Published by
@ShahidNShah
@ShahidNShah
Improving Medical Device Vulnerability Scoring
Newly updated Food and Drug Administration guidelines will help experts to more accurately score and communicate the criticality of security vulnerabilities identified in medical devices, says Elad Luz, head of security research at CyberMDX.
The FDA's new resource, "Rubric for Applying the Cybersecurity Common Vulnerability Scoring System To Medical Devices," was developed by the agency and The Mitre Corp. and unveiled in October.
When used with the cybersecurity standard CVSSv3.0, the FDA tool provides a common framework for risk evaluation and more accurate severity scoring of security vulnerabilities identified in medical devices by researchers such as Luz, as well as manufacturers, regulators and others, he says.
"CVSS is a widely adopted method for evaluating software vulnerabilities," including those used in more general IT products, Luz notes.
"The problem is that when you use CVSS for medical devices ... you will find unclear areas" that cause disagreements among researchers, manufacturers and regulators about the severity of security vulnerabilities identified in healthcare gear and the risk to patient safety, he says.
Continue reading at healthcareinfosecurity.com
Make faster decisions with community advice
- AI Leads Way to Less False Positives on Remote Cardiac Monitoring Devices, Improved Results -
- Election 2020: Watching the key races for healthcare
- Informaticians Working on e-Referrals to Community-Based Organizations
- Oncology practice uses AI to significantly improve end-of-life care
- Predictive models can help stratify patient risk during and after COVID-19
Next Article
-
Informaticians Working on e-Referrals to Community-Based Organizations
As health systems move into the world of addressing social needs or increasing connections with social service agencies, informaticians are researching how to use data to predict which patients could …
Posted Nov 4, 2020 Informatics Community Based Approach
