CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance

BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, in conjunction with the Open Web Application Security Project (OWASP) today released OWASP Secure Medical Device Deployment Standard Version 2.0, an updated guide to the secure deployment of medical devices within a healthcare facility.

Considerable enhancements were made throughout the document, especially to the section on purchasing controls with an eye to security audits and evaluation, privacy impact assessment, and support evaluation controls. Additionally, the updated document now includes relevant guidance from the Federal Drug Administration.

“Too many of today’s network-enabled security devices are still not being deployed with security in mind, exposing healthcare providers and their patients to data breaches at best and potential negative health consequences at worst. With ransomware and botnets targeting IoT devices, it is more essential than ever that devices are developed and deployed with security in mind,” said OWASP Project Leader Christopher Frenz, who authored the original paper.

This report is reflective of how organizations are increasingly putting more resources toward supporting the development community in equal parts with security.

“The growth of electronic medical records and network-enabled devices has allowed healthcare providers to enhance their level of service and the efficiency with which they provide care. However, this same interconnectedness has opened a Pandora’s box of security issues involving legacy systems and healthcare devices that were not designed with security in mind,” said Hillary Baron, Research Program Manager, CSA. “It’s our hope that this document provides a clear roadmap for healthcare organizations looking to ensure that medical devices and systems across the organization follow IT security best practices.”

The report, to which CSA’s Internet of Things (IoT) Working Group provided input and significant contributions, provides guidance in areas such as:

Download OWASP Secure Medical Device Deployment Standard Version 2.0.

About Open Web Application Security Project

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible so that individuals and organizations are able to make informed decisions. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

Share this content on your favorite social network today!