https://www.healthcareitnews.com/news/fda-s-bill-materials-crates-cybersecurity-blind-spot-medical-devices
By Bill Siwicki
Healthcare IT News
October 09, 2019
The FDA’s cybersecurity bill of materials has major implications – both good
and bad – for healthcare provider organizations’ IT and security teams.
While it may seem like a no-brainer to allow manufacturers access to update
their own firmware in medical devices to improve cybersecurity, opening the
door to devices introduces a conflicting set of challenges.
The draft bill of materials guidance is aimed at having manufacturers disclose
other vendors’ software they may be using in addition to their own
software/firmware. The intent is to give the IT security staff more context on
the device software.
(On a related note, the FDA has issued a safety communication – aimed at
healthcare organizations, IT professionals, device manufacturers and patients –
warning of the cybersecurity vulnerabilities known as URGENT/11. The risk, FDA
officials said in the communication, is that URGENT/11, if exploited by a
remote attacker, could pose safety and security risks for connected medical
devices and hospital networks.)
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
