Security News

The US federal government is considering several proposals to regulate medical device cybersecurity compliance to counteract the frequent and clinically impactful cyberattacks experienced by healthcare systems across the country. The document provides device manufacturers with guidance on how to approach cybersecurity for device design and associated premarket submissions.

Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. In a notification to watchdogs last Friday, Pennsylvania's largest primary care group said a "Sophisticated" ransomware crew breached its network security, giving it access to 75,628 individuals' names, addresses and Social Security numbers along with their medical records.

Google on Friday pledged to update its location history system so that visits to medical clinics and similarly sensitive places are automatically deleted. Google keeps a log of its users whereabouts, via its Location History functionality, and provides some controls to delete all or part of those records, or switch it off.

Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month.Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that contained "Protected health information," the company revealed in a letter to affected clients on June 3.

In this interview with Help Net Security, Paige Hanson, Chief of Cyber Safety Education at NortonLifeLock, talks about the risks posed by medical ID theft, the repercussions of such criminal activity, and what people as well as organizations can do to protect valuable medical information. Even more worrisome than the possible financial cost of medical identity theft is the potential risk it poses of mingling an identity thief's health information with your own.

In the hopes of helping security professionals better address cybersecurity and regulation, we conducted the 2022 Medical Device Cybersecurity: Trends and Predictions Survey Report, speaking to 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry, to learn about their biggest challenges and how they plan to address them. As medical regulation around cybersecurity catches up with today's complex device software ecosystem and new and emerging threats, it is likely that organizations will have a better benchmark with which to determine their security posture.

Built and supported by vast communities of developers, OSS has become the ubiquitous building block of devices and apps in the general information technology community where 92% of applications now contain open source software - and medical devices have been catching up with that trend over the past few years. One open source library could be pulling in any number of dependencies: other open source libraries in a potentially long chain that also need to be examined.

The French data protection authority fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR. Dedalus Biology provides services to thousands of medical laboratories in the country and the fine is for exposing sensitive details of of 491,939 patients from 28 laboratories. More specifically, during migration from the software of a different vendor, at the request of two medical laboratories, Dedalus extracted more information than required.

Cybellum released a survey report about medical device cybersecurity, along with trends and predictions for 2022. Medical device cybersecurity has become an extremely complex challenge.

Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines. Cynerio did find "Several" hospitals in the US and globally that were using the internet-connected robots, and in each of these cases the researchers could exploit the vulns to remotely control the robots from the Cynerio Live research lab.