DHS Steps In As Regulator for Medical Device Security 123
mask.of.sanity writes "The Department of Homeland Security has taken charge of pushing medical device manufacturers to fix vulnerable medical software and devices after researchers popped yet another piece of hospital hardware. It comes after the agency pushed Philips to move to fix critical vulnerabilities found in its popular medical management platform that is used in a host of services including assisting surgeries and generating patient reports. To date, no agency has taken point on forcing the medical manufacturers to improve the information security profile of their products, with the FDA even dubbing such a risk unrealistic (PDF)."
DHS covering an awful lot these days ... (Score:5, Insightful)
It seems the DHS keeps expanding its mandate into ever broader areas.
And, quite frankly, that's a little creepy -- it's becoming this vast umbrella which has control over everything.
Re:DHS covering an awful lot these days ... (Score:5, Insightful)
It was assigned to the wrong DHS... this should fall under the Department of Health and Human Services (HHS [hhs.gov]). Someone needs to tell a director that Homeland Security is stealing a project that should be theirs (i.e. taking their power).
Re:manufacturers need to let os updates and AV sof (Score:5, Insightful)
manufacturers need to let os updates and AV software to be install on there systems if they want / need to be on the hospital network.
Because running untested software is a bad idea. Heath care systems and medical device software should get the benefits of updates and patches, but only after those updates have been tested for those specific systems and software. Whatever the vendor does prior to release is insufficient.
When entire hospital processes come to a halt because the latest AV update mistakenly identifies a core OS file as a trojan, you'll come back and say, why are manufactures letting updates to be installed on their systems?
As with many things, the best path is in the middle. Critical systems should be updated as preventative maintenance, but administrators cannot rely on vendor testing alone.
Re:DHS covering an awful lot these days ... (Score:5, Insightful)
As for DHS covering too many things.... DHS isn't really anything in itself. It's just an umbrella created after 911 to try and make connections between what where (and still are for the most part) essentially independent organizations that suffer from too much redundancy and tribalism. (Which is not to say the DHS is necessarily doing a good job of solving these problems).