Josh Corman – WindowsTechs.com

Lawmaker to HHS: Label software in medical devices

Posted on November 17, 2017 by Shaun Waterman

The Trump administration should convene a national effort in partnership with the private sector to ensure that the owners and operators of medical devices, hospital IT networks and electronic health records systems can find out what software and other components are in the products they buy, says the chairman of the powerful House Energy and Commerce Committee. In a letter Thursday to acting Health and Human Services Secretary Eric Hargen, committee Chairman Greg Walden, R-Ore., notes a congressionally chartered task force on health care cybersecurity earlier this year recommended such transparency requirements. The congressional report said there should be a “Bill of Materials” (BOM) for medical products because hospital IT managers and network administrators “must first understand what they have on their systems, before they can determine whether these technologies are impacted by a given threat or vulnerability.” “We write today to request that [HHS] convene a sector-wide effort to develop a plan of action for creating, deploying and leveraging BOMs […]

The post Lawmaker to HHS: Label software in medical devices appeared first on Cyberscoop.

Continue reading Lawmaker to HHS: Label software in medical devices→

Experts ask: Why does the VEP cut out health care agencies?

Posted on November 16, 2017 by Shaun Waterman

The U.S. government’s policy for disclosing freshly discovered software vulnerabilities effectively sidelines a small but vital slice of the global IT ecosystem, critics charge — flaws in the computer programs that run medical devices, hospital equipment and digital health records systems. The Vulnerabilities Equities Process (VEP) sets out how the government decides whether to secretly retain a new vulnerability — called a zero day — for use in spying operations, or disclose it to the manufacturer so the software can be fixed or patched. The process’s details were released Wednesday by the White House. The Equities Review Board, the body which discusses vulnerabilities and makes decisions under the VEP, is made up of representatives from 10 federal agencies and departments, including the Department of Defense, Department of Homeland Security and the Office of the Director of National Intelligence. But there’s no representative from the Department of Health and Human Services. When asked […]

The post Experts ask: Why does the VEP cut out health care agencies? appeared first on Cyberscoop.

Continue reading Experts ask: Why does the VEP cut out health care agencies?→

Threatpost News Wrap, April 21, 2017

Posted on April 28, 2017 by Chris Brook

Mike Mimoso and Chris Brook recap this year’s SOURCE Boston Conference and discuss the week in news, including the long term implications of the NSA’s DoublePulsar exploit, and the HipChat breach. Continue reading Threatpost News Wrap, April 21, 2017→

Healthcare Sector Suffers From Lack Of Security Professionals

Posted on April 26, 2017 by Michael Mimoso

At Source Boston, Josh Corman of the Atlantic Council said that healthcare is suffering from a lack of security talent, devices rife with vulnerabilities, and government incentivizing bad behavior. Continue reading Healthcare Sector Suffers From Lack Of Security Professionals→

Hackers and Developers Need to Hug it Out

Posted on March 10, 2016 by Michael Mimoso

At last week’s RSA Conference, developers and hackers shared the same stage and tried to iron out some of their differences. Continue reading Hackers and Developers Need to Hug it Out→

Getting Involved in the Community- Join us live or later on Dark Reading Radio 2/18

Posted on February 17, 2015 by jj

Wednesday, February 18th at 1pm Eastern- listen live, or download and enjoy later, as Josh Corman and I join Dark Reading’s Tim Wilson, Sara Peters, and Curtis Franklin to challenge listeners to get more involved in the security community.

MORE > C… Continue reading Getting Involved in the Community- Join us live or later on Dark Reading Radio 2/18→