1 md viper
play

1 MD-VIPER Medical Device Vulnerability Sharing Stakeholders - PowerPoint PPT Presentation

Apr 09, 2024 •322 likes •438 views

1 MD-VIPER Medical Device Vulnerability Sharing Stakeholders including manufacturers, healthcare delivery organizations (HDOs), independent security researchers, regulatory agencies, etc. Benefits Sharing of reports on known

  1. 1

  2. MD-VIPER Medical Device Vulnerability Sharing Stakeholders including manufacturers, healthcare delivery organizations (HDOs), independent security researchers, regulatory agencies, etc. Benefits – Sharing of  reports on known vulnerabilities  vetting and evaluation of vulnerabilities  details of actions taken by others to mitigate vulnerabilities  medical device cybersecurity education, best practices, mitigation strategies 2

  3. MD-VIPER MD-VIPER Vulnerability Report for Manufacturers The MD-VIPER Vulnerability Report is designed to serve as an alternate reporting process to FDA’s requirements for 21 CFR Part 806 reporting if cybersecurity vulnerabilities are involved. Manufacturers are not held to 21 CFR Part 806 reporting requirements if  the manufacturer is a active participant in an ISAO (such as NH-ISAC)  the manufacturer is conducting a correction/removal to address a cybersecurity vulnerability  the cybersecurity vulnerability in question has not led to any known serious injuries or deaths  the manufacturer will meet the timeline criteria for communicating to its customers and then validating and distributing the deployable fix such that the residual risk is brought to an acceptable level 3

  4. Medical Device Vulnerability Reporting Workflow PROVISIONAL: MD-VIPER Vulnerability Report Flow C o o r d ii n a t e d C o o r d n a t e d V u ll n e r a b ii ll ii t y V u n e r a b t y D D ii s s c c ll o o s s u u r r e e F D A F D A by Manufacturer II S S C C -- C C E E R R T T U S C - E R T U S - C E R T II S A O s / II S A C s S A O s / S A C s Start Manufacturer automatically receives e-mail Manufacturer automatically receives e-mail notice that submission has been accepted notice that submission has been accepted and included in database and included in database Manufacturer Manufacturer completes and completes and Mfg Manufacturer Manufacturer submits the submits the authorizes determines it has a determines it has a MD-VIPER MD-VIPER New New Coordinated MD-VIPER reportable MD-VIPER reportable Manufacturer Manufacturer MD-VIPER Report Repor Disclosure t Vulnerability Report Vulnerability Report vulnerability vulnerability Manufacturer Manufacturer A Manufacturer A (including any (including any Vulnerability Yes MD-VIPER MD-VIPER MD-VIPER Is submission Yes MD-VIPER “trusted “trusted amendments, amendments, Report validates validates Appropriate/ accepts accepts participant in the participant in the updates & updates & (submitted Data & submissions submission submission Complete? submission submission MD- VIPER” MD- VIPER” corrections) corrections) securely via Manufacturer has Manufacturer has (proprietary and and indicates if and indicates if web) additional or corrected patient dataredacted) additional orcorrected Existing Existing submission is to be submission is to be information regarding information regarding that are nototherwise Report Report treated as Protected treated as Protected a previously reported a previously reported coded as PCII in Critical Critical submission are vulnerability vulnerability No No Infrastructure Infrastructure viewable to Information (PCII) Information (PCII) stakeholders Manufacturer notified that Manufacturer notified that MD-VIPER MD-VIPER submitted report needs submitted report needs MD-VIPER requests requests clarification (given reasons clarification (given reasons MD-VIPER Vulnerability clarification clarification why) and asked toresubmit why) and asked toresubmit database Report submission submission 3 rd party 3 rd party withclarification withclarification updated Database and manufacturer and manufacturer (encrypted) automatically receive e-mail notice that submission has been provisionally accepted Analysis of Data by and included in database MD-VIPER Analysis Reports available 3 rd party completes and 3 rd party to interested parties submits the MD-VIPER (HDOs, security MD-VIPER 3 rd party 3 rd party rd 3 party researchers/consultants) 3 rd party (non- Vulnerability Report Vulnerability determines it has MD-VIPER Issubmission Yes MD-VIPER via MD-VIPER web (including any amendments, manufacturer) is Report aMD-VIPER validates Appropriate/ accepts registered updates &corrections) (submitted reportable submission Complete? submission and indicates if submission inMD-VIPER securely via vulnerability is to be treated asProtected web) Critical Infrastructure Information (PCII) No 3 rd party notified that MD-VIPER generated reports MD-VIPER generated reports MD-VIPER submitted report needs t h a t m e e t d a t a t h a t m e e t d a t a requests clarification (given reasons s h a r ii n g / d a t a s h a r n g / d a t a clarification why) and asked toresubmit c o n f i d e n t i a i l t y s t a n d a r d s c o n f i d e n t i a i l t y s t a n d a r d s submission withclarification a n d g u i d e l i n e s a n d g u i d e i l n e s 4

  5. Medical Device Vulnerability Reporting Workflow by Non-manufacturer (researcher, healthcare delivery org, ICS-CERT, patient, etc.) C o o r d ii n a t e d C o o r d n a t e d V u ll n e r a b ii ll ii t y V u n e r a b t y D D ii s s c c ll o o s s u u r r e e F D A F D A II S S C C -- C C E E R R T T Start Manufacturer U S C - E R T U S - C E R T II S A O s / II S A C s S A O s / S A C s Start Manufacturer automatically receives e-mail notice that submission has been accepted and included in database Manufacturer completes and Mfg Manufacturer submits the authorizes determines it has a MD-VIPER New Coordinated MD-VIPER reportable Manufacturer MD-VIPER Report Disclosure Vulnerability Report vulnerability Manufacturer Manufacturer (including any Vulnerability Is submission Yes MD-VIPER MD-VIPER A “t rusted amendments, Report validates Appropriate/ accepts participant inthe updates & (submitted Data & submissions submission Complete? submission MD- VIPER” corrections) securely via Manufacturer has (proprietary and and indicates if web) additional orcorrected patient dataredacted) Existing submission is to be information regarding that are nototherwise Report treated as Protected a previously reported coded as PCII in Critical vulnerability submission are No Infrastructure viewable to Information (PCII) stakeholders Manufacturer notified that Manufacturer notified that MD-VIPER MD-VIPER submitted report needs submitted report needs MD-VIPER requests requests clarification (given reasons clarification (given reasons MD-VIPER Vulnerability clarification clarification why) and asked toresubmit why) and asked toresubmit database Report submission submission 3 rd party 3 rd party withclarification withclarification updated Database and manufacturer and manufacturer (encrypted) automatically receive e-mail automatically receive e-mail notice that submission has notice that submission has been provisionally accepted been provisionally accepted Analysis of Data by and included in database and included in database MD-VIPER Analysis Reports available 3 rd party completes and 3 rd party completes and 3 rd party 3 rd party to interested parties submits the submits the MD-VIPER MD-VIPER 3 rd party (HDOs, security MD-VIPER 3 rd party 3 rd party 3 rd party rd 3 party researchers/consultants) 3 rd party (non- 3 rd party (non- Vulnerability Report Vulnerability Report Vulnerability determines it has determines it has MD-VIPER MD-VIPER Issubmission Yes Yes MD-VIPER MD-VIPER via MD-VIPER web manufacturer) is (including any amendments, (including any amendments, manufacturer) is Report aMD-VIPER validates accepts aMD-VIPER validates Appropriate/ accepts registered registered updates &corrections) updates &corrections) (submitted reportable reportable submission submission Complete? submission submission inMD-VIPER and indicates if submission and indicates if submission inMD-VIPER securely via vulnerability vulnerability is to be treated asProtected is to be treated asProtected web) Critical Infrastructure Critical Infrastructure Information (PCII) Information (PCII) No No 3 rd party notified that 3 rd party notified that MD-VIPER generated reports MD-VIPER generated reports MD-VIPER MD-VIPER submitted report needs submitted report needs t h a t m e e t d a t a t h a t m e e t d a t a requests requests clarification (given reasons clarification (given reasons s h a r ii n g / d a t a s h a r n g / d a t a clarification clarification why) and asked toresubmit why) and asked toresubmit c o n f i d e n t a i l t i y s t a n d a r d s c o n f i d e n t i a l i t y s t a n d a r d s submission submission withclarification withclarification a n d g u i d e n l i e s a n d g u i d e i l n e s 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proudly manufactured and supplied by: Lubrication Engineers Pty Ltd Agenda o Introduction to the

Proudly manufactured and supplied by: Lubrication Engineers Pty Ltd Agenda o Introduction to the

Proudly manufactured and supplied by: Lubrication Engineers Pty Ltd Agenda o Introduction to the Viper (Viper sales video) o Features & Benefits Cost savings to users. o How it works o Assembly (Viper assembly video) o What makes Viper

413 views • 24 slides
OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted

OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted

VIPER SCREENING BUCKETS Made in Finland by Ajutech Oy OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted partner both among AM and OEM customers Product range includes ten basic models of

412 views • 10 slides
Black Viper 9000 Presented by PRESTIGE WORLDWIDE EF 152 Spring, 2017 D-19 April 4, 2017 Ben

Black Viper 9000 Presented by PRESTIGE WORLDWIDE EF 152 Spring, 2017 D-19 April 4, 2017 Ben

Black Viper 9000 Presented by PRESTIGE WORLDWIDE EF 152 Spring, 2017 D-19 April 4, 2017 Ben Ferguson, Connor Zabo, Christopher Forsyth, and Jack Brandon Customer Requirements - The PWW Black Viper 9000 was manufactured for ages 11+ -

390 views • 11 slides
Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich

Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich

Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich Joint work with Uri Juhasz, Ioannis Kassios, Peter Mller, Milos Novacek, Malte Schwerhoff (and many students) 16 th July 2015, Imperial Concurrency

842 views • 14 slides
VOLLEYBALL 2019 PROGRAM PHILOSOPHY The Viper Volleyball Program is centered around developing

VOLLEYBALL 2019 PROGRAM PHILOSOPHY The Viper Volleyball Program is centered around developing

VANDEGRIFT VOLLEYBALL 2019 PROGRAM PHILOSOPHY The Viper Volleyball Program is centered around developing young student-athletes into adults that exhibit high integrity and character. We value and encourage competition in many aspects; we

671 views • 24 slides
Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich

Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich

Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich Joint work with Pietro Ferrara, Uri Juhasz, Ioannis Kassios, Milos Novacek, Malte Schwerhoff, and Alex Summers 2 Automatic Program Verification

134 views • 10 slides
VIPER Tactical Strategic Statewide Fixed & Portable System Temporary solution for

VIPER Tactical Strategic Statewide Fixed & Portable System Temporary solution for

VIPER Tactical Strategic Statewide Fixed & Portable System Temporary solution for interoperable emergency communications 19 remote fixed sites with 2 pre- programmed radios for each county 1. Law Enforcement 2. Fire/Rescue

437 views • 20 slides
Paul is shipwrecked on the island of Malta Paul is bitten by a viper ministry on Malta twin

Paul is shipwrecked on the island of Malta Paul is bitten by a viper ministry on Malta twin

Paul is shipwrecked on the island of Malta Paul is bitten by a viper ministry on Malta twin brothers Castor & Pullux (Zeus sons according to Greek mythology) were believed to protect sailors Paul leaves Malta sailing towards Rome

325 views • 11 slides
OEM brands available Product range includes two basic models of crushing buckets and

OEM brands available Product range includes two basic models of crushing buckets and

VIPER CRUSHING BUCKETS Made in Finland by Ajutech Oy OEM brands available Product range includes two basic models of crushing buckets and multiple variations VPCH-21 and VPCV-22 VP = Viper C = Crusher H =

334 views • 8 slides
M4 WP3 Multimodal integration Progress report Viper group Computer Vision and Multimedia Lab

M4 WP3 Multimodal integration Progress report Viper group Computer Vision and Multimedia Lab

M4 WP3 Multimodal integration Progress report Viper group Computer Vision and Multimedia Lab University of Geneva 30-01-03 Progress report UniGE Information retrieval setup / extension Video data processing Information

325 views • 19 slides
an optimized data exchange policy Hisham Mohamed and Stphane Marchand-Maillet Viper group, CVML

an optimized data exchange policy Hisham Mohamed and Stphane Marchand-Maillet Viper group, CVML

Enhancing MapReduce using MPI and an optimized data exchange policy Hisham Mohamed and Stphane Marchand-Maillet Viper group, CVML Laboratory, University of Geneva September 10, 2012 Fifth International Workshop on Parallel Programming Models

707 views • 28 slides
AIM VIPER Collaboration Event A Joint, Accelerator for Innovative Minds (AIM) Project 25 June

AIM VIPER Collaboration Event A Joint, Accelerator for Innovative Minds (AIM) Project 25 June

AIM VIPER Collaboration Event A Joint, Accelerator for Innovative Minds (AIM) Project 25 June 2020 events.sofwerx.org/aimviper Focus Area 1: Reducing User Burden 1 UNCLASSIFIED UNCLASSIFIED Reducing Burden Measureable progress realized

289 views • 16 slides
03-1162 Page 2 of 7 whose commercial embodiment is the Viper fan. Craftmade manufactures the

03-1162 Page 2 of 7 whose commercial embodiment is the Viper fan. Craftmade manufactures the

03-1162 Page 1 of 7 NOTE: Pursuant to Fed. Cir. R. 47.6, this disposition is not citable as precedent. It is public record. United States Court of Appeals for the Federal Circuit 03-1162 MINKA LIGHTING, INC., Plaintiff-Appellant, and PAN

468 views • 7 slides
EAVISE: VIPER Visual Person Detection made Reliable - Research carried out by knowledge

EAVISE: VIPER Visual Person Detection made Reliable - Research carried out by knowledge

19/11/2015 Program 12:00 Reception with sandwiches 13:00 Welcome and presentation of research team IWT-Tetra project 13:15 presentation from IWT: what is a tetra project? 13:30 Project idea and planning 14:00 Research carried

248 views • 13 slides
Networking A novel approach to research presentations for networks: an evaluation of Visual

Networking A novel approach to research presentations for networks: an evaluation of Visual

Primary Health Care Research and Development 2001; 2 : 205207 Networking A novel approach to research presentations for networks: an evaluation of Visual Presentation with Expert Review (ViPER) Michael Moore Three Swans Surgery, Salisbury,

164 views • 3 slides
Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence

Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence

Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER) 1 Agenda SpeakerName SpeakerInstitution Topic Speaker check- in Everyone Soundcheck

204 views • 19 slides
Ne f cafca ad cdea e:

Ne f cafca ad cdea e:

Ne f cafca ad cdea e: e a cea T

605 views • 8 slides
CSC2541 Lecture 1 Introduction Roger Grosse Roger Grosse CSC2541 Lecture 1 Introduction 1 / 36

CSC2541 Lecture 1 Introduction Roger Grosse Roger Grosse CSC2541 Lecture 1 Introduction 1 / 36

CSC2541 Lecture 1 Introduction Roger Grosse Roger Grosse CSC2541 Lecture 1 Introduction 1 / 36 Motivation Recent success stories of machine learning, and neural nets in particular But our algorithms still struggle with a decades-old

876 views • 49 slides
Resources: nc160D.sog.unc.edu 2 1 11/12/2019 Regional Workshops 3 Outline 1. Background and

Resources: nc160D.sog.unc.edu 2 1 11/12/2019 Regional Workshops 3 Outline 1. Background and

11/12/2019 Master Clerks Academy November 14, 2019 Adam Lovelady 1 Resources: nc160D.sog.unc.edu 2 1 11/12/2019 Regional Workshops 3 Outline 1. Background and Implementation 2. Planning Requirement 3. Jurisdiction & Boards 4.

223 views • 18 slides
Behavior Change Techniques for Reducing I nterview er Contributions to Total Survey Error Brad

Behavior Change Techniques for Reducing I nterview er Contributions to Total Survey Error Brad

Behavior Change Techniques for Reducing I nterview er Contributions to Total Survey Error Brad Edwards, Hanyu Sun, and Ryan Hubbard Presented at the Symposium on Interviewer Effects and Total Survey Error, Lincoln, Nebraska February 26, 2019

481 views • 18 slides
D etecti ng and Correcti ng Errors of O m i ssi on A fter Expl anati on-based Learni

D etecti ng and Correcti ng Errors of O m i ssi on A fter Expl anati on-based Learni

D etecti ng and Correcti ng Errors of O m i ssi on A fter Expl anati on-based Learni ng M i chael J. Pazzani Depar tm ent of I nf or m ati on and Com puter Sci ence Uni versi ty of Cal i forni a, I rvi ne,

397 views • 18 slides
Review of the National Ambient Air Quality Standards (NAAQS) for Ozone Clarifications on the

Review of the National Ambient Air Quality Standards (NAAQS) for Ozone Clarifications on the

Review of the National Ambient Air Quality Standards (NAAQS) for Ozone Clarifications on the 2nd Draft Risk and Exposure Assessments and 2 nd Draft Policy Assessment Karen Wesson Health and Environmental Impacts Division Office of Air Quality

232 views • 7 slides
Improved Models and Queries for Grounded Human-Robot Dialog Aishwarya Padmakumar Doctoral

Improved Models and Queries for Grounded Human-Robot Dialog Aishwarya Padmakumar Doctoral

Improved Models and Queries for Grounded Human-Robot Dialog Aishwarya Padmakumar Doctoral Dissertation Proposal Natural Language Interaction with Robots 2 Understanding Commands Bring the blue mug from Alices office 3 Sources of

1.56k views • 119 slides
Early I Early Interv ntervening ening Service Services Individual Individ als wit with h

Early I Early Interv ntervening ening Service Services Individual Individ als wit with h

Introduction Introduction to to Compr Comprehensiv ehensive Coordinat Coordinated ed Early I Early Interv ntervening ening Service Services Individual Individ als wit with h Disabi Disabiliti ties es Educati Education Act Act -

501 views • 37 slides

More recommend