Information Security News mailing list archives
FDA's bill of materials creates a cybersecurity blind spot for medical devices
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 10 Oct 2019 07:56:31 +0000 (UTC)
https://www.healthcareitnews.com/news/fda-s-bill-materials-crates-cybersecurity-blind-spot-medical-devices By Bill Siwicki Healthcare IT News October 09, 2019The FDA’s cybersecurity bill of materials has major implications – both good and bad – for healthcare provider organizations’ IT and security teams.
While it may seem like a no-brainer to allow manufacturers access to update their own firmware in medical devices to improve cybersecurity, opening the door to devices introduces a conflicting set of challenges.
The draft bill of materials guidance is aimed at having manufacturers disclose other vendors’ software they may be using in addition to their own software/firmware. The intent is to give the IT security staff more context on the device software.
(On a related note, the FDA has issued a safety communication – aimed at healthcare organizations, IT professionals, device manufacturers and patients – warning of the cybersecurity vulnerabilities known as URGENT/11. The risk, FDA officials said in the communication, is that URGENT/11, if exploited by a remote attacker, could pose safety and security risks for connected medical devices and hospital networks.)
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- FDA's bill of materials creates a cybersecurity blind spot for medical devices InfoSec News (Oct 10)