Yep, just talked to my higher up about this very thing. The FDA card you can't do anything to the device stuff doesn't really hold water. Honestly a lot of healthcare areas this is a major problem. The issue is vendors aren't willing to do the proper risk management and security hardening of the system prior to loading the applications, and continuing test and validate their patches over the SDLC of the product. Also with the Healthcare providers, either relying on vendors to do their risk management, turning a blind eye or somewhere in between all in violation of HIPAA.
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Michael B. Smith [mailto:[email protected]] Sent: Wednesday, October 17, 2012 8:07 PM To: NT System Admin Issues Subject: RE: Wow! Don't Get Sick! I've got two healthcare clients where this is a major problem. They don't even attempt to debug. If someone reports a problem, any problem, they immediately re-image; and then forensically examine network traces and log files to see if any info can be gleaned. From: Roger Wright [mailto:[email protected]] Sent: Wednesday, October 17, 2012 3:15 PM To: NT System Admin Issues Subject: Wow! Don't Get Sick! http://www.technologyreview.com/news/429616/computer-viruses-are-rampant -on-medical-devices/ Roger Wright ___ Congressional Mantra: Spending will continue increase until deficits improve. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
