Vulnerability Management and Medical Device Manufacturers

By Eric Noonan • February 18, 2016

Recent updates from the FDA on securing network-connected medical devices show that there is a growing concern for security surrounding the medical industry.  Hospital networks, medical devices, and other critical infrastructure are all at risk.  An article from Threatpost.com last week covered the Kaspersky Lab Security Analyst Summit, in which a researcher from Kaspersky Lab was able to breach a Moscow hospital network.  What did he find?  According to the article, “…a shocking array of open doors on the network and weaknesses in medical devices and applications crucial not only to the privacy of patients but also their physical well-being.”

While this may or may not be surprising, I do find it concerning that security appears to be an afterthought for the medical device industry.  Protecting patient information, ensuring wearable medical technology is secure and shoring up defenses for medical devices should be paramount.  As FierceMobile Healthcare predicted in late-December 2015, the Internet of Things will play an increased role in healthcare in 2016.  Security should be incorporated at the start of the process, rather than strapping it on at the end and hoping that the security features do their job.  By working security into the process,  medical device manufacturers are taking the time to ensure software and applications within these devices are developed using secure standards, as this one proposed by the IEEE.

In the previous example of the Moscow hospital network, backdoors, vulnerable software, and poorly secured configurations – all can be mitigated with regular vulnerability management.  Instituting scans, remediation plans, mitigating vulnerabilities, and patching out of date software are all part of a robust vulnerability management program.  This type of program makes your organization more proactive, rather than reactive.  Planning for routine updates and fixes to your devices will keep your patient and data safe.

It is good business and best practice to secure medical devices, hospital networks, and patient healthcare information. It is also important for medical device manufacturers to understand their vulnerabilities to know where you stand.  If your organization hasn’t conducted a security assessment to review your security program, that would be the place to start.  With a roadmap in hand, your next step is to begin identifying and remediating the risks.  Where are your gaps?  Do you have a vulnerability management program?  Do you know what medical devices connect to your network regularly?  All of these questions will help you develop a stronger security program.

How CyberSheath Can Help You Manage Your Risk

Taking the defense-in-depth approach to securing your network is effective at managing risks. In order to manage these risks, a picture of your network must first be obtained.  Whatever your security needs are, CyberSheath can assist you along the way.  From conducting an information security assessment to building a security program, let us help you secure your data.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.