Tag Archive for: Thomas

The PATCH Act: Protecting Medical Devices from Cyber Attacks | Spilman Thomas & Battle, PLLC

/in


INTRODUCTION
In a previous issue of Decoded, we discussed the alarming fact that many medical devices, including those implanted in patients’ bodies, are leaving the manufacturers with known cybersecurity flaws. Due to these known flaws, these devices are vulnerable to being hacked, and patients’ personal/protected health information (“PHI”) stolen; or worse, the device being held hostage in a ransomware attack. In hopes of preventing a medical disaster associated with unprotected medical devices, this year, the House and the Senate are considering companion bills intended to significantly improve security and safety for medical devices. Senate Bill 3983, the “Protecting and Transforming Cyber Health Care Act” or “PATCH Act,” and the House companion, the PATCH Act of 2022, H.R. 7084, are currently under consideration in their respective Committees. The PATCH Act represents a major step forward in securing networkable medical devices, but there are significant shortcomings in the way it addresses the ever-evolving threat of cybersecurity vulnerabilities in those medical devices.

A PROBLEMATIC DEFINITION OF “CYBER DEVICE”
At the outset, the PATCH Act must define what medical devices it intends to cover. Medical devices come in all shapes and sizes – from implanted devices such as a pacemaker or a child’s RFID tag, to robotic assisted surgical equipment such as the Da Vinci, or even MRI or X-Ray imaging machinery. These devices are known to be vulnerable to cyberattacks, with a wide range of medical impacts and risks to health and safety. With the PATCH Act, Congress is trying to address vulnerabilities of all of these devices under the simple umbrella of “cyber devices.”

The PATCH Act defines a “cyber device” as “a device that (A) includes software; or (B) is intended to connect to the internet.” This definition demonstrates the complexity of the issue, because it includes amorphous terms. What constitutes “software” in this context? Is software specific computer programing, or does it include passive RFID chip technology? Title 21 of the United States does not otherwise define “software” as a standalone term. Likewise, the phrase “intended…

Source…

Finite State hires Thomas Bain as EVP of Marketing

/in


Finite State announced it has hired Thomas Bain as Executive Vice President of Marketing.

Finite State Thomas Bain

Bain will be responsible for building out Finite State’s strategic go-to-market framework to help strengthen the brand, drive pipeline, and increase awareness to further Finite State’s unique leadership position in securing the connected product ecosystem.

Too few organizations have considered the downstream impact product security has on today’s threat landscape. In a recent survey, more than half of respondents said their customers don’t even request detailed information about the components in their devices. Risk has grown so large that the Justice Department recently disrupted a Russian-controlled botnet of thousands of infected network hardware devices.

“The cybersecurity industry protects our global economy, yet many organizations are still not paying enough attention to threats against IoT devices,” Bain said. “Finite State is uniquely positioned to secure this emerging market and help organizations automate the risk assessment and management process for connected devices. By automating the generation and review of the Software Bill of Materials (SBOMs) for these devices for both device manufacturers and asset owners, Finite State supports organizations in preventing firmware vulnerabilities from being exploited, while addressing a massive-scale cybersecurity market opportunity.

“The cybersecurity landscape has changed considerably since I started out more than 18 years ago. Threats have become much more complex and dynamic. Product security teams are struggling to keep up, and we need to show them that we can help build security into their solutions. This has the potential to substantially reduce risk and support efficient device innovation and device management at scale across many verticals.”

Bain has held senior marketing positions at leading cybersecurity firms including Cyware, RiskRecon (acquired by Mastercard), Morphisec, CounterTack (now GoSecure), Security Innovation, and Application Security, Inc. (acquired by Trustwave). He’s an established thought leader, having presented at cybersecurity conferences including Evanta, Hacker Halted, Global…

Source…

Greetings and Felicitations – Aly McDevitt on Ransomware Case Study, Part 1 | Thomas Fox – Compliance Evangelist

/in


Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this episode, I begin a two-part series with Aly McDevitt, Data & Research Journalist at Compliance Week, and deep dive into her series case study on a ransomware attack on a fictional company.

Highlights include: (1) Why this subject matter for a deep dive? (2) The research that went See more +

Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this episode, I begin a two-part series with Aly McDevitt, Data & Research Journalist at Compliance Week, and deep dive into her series case study on a ransomware attack on a fictional company.

Highlights include: (1) Why this subject matter for a deep dive? (2) The research that went into the piece. How many people were interviewed, and how long was the research process? (3) Writing style. Locked yourself in a room and not coming out until it’s done or more collaborative approach with an editor? (4) Story Synopsis- how common is Betty’s mistake? (5) What is the role of the CIRT and MSSP? How critical was VE’s preparation to its ability to respond?

Tune in to the Greetings and Felicitations podcast for the 2-part series with Aly McDevitt on Ransomware Case Study in Compliance Podcast Network. #GreetingsandFelicitations #RansomwareCaseStudy #AlyMcDevitt #CPN See less –

Source…

St. Thomas move to ditch in-person voting in 2022 draws concern from local cybersecurity expert – London

/in


Voters in St. Thomas, Ont., won’t be heading to the polls in 2022 as they have in years past to cast their ballot in a municipal election.

City officials say they’re doing away with in-person paper ballots in favour of online and telephone voting next year in a bid to make the experience more convenient for residents and to spark greater voter turnout.

St. Thomas offered online voting during the 2018 election, but only in advanced polls alongside telephone voting. For election day itself, voters had to cast a ballot in person.

“It worked really, really well. The time people were online in order to do it (was) under five minutes. Our election day, we used the paper ballot and we heard a lot of people about long line-ups and not convenient polling stations,” said St. Thomas Mayor Joe Preston of the 2018 election.

Story continues below advertisement

“We’re going to make it so that you can vote from your La-Z-Boy or wherever you are in the world.”

Those without computer or telephone access will be directed to visit a Mobile Voter Help Centre where they cast a ballot and be assisted by municipal staff.

Read more:
Winners announced for Pillar Community Innovation Awards in London, Ont.

In the 2018 race, of the 10,259 recorded electors, 5,736, or roughly 56 per cent, voted in person, while 4,205, roughly 41 per cent, voted online, election data shows. Only 318 people chose to vote by phone.

In all, voter turnout was 36.09 per cent, with 80 per cent of those casting ballots recorded as being over the age of 45.

“During the pandemic, people have really concentrated on being able to use services like online purchasing or online ordering from restaurants. It’s become a far bigger part of our life, and we think we can make it part of the election process pretty smoothly,” Preston said.


Click to play video: 'TTC investigates data breach potentially impacting 25,000 employees, former employees'



TTC investigates data breach potentially impacting 25,000 employees, former employees

TTC investigates data breach potentially impacting 25,000 employees, former employees – Nov 8, 2021

“Almost every bank has a huge…

Source…