Healthcare

FDA Will Regulate Some Apps As Medical Devices

In an important move, the U.S. Food And Drug Administration (FDA) has released final guidance to mobile application developers that are creating medical applications to run on devices like the iPhone and Android mobile devices. Some applications, it said, will be treated with the same scrutiny as traditional medical devices.* The statement is the final word from the FDA on the approach it will take when enforcing federal regulations regarding the safety of medical devices to the large and fast-growing category of medical applications. The agency said on Monday that, while it doesn’t see the need to vet “the majority of mobile apps,” because they pose “minimal risk to consumers,” it will exercise oversight of mobile medical applications that are accessories to regulated medical devices, or that transform a mobile device into a regulated medical device. In those cases, the FDA said that mobile applications will be assessed “using the same […]

hidden_lynx thumbnail image

APT-For-Hire: Symantec Outs Hidden Lynx Hacking Crew

This site and others have been writing about the “Advanced Persistent Threat” problem, which has generally been treated as a euphemism for the government and military of The People’s Republic of China or – in some cases – Russia, Iran, North Korea or other un-friendlies. Firms like Mandiant have taken pains to separate the concept of APT from run of the mill cyber criminal hacking groups whose motivation is profit, rather than the acquisition of information that can be used to advance geopolitical or economic goals. Cyber criminal groups may well use “advanced” in their attack methods and “persistent” in their efforts to compromise victim networks, but they weren’t “APT.” Now Symantec Corp. has put a fly into that ointment: publishing a report that pulls the covers off an APT group dubbed “Hidden Lynx” that it claims is responsible for some of the most sophisticated and large scale hacks of […]

Insecure At Any Speed: Are Automakers Failing The Software Crash Test?

Editor’s Note: You can view the rest of my conversation about application and supply chain security, featuring Joshua Corman of Akamai and Chris Wysopal of Veracode by visiting Veracode’s web site. – PFR  You’re in the market for a new car, and you’ve made a list of the features you want: a cool, tablet style interface for the audio and navigation system, side impact airbags for the front and rear compartment, a pop-up third row of seating. Heck, maybe you even want to hold out for the automatic seat temperature control that some Lexus cars now come with. While you’re at it, how about some secure software, too? That last item probably isn’t on most buyers’ check list today, but it may be soon, according to two, prominent security experts: Chris Wysopal, of Veracode, and Joshua Corman of Akamai. Speaking on Talking Code, an exclusive video hosted by The Security Ledger […]

SANS’ Pescatore: Security Needs Rethink For Internet Of Things

Our friends over at InfoSecurity Magazine have an interesting interview with SANS’ Director of Emerging Security Trends John Pescatore about security and The Internet of Things. Pescatore gets a somewhat skeptical hearing from the enterprise-focused IT security publication. (“Granted, it’s unlikely that anyone would be sending a car an email with a malicious executable, but that doesn’t mean there aren’t threat vectors for hackers to exploit,” InfoSecurity opines, by way of an introduction. Oh really?) But Pescatore brings a “deep field” view to this topic, noting that the security issues around IoT are already upon us in the spent almost two decades as Gartner’s Obi-Wan Kenobi for security, where he advised companies and technology vendors on the best way to navigate the shifting sands of the IT security space. Speaking to InfoSecurity, Pescatore says the 100,000 foot message is: ‘let’s learn from our mistakes.’ Specifically, that means not looking at intelligent devices, including […]

FDA: Medical Device Makers, Hospitals Need To Boost Cyber Security

The U.S. Food and Drug Administration (FDA) has issued guidance to medical device makers and hospitals that use their products to pay more attention to cyber security and the potential for cyber attacks on vulnerable medical instruments.   The FDA released its “Safety Communication for Cybersecurity for Medical Devices and Hospital Networks” on Thursday – the same day that the Department of Homeland Security’s ICS (Industrial Control System) CERT issued a warning about the discovery of hard coded “back door” passwords in some 300 medical devices from 40 separate vendors, including drug infusion pumps, ventilators and patient monitoring systems. The FDA said it expects device makers to “review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device. Hospitals were instructed to harden […]