medical devices | Software Associates.

Why Microsoft Windows is a bad idea for medical devices

Posted in: Physical security|Tags: Application security, data security, embedded, FDA, HIPAA, medical devices, Security engineering|By: Danny Lieberman|June 22, 20111 Comment

I’m getting some push back on LinkedIn on my articles on banning Microsoft Windows from medical devices that are installed in hospitals – read more about why Windows is a bad idea for medical devices here and here. Scott Caldwell tells us that the FDA doesn’t rule “out” or “in” any particular technology, including Windows …

The ethical aspects of data security

Posted in: Anti-Fraud, Compliance|Tags: data security, DLP, ethics, medical devices, Software security|By: Danny Lieberman|June 14, 20112 Comments

Ethical breaches or data breaches. I was standing in line at Ben Gurion airport, waiting for my bag to be x-rayed. A conversation started with a woman standing next to me in line. The usual sort – “Where are you traveling and what kind of work do you do?”. I replied that I was traveling …

Why outlawing Windows from embedded medical devices is a good idea

Posted in: Information security|Tags: FDA, medical devices, Microsoft, Software security|By: Danny Lieberman|June 11, 20112 Comments

In a previous post The Microsoft Monoculture as a threat to national security, I suggested that the FDA might consider banning Windows as an operating system platform for medical devices and their accompanying information management systems. One of my readers took umbrage at the notion of legislating one monoculture (Microsoft) with another (Linux) and how …

Medical device security in a hospital network

Posted in: Compliance|Tags: Buggy software, HIPAA, hospitals, Linux, medical devices, Microsoft, software design, Windows|By: Danny Lieberman|June 7, 2011No Comments

Medical devices are everywhere today. In your doctors office measuring your blood pressure, at your cosmetician (for hip reduction…) and in the hospital for everything from patient monitoring to robot-assisted surgery. The people that develop embedded medical devices based on Intel platforms know that Windows is vulnerable. Lacking embedded Linux know-how, medical device developers often …

Mobile device security challenges

Posted in: Compliance, Data leakage|Tags: android, iPhone, medical devices, mobile|By: Danny Lieberman|February 9, 20116 Comments

It has been said that there is nothing new under the sun and that every generation forgets or never learned the hard-earned lessons from the spilled blood of the previous generation. Reviewing the security and compliance issues of a new mobile medical device recently, I was struck by how familiar many of the themes are. …

Medical device security trends

Posted in: Software security|Tags: Cloud computing, Cloud security, data loss prevention, HIPAA, medical devices, Pharmaceutical, Privacy, Software security, Threat modeling|By: Danny Lieberman|January 17, 201110 Comments

Hot spots for medical device software security I think that 2011 is going to be an exciting year for medical device security as the FDA gets more involved in the approval and clearance process with software-intensive medical device vendors. Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams and …

Archives