http://healthitsecurity.com/2013/02/27/cio-weighs-the-dilemma-of-medical-device-security-updates/ By Patrick Ouellette Health IT Security February 27, 2013 As John D. Halamka, MD, is CIO of Beth Israel Deaconess Medical Center (BIDMC), notes in a recent blog post, dealing with medical device security can certainly be a hassle for CIOs on a number of levels. One of the major barriers in securing these devices is the fact that many healthcare organizations’ legacy systems are out of date and need to be replaced or somehow updated. Halamka mentioned an example of devices that BIDMC uses from a major manufacturer that internally use Windows NT as the operating system (OS) and the Apache 1.0 web server. There are no patches around to help protect these devices from hacks and malware. So instead, Halamka and BIDMC have built device firewalls for safeguards. It’s safe to say that not every organization has the expertise and resources available to build these firewalls on the fly, so this remains a huge issue. Furthermore, manufacturers rarely allow product mappings that would allow these executives to form and manage the firewalls. FDA 501k certification is another hurdle that organizations need to deal with, as manufacturers have stated that an upgrade or software patch would require re-certification. Of course, there are two sides to every story and the FDA claims that both organizations and manufacturers have to collaborate in keeping these devices secure. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Sun Mar 03 2013 - 22:42:29 PST
This archive was generated by hypermail 2.2.0 : Sun Mar 03 2013 - 22:33:39 PST