News &
Information

Upgrades And Updates: Why Smart Organizations Stay On Top Of Both

Some experts are warning users about the risk of the iPhone's new contact-sharing feature. We examine cyberthieves' methods for obtaining personal or organizational information.

Human Error And Password Security

Most adverse cyber events are caused by human error. We examine common errors that lead to significant breaches.

Infiltration Of Malware Can Occur Even When Phishing Is Flagged

A school district suffers disruptions and millions in damages and repairs. What makes the matter a tragedy is that employees properly flagged the email as suspicious. We explain.

Due Diligence Of Cybersecurity Vendors And Safeguarding IOT

To increase his company's cybersecurity business, a COO breached hospitals' networks. We discuss this odd case and how to better protect networks by strengthening IOT safeguards.

New Cyber Protection Rules For Medical Devices

The federal government has instituted a new set of federal guidelines regarding the cyber vulnerabilities of medical devices. This includes new guidelines that allow the FDA to "not accept" devices that are at risk for cybersecurity breaches.

The new guidelines allow the agency to vet all new devices as well as recall those determined to be at risk for cyber vulnerabilities. This requires all vendors to update software, marketing materials, and to have a plan to actively "monitor, identify and address cyber vulnerabilities" on any devices currently on the market.

The gravest concern is the threat of hackers taking control of these devices remotely - putting patients' lives in jeopardy. Addressing cybersecurity in the medical field has been an area of concern for some time now, with many calling for more government "policing". Christian Vasquez, "FDA cyber mandates for medical devices goes into effect", www.cyberscoop.com (Oct. 02, 2023).

 

Commentary

 

The September 27, 2023, guidelines are in response to the growing number of attacks in the healthcare and life science industries. The guidance is broad and includes all devices with a software function, which contain software or programmable logic, and are network-enabled are included – from thermometers to advanced diagnostic devices.

The guidelines call for more device labeling – it should include an accurate description of the device's cyber risks, understandable by the "average user". Potential fines, injunctions, civil and criminal penalties can result from a failure to include proper cyber warnings on the label.

On November 02, 2023, the FDA is holding a webinar at 1:00 p.m. ET for industries and stakeholders who want to learn more about the guidance.



 

 

Finally, your opinion is important to us. Please complete the opinion survey: