Medical Device Security in the News Again

Posted by Rebecca Santorios on January 7, 2016


As the premier provider of HIPAA and GxP compliant cloud hosting, ByteGrid helps companies avoid security and compliance pitfalls. Health care and life science systems need special consideration, and we’ve built our company specifically to make sure that these systems can be deployed safely in the cloud. HIPAA and GxP compliance is what we do. We only offer services that are compliant with HIPAA and GxP requirements.

FDA warns against insecure devices

Hospira’s insulin pumps have made cybersecurity news since researchers started noticing vulnerabilities in these devices. Last week, the FDA issued a warning about these devices, again after a cybersecurity researcher highlighted their faults.

The warning came as a result of an ICS-CERT report that lists serious flaws in the device. This reads like a list of what not to do:

  • Insufficient authentication of data, specifically software updates
  • Lack of sufficient user authentication
  • Hard-coded passwords that amateurs could hack
  • Clear text storage of sensitive information

One of the most frequently highlighted flaws is the failure to ensure that application updates come from a secure, authenticated server. Compliant cloud hosting offers the perfect environment for sending updates to regulated applications. Coupled with appropriate authentication at the device, you’ve a safe way to keep everything up to date.

Compliant Cloud Hosting Protects Health Applications

Carefully developed software will avoid many of these obvious shortcomings, but no application can provide an absolute security guarantee. Compliant cloud hosting helps to ensure application security, but it does more than that. It helps companies respond appropriately in the event a vulnerability is detected. More importantly, it shows customers and regulatory agencies that the company is already taking the right steps to avoid software problems.

In its warning, the FDA recommends that the application’s users take specific actions, and you’ll find these are standard operating procedures for compliant datacenters:

  • Restricting unauthorized access to the network
  • Making certain appropriate antivirus software and firewalls are up-to-date
  • Monitoring network activity for unauthorized use
  • Protecting individual network components through routine and periodic evaluation, including updating security patches and disabling all unnecessary ports and services.
  • Developing and evaluating strategies to maintain critical functionality during adverse conditions

Regulated applications aren’t secure if they’re not deployed in a secure fashion. Compliant cloud hosting is the best way to keep health applications safe, and to protect your business if you’re manufacturing or using these apps.

Partner with ByteGrid and experience the benefit of compliant cloud hosting for yourself.