In-brief: In a damning report, the FDA said that St. Jude Medical* knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or other mitigations, or by replacing those devices. (Editor’s note: updated to include a statement from Abbott and comment from Dr. Kevin Fu. – PFR April 14, 2017)
In-brief: A website run by the National Health ISAC will serve as a clearing house for information on security vulnerabilities in medical devices, the first of its kind in the US.
In-brief: Cisco’s Marc Blackmer reports from the S4 Conference in Miami – one of the top gatherings of industrial control system security experts. Among the attractions this year: Justine Bone of the firm Medsec, the psychology of malicious insiders and a hackable “kegerator.”
In-brief: St. Jude Medical said on Monday that it patched a serious hole in a product used to program implantable medical devices like defibrillators. But researchers and a Wall Street investment firm say the company still has more holes to close.
In-brief: The FDA’s final guidance on cybersecurity for postmarket medical devicesmarks a departure from earlier drafts, focusing generically on cybersecurity risk management and jettisoning an early focus on the threat posed by “connected devices” that some considered too narrow.