-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Murray wrote:
>> The problem was given a more concrete example by a colleague who >> pointed out that most medical hardware running on windows boxes is not >> only certified for windows only, but specific *patchlevels*, and that >> consequently these machines can get restored, taken down, reinstalled, >> and put back on the net with known vulnerabilities because their >> software is certified with vulnerabilities intact. > > If I were to find any critical piece of medical hardware connected to > the public internet it'd be very concerned indeed. Surely best practice > dictates that clinical networks are kept isolated from the > administrative networks & public internet? Happens all the time. I have slammed several medical organizations that I have audited that have major equipment accessible from the Internet (CT Scanners, MRIs, etc.), because the doctors demand full remote access to the device, so they can check images (etc.) from their home (or where ever). The dominant attitude is "the doctors get what the doctors want." Worse and even dumber, vendors want their equipment Internet accessible so they can do remote diagnostics. And don't even go do the "they should at least require a VPN" path. Too many small medical organizations have outsourced their IT operations, and they do not have the staff or competence to set up and maintain VPNs, add vendors and doctors on the fly, etc. As one medical IT person put it a few years ago, "You try to explain to a doctor over the telephone how to download, install, and configure the VPN software on his home computer at 3AM." So, we *definitely* have plenty of *stupid* out there, and with the big push for electronic medical records (which I strongly favor, but let's not go there now - -- and yes, all the issues associated with them terrify me!), the situation is going to get *FAR* worse before it gets any better. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrRzvwACgkQUVxQRc85QlNn5QCgjkIhkPkd0Ku5pb+9cJK+gxKC xKwAn39AFUp4c49Xh068Bfr6+8+64u95 =SgWn -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
