NH-ISAC also to hold medical device vulnerability info sharing workshop, hosted by St. Jude Medical.
The National Health Information Sharing and Analysis Center (NH-ISAC) and the Medical Device Innovation, Safety and Security Consortium (MDISS) Tuesday released a statement encouraging medical device researchers to comply with ISO/IEC standards and US Food & Drug Administration (FDA) recommendations on vulnerability disclosure.
The announcement comes in the wake of security research firm MedSec's controversial decision to partner with Muddy Waters to short-sell stock on medical device manufacturer St. Jude Medical. MedSec, via Muddy Waters, revealed only vague information about severe vulnerabilities in the company's implantable cardiac devices, rather than reporting the complete details of those vulnerabilities to the manufacturer or to the FDA or ICS-CERT (which are the official handlers of medical device safety and cybersecurity complaints/investigations).
Dr. Dale Nordenberg, Executive Director of MDISS, stated in the release, that “when identifying security vulnerabilities that may pose a risk to patients, it is critical that medical device researchers provide detailed engineering methods to support a timely collaborative peer review process by manufacturers, ICS-CERT, and the FDA of any potential medical device vulnerability.”
The FDA laid out its draft guidance for "Postmarket Management of Cybersecurity in Medical Devices" in January. NH-ISAC and MDISS will hold an educational workshop about these new FDA guidelines later this month in Minnesota; the workshop will be hosted by St. Jude Medical.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024