Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

FDA's bill of materials creates a cybersecurity blind spot for medical devices

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 10 Oct 2019 07:56:31 +0000 (UTC)
https://www.healthcareitnews.com/news/fda-s-bill-materials-crates-cybersecurity-blind-spot-medical-devices

By Bill Siwicki
Healthcare IT News
October 09, 2019
The FDA’s cybersecurity bill of materials has major implications – both good and bad – for healthcare provider organizations’ IT and security teams.
While it may seem like a no-brainer to allow manufacturers access to update their own firmware in medical devices to improve cybersecurity, opening the door to devices introduces a conflicting set of challenges.
The draft bill of materials guidance is aimed at having manufacturers disclose other vendors’ software they may be using in addition to their own software/firmware. The intent is to give the IT security staff more context on the device software.
(On a related note, the FDA has issued a safety communication – aimed at healthcare organizations, IT professionals, device manufacturers and patients – warning of the cybersecurity vulnerabilities known as URGENT/11. The risk, FDA officials said in the communication, is that URGENT/11, if exploited by a remote attacker, could pose safety and security risks for connected medical devices and hospital networks.) 

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: