Vulnerability Management and Medical Device Manufacturers

By Eric Noonan • February 18, 2016

Recent updates from the FDA on securing network-connected medical devices show that there is a growing concern for security surrounding the medical industry.  Hospital networks, medical devices, and other critical infrastructure are all at risk.  An article from Threatpost.com last week covered the Kaspersky Lab Security Analyst Summit, in which a researcher from Kaspersky Lab was able to breach a Moscow hospital network.  What did he find?  According to the article, “…a shocking array of open doors on the network and weaknesses in medical devices and applications crucial not only to the privacy of patients but also their physical well-being.”

While this may or may not be surprising, I do find it concerning that security appears to be an afterthought for the medical device industry.  Protecting patient information, ensuring wearable medical technology is secure and shoring up defenses for medical devices should be paramount.  As FierceMobile Healthcare predicted in late-December 2015, the Internet of Things will play an increased role in healthcare in 2016.  Security should be incorporated at the start of the process, rather than strapping it on at the end and hoping that the security features do their job.  By working security into the process,  medical device manufacturers are taking the time to ensure software and applications within these devices are developed using secure standards, as this one proposed by the IEEE.

In the previous example of the Moscow hospital network, backdoors, vulnerable software, and poorly secured configurations – all can be mitigated with regular vulnerability management.  Instituting scans, remediation plans, mitigating vulnerabilities, and patching out of date software are all part of a robust vulnerability management program.  This type of program makes your organization more proactive, rather than reactive.  Planning for routine updates and fixes to your devices will keep your patient and data safe.

It is good business and best practice to secure medical devices, hospital networks, and patient healthcare information. It is also important for medical device manufacturers to understand their vulnerabilities to know where you stand.  If your organization hasn’t conducted a security assessment to review your security program, that would be the place to start.  With a roadmap in hand, your next step is to begin identifying and remediating the risks.  Where are your gaps?  Do you have a vulnerability management program?  Do you know what medical devices connect to your network regularly?  All of these questions will help you develop a stronger security program.

How CyberSheath Can Help You Manage Your Risk

Taking the defense-in-depth approach to securing your network is effective at managing risks. In order to manage these risks, a picture of your network must first be obtained.  Whatever your security needs are, CyberSheath can assist you along the way.  From conducting an information security assessment to building a security program, let us help you secure your data.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.