April 2022 Update

A lot continues to happen in the cybersecurity field and here are a few things I think are worth highlighting, plus some notes on my current activities.

– As of the writing, the situation in Ukraine is awful and still could have cybersecurity implications for the U.S., as well as Ukraine. See DHS bulletin at https://publicintelligence.net/dhs-ukraine-invasion-cyber-attacks/.

– federal Cybersecurity and Infrastructure Security Agency (CISA) (https://www.cisa.gov) continues to generate advice, including a series of insights at https://www.cisa.gov/insights

– ECRI Top 10 Health Technology Hazards for 2022 – https://www.ecri.org/top-10-health-technology-hazards-2022-executive-brief. (Number 1 is “Cybersecurity Attacks Can Disrupt Healthcare Delivery, Impacting Patient Safety”)

– I’m assisting a medical software startup with setting up its cybersecurity program for its Software as a Medical Device (SaMD) product. 

– I’m doing program management work related to Public Key Infrastructure for a large Silicon Valley technology company. Lots to do to maintain compliance with WebTrust and CAB Forum requirements.

– RSA Conference (https://www.rsaconference.com/usa) and BSidesSF (https://bsidessf.org) in San Francisco are deferred from February to June 2022. I’ll probably volunteer again at BSidesSF, assuming it is reasonably safe with respect to COVID-19. Maybe hang out on the exhibit floor at RSA for a day.

This Spring and Summer there’s a lot going on relative to cybersecurity for medical devices. Check these out…

FDA Document Details Cyber Expectations for Device Makers – https://www.govinfosecurity.com/fda-document-details-cyber-expectations-for-device-makers-a-18863

Senators Introduce PATCH Act to Ensure Medical Device Security – https://healthitsecurity.com/news/senators-introduce-patch-act-to-ensure-medical-device-security

Model Contract-Language for Medtech Cybersecurity (MC2) – https://healthsectorcouncil.org/model-contract-language-for-medtech-cybersecurity-mc2/

CyberMed Summit: Policy Prescriptions & Pandemic Lessons Learned (April 14) – https://www.cybermedsummit.org

Defcon 30 Biohacking Village – is targeted for August 11-14 in Las Vegas. We’ll see whether that actually happens and how risky it may be to attend, depending on the status of COVID-19. https://www.villageb.io