Improved Standards for Securing Medical Devices Released


A serious subset of the ever-growing internet of things (IoT), medical devices are consistently growing more vulnerable to attacks from botnets and malware. This is why the Cloud Security Alliance (CSA), in conjunction with the Open Web Application Security Project (OWASP), have recently announced the release of OWASP Secure Medical Device Deployment Standard V2.

A Need for Increased Security with Medical Devices

Making note of the growing number of attacks that are targeting IoT devices, CSA and OWASP saw an increasing need for more security in deploying medical devices. Recently, at Black Hat, it was announced that the latest guide has been updated to ensure improved security levels of devices used in healthcare facilities.

Developed in conjunction with the CSA IoT working group, there are many enhancements to version 2.0, especially when referring to purchasing controls. Under the wings of the Federal Drug Administration, the thorough updates place to focus on security audits, as well as evaluation and privacy impact assessment. The changes to support evaluation controls are there to help guide the secure deployment of medical devices within a healthcare facility.

The Necessity of Better Security

“Too many of today’s network-enabled security devices are still not being deployed with security in mind, exposing healthcare providers and their patients to data breaches at best and potential negative health consequences at worst. With ransomware and botnets targeting IoT devices, it is more essential than ever that devices are developed and deployed with security in mind,” said OWASP project leader and author of the original paper Christopher Frenz in the press release.

The aim here is to offer a clear roadmap that will ensure healthcare organisations follow best security practices for medical devices and IT systems. “The growth of electronic medical records and network-enabled devices has allowed healthcare providers to enhance their level of service and the efficiency with which they provide care. However, this same interconnectedness has opened a Pandora’s box of security issues involving legacy systems and healthcare devices that were not designed with security in mind,” said Hillary Baron, research program manager, CSA.

Join us for ECC UK

Join us in September for The UK’s leading Enterprise Cloud Computing, DevOps and Data Centre Management Conference. This event is a must-attend for senior technologists including CIOs, CTOs, directors of infrastructure, VPs of technology, IT directors and managers, network and storage managers, network engineers, enterprise architects and communications and networking specialists.