Medicine

Securing Medical Devices, Rethinking OWASP’s Top 10 & BlackDuck CEO Lou Shipley

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what’s next for his company.

A Year Later: FDA approves Software Fix for Security Flaws in Pacemakers

In-brief: The FDA as approved a software update to software security holes in pacemakers made by Abbott. But doctors and patients will have to weigh the risks of apply the patch. 

Update: Cash for Medical Device Clunkers? Task Force calls for Healthcare Security Overhaul

In-brief: the U.S. healthcare sector is in critical condition and needs urgent, coordinated action to protect patient safety and address vulnerabilities in millions of deployed medical devices, a Congressional Task Force has concluded. (Updated with comments from Joshua Corman of Atlantic Council. PFR June 7, 2017)

Code Blue: 8k Vulnerabilities in Software to manage Cardiac Devices

Software used to remotely program implantable cardiac devices by a number of vendors is rife with exploitable software vulnerabilities that leave the devices vulnerable to attacks and compromise, according to a report by the firm Whitescope Inc.

Update: UK Hospitals among Victims of Massive Ransomware Attack

In-brief: Hospitals across England were forced to divert patients from emergency departments after suffering what has been described as a cyber attack involving ransomware, according to published reports and a statement from the UK’s National Health Service. (Editor’s Note: Updated to include information on the Wana ransomware. PFR May 12, 2017)