medical devices Archives

medical devices

Wireless Infusion Pump is Test Case for Securing Medical Devices

December 29, 2014 Paul Roberts

A National Institute of Standards and Technology (NIST) reference document is providing some of the clearest guidance from the U.S. government for securing connected medical devices, but may be setting too low a bar for securing wireless communications, according to a security expert. NIST, working with the University of Minnesota’s Technological Leadership Institute, released a draft Use Case document (PDF) on December 18 to help health care providers “secure their medical devices on an enterprise networks.” However, in the area of communications security, the document suggests the use of WEP (Wired Equivalent Privacy), a legacy wireless security technology that can easily be cracked. NIST released the draft security use case document and is seeking feedback from the public. The drug infusion pump case study is described as the “first of a series” of similar use cases that will focus on medical device security, NIST wrote. The draft document presents a technical description of the security challenges […]

The IoT Comes To Chicago: IoT World Forum

October 14, 2014 Paul Roberts

The Internet of Things is increasingly an industry unto itself, with the conferences to prove it. And “no,” I’m not just talking about The Security of Things Forum – Security Ledger’s own IoT and security show. (Videos from our first annual show are now available, by the way. Register to view them here.) No: there are forums and symposiums focused on all different aspects of IoT: smart cities, design, wearables, and so on. There’s O’Reilly’s Solid, GigaOm Structure and any number of smaller, regional events. I’m at one of the more prominent IoT shows this week: The Internet of Things World Forum (IoTWF), which is sponsored by Cisco Systems. I’m moderating a really interesting panel that addresses a critical issue: the ways in with information technology (IT), operations technology (OT) and consumer technology (CT) converge in the IoT. These are three areas that, until recently, were separate. But a variety of developments […]

FDA Seeks Collaboration on Medical Device Security

September 24, 2014 Paul Roberts

The U.S. Food and Drug Administration (FDA) on Tuesday put out a call for ideas and input on how best to secure medical devices and the healthcare system from cyber attack. In a federal notice, the FDA announced that it will hold an October workshop entitled “Collaborative Approaches for Medical Device and Healthcare Cybersecurity.” It also solicited input from stakeholders within the government and from the public health sector on medical device and healthcare cyber security. The workshop is scheduled for October 21 and 22 and will run from 9:00 AM to 5:00PM at the National Intellectual Property Rights Coordination Center Auditorium in Arlington, Virginia. [Read more Security Ledger coverage of connected medical devices here.] The Department of Health and Human Services (HHS) is looking for ideas about how best to implement aspects of both Executive Order 13636 for“Improving Critical Infrastructure” and follow-on guidance like the National Institute of Standards and Technology’s (NIST’s) “Framework for Improving […]

New England IoT: A Conversation Next Week On Cloud, Security and Internet of Things

September 12, 2014 Paul Roberts

One of the challenges of talking about security in the context of Internet of Things is that the Internet of Things (IoT) isn’t a discrete technology, but an umbrella phrase that encompasses a lot of separate innovations: mobility, inexpensive sensors, wireless connectivity, Big Data and so on. One of the biggest moving parts in the IoT puzzle is cloud computing. Cloud infrastructure – whether its Amazon’s Elastic Compute Cloud (EC2) or Google or any of the thousands (millions?) of private cloud – is the back end for almost every IoT product. That presents both opportunities and real challenge for companies that are looking to leverage IoT in their workplace. Next week, I’m going to moderate a panel at an event here in Boston where we’ll tackle some of these issues head-on. The event: The Connected Cloud Summit is taking place in Boston on Thursday, September 18 at The State Room in downtown Boston. […]

Exploding Gas Tanks: Risk, Liability and Internet of Things

September 5, 2014 Paul Roberts

We like to construct Hollywood friendly plots around a lot of the seminal moments in our collective history. For Civil Rights, we like to picture the integration of Little Rock High School, Rosa Parks’ courageous protest on a Montgomery bus or the March on Washington. For environmentalism, we talk about Rachel Carson’s Silent Spring or, maybe, the burning Cuyahoga River in Cleveland. (This vintage news footage of the 1969 fire calls it the fire that “sparked the environmental movement” without any apparent irony.) For automobile safety, we imagine Ralph Nader and the image of a 1972 crash test that shows the gas tank of the Ford Pinto exploding in a rear impact collision, engulfing both cars in flames. But those memories are often way oversimplified. Little Rock and the Montgomery bus boycott were just two battles in a fight for civil rights that went back to the end of the Civil War. Likewise, the Cuyahoga […]