MASSDEVICE ON CALL — Digital criminals have been stepping up their game with an ever-increasing number of malicious hacks on healthcare data systems, but there is good news. The medical device industry doesn’t have to reinvent the wheel to get a grasp on its cybersecurity issues.
Other industries have been in the cybersecurity limelight for years and there are several defined practices to help companies assess and improve their digital defenses.
In a blog post for MDDI Online, a trio of cybersecurity experts offered guidance on how to get started "hacking your own medical device."
"Technical security analysis and penetration tests (pentests) are key components of a sustainable security protection framework," the authors wrote. "The aim is to determine the current level of security of the device software and to identify security-critical vulnerabilities in software design and/or implementation. Risks can be uncovered and practical measures taken to eliminate the vulnerabilities or to reduce the risk to a level acceptable for the organization without taking chances with the wellbeing and safety of the patient."
That doesn’t mean, however, that there’s a one-size-fits-all digital security protocol. Security testers must be quick on their feet and creative in order to think the way a criminal hacker would to find vulnerabilities.
"Security analysts use tools to perform their tests; however, they must independently develop and implement hacking targets and scenarios within the organization under testing conditions that are as realistic as possible. This requires in-depth knowledge of the current threat scenarios and the latest technological advances," according to the article. "If they come up against unexpected obstacles during an attack, then, just like a malicious hacker, they must find a creative diversion around those obstacles – even in the unknown terrain of a medical device or application – to reach their target. No automated vulnerability assessment can achieve this creative thinking."
Congress battles over Healthcare.gov security flaws
Democrats are calling on their resources to bring witnesses to testify before a House Committee on Oversight & Government Reform meeting about cybersecurity flaws in the Healthcare.gov website.
FDA re-imagines medtech labels
Federal regulators are looking to pilot a new standardized labeling system for medical devices, which could turn into the agency’s 1st concrete rules about medtech labels.