDA for Software Update

December 21, 2018 - The Food and Drug Administration released an alert about a global voluntary corrective field action on Medtronic’s Puritan Bennett 980 ventilators. The action was announced this week and began on September 19. The FDA classified the action as a “Class I Recall.” According to the alert, the ventilator software requires an update to address customer feedback. Without...


More Articles

DHS Finds Encryption Vulnerabilities in Medtronic Programmers

by Jessica Davis

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team discovered encryption vulnerabilities in Medtronic’s 9790 and 2090 CareLink Programmers and 29901 Encore Programmers that could...

Cybersecurity Vulnerabilities Flagged in Roche Handheld Devices

by Fred Donovan

ICS-CERT is warning about cybersecurity vulnerabilities in Roche point-of-care handheld medical devices. The devices, which go by the names Accu-Chek and CoaguChek, suffer from improper authentication, OS command injection, unrestricted...

Many IT Pros Lack Budget for Connected Medical Device Security

by Fred Donovan

A disturbing 41 percent of healthcare IT professionals do not have a separate or sufficient budget for connected medical device security, according to a recent survey by Propeller Insights on behalf of Zingbox. Despite this lack of...

FDA Needs Procedures for Recalls of Vulnerable Medical Devices

by Fred Donovan

HHS OIG is recommending that the FDA establish and maintain procedures for handling recalls of vulnerable medical devices that can be exploited by attackers or other unauthorized users. In addition, OIG advises the FDA to establish...

Cybersecurity Vulnerabilities Lurk in Brain Stimulation Devices

by Fred Donovan

Neurostimulators have cybersecurity vulnerabilities that could be exploited by hackers to get access to the devices, manipulate them, and steal data transmitted by them. This was the conclusion of a report prepared by security firm...

Medical Devices and Other Endpoints Offer Attractive Targets to Attackers

by Insight

“Attackers see medical devices and other endpoints in the healthcare environment as rich targets,” explains Julie Connolly, principal cybersecurity engineer at MITRE. Connolly identifies several security problems with medical...

FDA Takes Steps to Beef Up Medical Device Security Bona Fides

by Fred Donovan

The FDA has taken some recent steps to beef up its bona fides in medical device security. First, it recently signed a memorandum of agreement with the Department of Homeland Security to implement a new framework for increased...

NCCoE Unveils Vendor Partners for Medical Device Security Project

by Fred Donovan

The NIST-backed National Cybersecurity Center of Excellence (NCCoE) unveiled this week an initial set of vendor partners for a medical device security project called Securing Picture Archiving and Communication Systems (PACS). The vendor...

FDA Warns of Cybersecurity Vulnerabilities in CareLink Programmers

by Fred Donovan

The FDA has issued a medical device safety alert about cybersecurity vulnerabilities in Medtronic’s CareLink programmers that could enable an attacker to change the functionality of the programmer or the implanted pacemaker it...

Same Cybersecurity Vulnerability Uncovered in Different Devices

by Fred Donovan

Security researcher Dan Regalado at Zingbox uncovered the same cybersecurity vulnerability — information exposure through an error message — in two medical devices made by different manufacturers. Regalado then notified the...

Healthcare IT Execs Lack Confidence in Medical Device Security

by Fred Donovan

More than 60 percent of healthcare IT executives lack confidence that their current medical device security strategy protects patient safety and prevents disruptions in care. The survey found that only 39 percent of respondents were...

HPH SCC Set To Issue Cybersecurity Best Practices for Healthcare

by Fred Donovan

The Healthcare and Public Health Sector Coordinating Council (HPH SCC) soon plans to release voluntary cybersecurity best practices for medical device manufacturers and healthcare providers, the groups announced Oct. 1 on the kickoff...

FDA Unveils MITRE’s Medical Device Security Playbook

by Fred Donovan

The FDA released Oct. 1 a medical device security playbook it developed with MITRE to advise healthcare organizations on securing their medical equipment.  The playbook is intended to enable healthcare organizations plan for and...

NIST Warns About Cybersecurity Vulnerabilities in Healthcare IoT

by Fred Donovan

NIST has issued a draft report examining the cybersecurity vulnerabilities and privacy risks posed by Internet of Things (IoT) devices, including healthcare IoT.  “Many organizations are not necessarily aware they are using a...

FDA’s Cybersecurity Unit Would Set Up CyberMed Safety Board

by Fred Donovan

The FDA’s proposed cybersecurity unit would help establish the public-private CyberMed Safety Board mentioned in the FDA's medical device safety action plan issued in April, FDA spokeswoman Stephanie Caccomo recently told...

Europol Warns Nation-States Behind More Ransomware Attacks

by Fred Donovan

The European law enforcement agency Europol is warning that nation-states are increasingly behind ransomware attacks, such as the 2017 WannaCry campaign. The WannaCry ransomware targeted medical devices and...

OIG Backs FDA Process Changes To Boost Medical Device Security

by Fred Donovan

To improve medical device security, the HHS Office of the Inspector General (OIG) is recommending that the FDA better integrate cybersecurity criteria into its premarket review process for medical devices. In a report released Sept. 10,...

FDA Expects Updated Medical Device Security Guidance This Fall

by Fred Donovan

The FDA plans to update its premarket guidance for medical device security this fall, said FDA Commissioner Scott Gottlieb during a Sept. 5 speech to the Medical Device Innovation Consortium 2018 Annual Public Forum. The guidance will...

9 Cybersecurity Vulnerabilities Found in Philips E-Alert Tool

by Fred Donovan

Nine cybersecurity vulnerabilities have been found in the Philips e-Alert Unit, a tool that monitors MRI system performance, according to an Aug. 30 ICS-CERT advisory. Attackers could exploit these vulnerabilities to compromise user...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...