Business News <\/p>\n
Because it is getting harder to underestimate “the evil genius of the modern-day cybercriminal,” Eracent, which develops asset management tools for software and IT, says it will offer healthcare organizations a no-cost tool that can automate the scanning of medical devices’ software bills of materials and match listed components to vulnerability data in its product library.<\/p>\n
WHY IT MATTERS<\/strong><\/p>\n Beginning October 1, the U.S. Food and Drug Administration announced that\u00a0new medical device submissions must contain a detailed cybersecurity plan<\/a>\u00a0for how manufacturers will monitor and address vulnerabilities.<\/p>\n Part of the\u00a02022 Omnibus Appropriations Act<\/a>, the long-awaited measure gives the FDA the authority to require the SBOM with each medical device.\u00a0<\/p>\n “An SBOM by itself is impotent and ineffective if it is not constantly scrutinized by an automated, proactive process with instant visibility and vigilance in mitigating and resolving any component-level security weaknesses across the life cycle of the hardware\/software device,” said Walt Szablowski, Eracent founder and executive chairman, in the announcement.<\/p>\n The C-SCRM platform recognizes obsolete components that can increase security risks, including open-source software components within applications that standard vulnerability analysis tools do not scan, according to Eracent.<\/p>\n The global enterprise network management company, with its U.S. base in Riegelsville, Pennsylvania, says that it is offering access to its device-analytics platform to get all healthcare sectors affected by new medical device cybersecurity regulations on the road to compliance.<\/p>\n Medical device vulnerabilities, such as ones in insulin pumps, defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, can be exploited by skilled hackers seeking to interfere with a medical facility\u2019s operations or compromise protected data.<\/p>\n They can also endanger patient health.<\/p>\n “The healthcare industry needs to appreciate the risks that may exist in the medical device software they use, whether open-source or proprietary. And medical device manufacturers need to acknowledge the potential risks inherent in the products they offer,” Eracent said.<\/p>\n THE LARGER TREND<\/strong><\/p>\n The PATCH Act<\/a>\u00a0initially sought to impose a series of cybersecurity requirements for manufacturers applying for premarket approval through the FDA, but the requirement was dropped in the final bill this past year.<\/p>\n In September, the FBI offered healthcare organizations recommendations\u00a0for addressing cybersecurity vulnerabilities in active medical devices<\/a>.<\/p>\n However, risk analysis is “still a very manual and labor-intensive process<\/a>,” said Kathy Hughes, CISO of Northwell Health, during a panel on third-party cybersecurity at the December 2022 HIMSS Healthcare Cybersecurity Forum.<\/p>\n Automating the discovery of vulnerabilities presented by medical devices can help minimize cybersecurity breaches that can impact operations and affect patient care is\u00a0an important strategy for healthcare IT this year<\/a>.<\/p>\n ON THE RECORD<\/strong><\/p>\n “These new cybersecurity regulations tend to have a cascade effect that may sneak up on some unsuspecting entities in and around the aggregate medical-industrial complex,” said Szablowski in the announcement. “We are now offering medical providers and device manufacturers unprecedented free access to our SBOM supply chain risk end-point discovery and end-point analysis software solutions.”<\/p>\n Andrea Fox is senior editor of Healthcare IT News.
\nEmail:\u00a0af**<\/span>@***<\/span>ss.org<\/span><\/a><\/em>
Healthcare IT News is a HIMSS Media publication.<\/em><\/p>\n<\/div>\n