Improved Standards for Securing Medical Devices Released
A critical subset of the ever-expanding internet of things (IoT), medical devices are increasingly vulnerable to attacks from botnets and malware, which is why the Cloud Security Alliance (CSA), in conjunction with the Open Web Application Security Project (OWASP), today announced the release of OWASP Secure Medical Device Deployment Standard V2.
Recognizing the increasing number of attacks that are targeting IoT devices, CSA and OWASP saw the growing need for increased security in deploying medical devices. Announced at Black Hat today, the newest guide has been updated to ensure improved security of devices used in healthcare facilities.
Developed in conjunction with the CSA IoT working group, version 2.0 contains many enhancements, particularly in regard to purchasing controls. With guidance from the Federal Drug Administration, the comprehensive updates focus on security audits and evaluation and privacy impact assessment. The changes to support evaluation controls are intended to better guide the secure deployment of medical devices within a healthcare facility.
"Too many of today's network-enabled security devices are still not being deployed with security in mind, exposing healthcare providers and their patients to data breaches at best and potential negative health consequences at worst. With ransomware and botnets targeting IoT devices, it is more essential than ever that devices are developed and deployed with security in mind," said OWASP project leader and author of the original paper Christopher Frenz in today’s press release.
The goal is to provide a clear roadmap that will ensure healthcare organizations follow best security practices for medical devices and IT systems. "The growth of electronic medical records and network-enabled devices has allowed healthcare providers to enhance their level of service and the efficiency with which they provide care. However, this same interconnectedness has opened a Pandora's box of security issues involving legacy systems and healthcare devices that were not designed with security in mind," said Hillary Baron, research program manager, CSA.
Source: Information Security Magazine