Forgot your password?
typodupeerror
Government Medicine Security United States Technology Your Rights Online

DHS Steps In As Regulator for Medical Device Security 123

Posted by timothy
from the handicapper-general dept.
mask.of.sanity writes "The Department of Homeland Security has taken charge of pushing medical device manufacturers to fix vulnerable medical software and devices after researchers popped yet another piece of hospital hardware. It comes after the agency pushed Philips to move to fix critical vulnerabilities found in its popular medical management platform that is used in a host of services including assisting surgeries and generating patient reports. To date, no agency has taken point on forcing the medical manufacturers to improve the information security profile of their products, with the FDA even dubbing such a risk unrealistic (PDF)."
This discussion has been archived. No new comments can be posted.

DHS Steps In As Regulator for Medical Device Security

Comments Filter:
  • by gstoddart (321705) on Thursday January 17, 2013 @10:29AM (#42616109) Homepage

    It seems the DHS keeps expanding its mandate into ever broader areas.

    And, quite frankly, that's a little creepy -- it's becoming this vast umbrella which has control over everything.

  • by Anonymous Coward on Thursday January 17, 2013 @10:38AM (#42616175)

    It was assigned to the wrong DHS... this should fall under the Department of Health and Human Services (HHS [hhs.gov]). Someone needs to tell a director that Homeland Security is stealing a project that should be theirs (i.e. taking their power).

  • by mcmonkey (96054) on Thursday January 17, 2013 @11:02AM (#42616379) Homepage

    manufacturers need to let os updates and AV software to be install on there systems if they want / need to be on the hospital network.

    Because running untested software is a bad idea. Heath care systems and medical device software should get the benefits of updates and patches, but only after those updates have been tested for those specific systems and software. Whatever the vendor does prior to release is insufficient.

    When entire hospital processes come to a halt because the latest AV update mistakenly identifies a core OS file as a trojan, you'll come back and say, why are manufactures letting updates to be installed on their systems?

    As with many things, the best path is in the middle. Critical systems should be updated as preventative maintenance, but administrators cannot rely on vendor testing alone.

  • by timeOday (582209) on Thursday January 17, 2013 @11:47AM (#42616883)
    What does HHS or FDA know about computer security? Nothing. It is a technical niche. Trying to independently stand up a computer security audit group within every niche of government just because they all use computers is crazy.

    As for DHS covering too many things.... DHS isn't really anything in itself. It's just an umbrella created after 911 to try and make connections between what where (and still are for the most part) essentially independent organizations that suffer from too much redundancy and tribalism. (Which is not to say the DHS is necessarily doing a good job of solving these problems).

I'd rather just believe that it's done by little elves running around.

Working...