Model contract language for medical technology cybersecurity published

Medical technology companies and health delivery organizations have a new template for agreeing on cybersecurity contractual terms and conditions to reduce cost, complexity and time in the contracting process and improve patient safety. Published by th… Continue reading Model contract language for medical technology cybersecurity published

Forescout acquires medical IoT security company CyberMDX

Silicon Valley cybersecurity company Forescout Technologies said Tuesday that it is acquiring CyberMDX, a medical-device security company known for its research into potential cyberthreats against health care technology. CyberMDX is a natural fit for Forescout, which focuses on securing connected devices and operational technology (OT) for large organizations — including what the industry calls the Internet of Medical Things (IoMT). Terms of the deal were not disclosed. “Cybersecurity for IoMT, much like cybersecurity for OT devices, requires specific expertise and technologies,” Forescout CEO Wael Mohamed said. “We are pleased to have the CyberMDX team join Forescout as we continue delivering new capabilities on our market-leading platform and grow our R&D center.” Research by CyberMDX has been responsible for shedding light on critical vulnerabilities in widely used medical imaging devices, patient monitors, anesthesia machines and infusion pumps. Forescout’s platform specializes in “device intelligence and network fabric technology,” or finding and classifying […]

The post Forescout acquires medical IoT security company CyberMDX appeared first on CyberScoop.

Continue reading Forescout acquires medical IoT security company CyberMDX

53% of medical devices have a known critical vulnerability

After a year of unprecedented ransomware attacks on hospitals and healthcare systems – and with healthcare now the #1 target for cybercriminals – critical medical device risks in hospital environments continue to leave hospitals and their patients vuln… Continue reading 53% of medical devices have a known critical vulnerability

Finding the right mix: Leveraging policy and incentives to improve healthcare cybersecurity

When businesses are hit by a cyberattack, it can mean a disruption in operations, lost revenue and customer dissatisfaction because their personal information is exposed. But for the healthcare sector, the impact is far greater; cyberattacks can be a m… Continue reading Finding the right mix: Leveraging policy and incentives to improve healthcare cybersecurity

Researchers show how to tamper with medication in popular infusion pumps using software flaws

McAfee security researchers on Tuesday said they had found multiple vulnerabilities in infusion pump software that, under certain conditions, a skilled hacker could use to alter a patient’s medication dose to a potentially unsafe level. The vulnerabilities are in equipment made by multinational vendor B. Braun that are used in pediatric and adult health care facilities in the United States. While there are no reports of malicious exploitation of the flaws, the research illustrates the challenge of securing devices conceived decades ago from 21st-century digital threats. The findings come as the health care sector reckons with a series of ransomware attacks that hit aging hospital computer networks during the pandemic. Medical devices “remain vulnerable to legacy issues that have persisted for many years and have exceptionally slow update or upgrade cycles,” said Steve Povolny, who heads the Advanced Threat Research team at McAfee. In a statement, B. Braun said the […]

The post Researchers show how to tamper with medication in popular infusion pumps using software flaws appeared first on CyberScoop.

Continue reading Researchers show how to tamper with medication in popular infusion pumps using software flaws

BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings

A critical set of software flaws first revealed in April also affects code made by BlackBerry that is used in countless devices in the medical, automotive and energy sectors, the technology vendor confirmed on Tuesday. A hacker who exploits the so-called BadAlloc software vulnerabilities, which Microsoft researchers uncovered, could cause devices running the software to crash. In BlackBerry’s case, the attacker would need to first gain access to a targeted network and then go after devices that are exposed to the internet. The affected software is BlackBerry’s QNX Real-Time Operating System, a suite of software that manages data across a network. It’s unclear just how many devices are running the affected BlackBerry software. The firm said last year that its QNX software was embedded in more than 175 million cars alone. A BlackBerry spokesperson did not immediately respond to a request for comment. “These vulnerabilities may introduce risks for certain […]

The post BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings appeared first on CyberScoop.

Continue reading BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings

Hospitals still not protected from dangerous vulnerabilities

Ipsos conducted a research which examines attitudes, concerns, and impacts on medical device security as well as cybersecurity across large and midsize healthcare delivery organizations. Insights include how they correlate and diverge. Healthcare is on… Continue reading Hospitals still not protected from dangerous vulnerabilities

Connected devices increasingly at risk as new ransomware attacks are reported almost daily

Ordr released a report on the state of connected devices. The 2021 study addresses pandemic-related cybersecurity challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took adva… Continue reading Connected devices increasingly at risk as new ransomware attacks are reported almost daily

Fujifilm shuts down computer systems following apparent ransomware intrusion

Fujifilm Corp. has shut down part of its computer network and “disconnected from external correspondence” in the face of a possible ransomware attack, the Japanese electronics giant said Wednesday. In a brief statement, Fujifilm said that it became aware of the security issue late Tuesday and that it has “taken measures to suspend all affected systems in coordination with our various global entities.” The company said it was still “working to determine the extent and the scale of the issue.” Fujifilm is just the latest multinational company to be hamstrung by ransomware. JBS, the world’s largest beef producer, had to temporarily shut down facilities in Colorado, Canada and Australia following a ransomware hack. Perhaps best known for its photography equipment, Fujifilm also makes a range of medical products such as CT Scan and Xray devices. The company reported more than $20 billion in revenue last year and has offices around […]

The post Fujifilm shuts down computer systems following apparent ransomware intrusion appeared first on CyberScoop.

Continue reading Fujifilm shuts down computer systems following apparent ransomware intrusion

Cybersecurity, emerging technology and systemic risk: What it means for the medical device industry?

In late 2020, the World Economic Forum stated that “the approach to cybersecurity needs to be overhauled before the industry finds itself in any fit state to tackle the threat.” The WEF singled out five global cybersecurity challenges: 1. Increasing so… Continue reading Cybersecurity, emerging technology and systemic risk: What it means for the medical device industry?