Because it is increasingly difficult to underestimate the “evil genius of modern cybercriminals,” Eracent, which develops asset management tools for software and IT, says it will provide organizations with healthcare organization a free tool that can automatically scan medical devices. ‘ bill of materials software and match listed components to vulnerable data in its product library.
WHY IT IMPORTANT
Starting October 1, the U.S. Food and Drug Administration announced that new medical device submissions must include a detailed cybersecurity plan for how manufacturers will track and resolve the issue. fix vulnerabilities.
As part of the Omnibus Allocation Act of 2022, this long-awaited measure gives the FDA the authority to request an SBOM with each medical device.
“An SBOM by itself is powerless and ineffective if it is not continually scrutinized by a proactive, automated process with instant visibility and vigilance in mitigating and address any component-level security weaknesses in the hardware/software device lifecycle.” Szablowski, founder and executive chairman of Eracent, in the announcement.
According to Eracent, the C-SCRM platform recognizes outdated components that can increase security risks, including open source software components in applications that cannot be scanned by standard vulnerability analysis tools. .
The US-based global enterprise network management company in Riegelsville, Pennsylvania, said it is providing access to its device analytics platform to help all areas of healthcare. affected by new medical device network security regulations.
Medical device vulnerabilities, such as holes in insulin pumps, defibrillators, portable heart rate monitors, pacemakers, and pain pumps in housings, can be exploited by Skilled hackers are looking to interfere with medical facility operations or compromise protected data.
They can also be dangerous to the patient’s health.
“The healthcare industry needs to appreciate the risks that may exist in the medical device software it uses, whether open source or proprietary. And medical device manufacturers need to acknowledge it. potential risks inherent in the products they offer,” said Eracent.
TREND TO BIGGER WOMAN
The original PATCH Act sought to impose a series of cybersecurity requirements on manufacturers applying for pre-market approval through the FDA, but this requirement was removed in the final bill last year. .
In September, the FBI issued recommendations to healthcare organizations to address cybersecurity vulnerabilities in active medical devices.
Still, risk analysis “remains a very manual and labor-intensive process,” said Kathy Hughes, CISO of Northwell Health, during a third-party cybersecurity panel at the Security Forum. HIMSS healthcare network in December 2022.
Automating the detection of medical device vulnerabilities that can help mitigate cybersecurity breaches that can impact operations and impact patient care is an important strategy for Healthcare IT this year.
ON PROFILE
“These new cybersecurity regulations tend to create a cascade effect that can sneak into a number of unsuspecting entities in and around the general medical-industrial complex,” Szablowski said in the announcement. “. “We are now providing medical providers and device manufacturers with unprecedented free access to our SBOM supply chain risk detection and endpoint analytics software solutions. we.”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
