The National Cybersecurity Center of Excellence Partners with Virta Labs on Medical Device Security Project

New NIST Healthcare Cybersecurity Guide on Securing Picture Archiving and Communication Systems.

Seattle, WA, September 18, 2019 --( Virta Laboratories, Inc. (Virta Labs) has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a project to help healthcare delivery organizations secure the Picture Archiving and Communication System (PACS).

The NCCoE at NIST is proud to release a new practice guide – NIST Special Publication 1800-24, Securing PACS – to help healthcare delivery organizations (HDOs) protect patient images and other pertinent medical data.

The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. This practice guide represents the NCCoE’s dedication to public interest and the critical cybersecurity matters within the healthcare sector.

The guide can be used by any organization that is deploying PACS and medical imaging systems, and that is willing to perform its own risk assessment and implement controls based on its risk posture. Both standards and best practices were used to develop two reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.

This practice guide demonstrates how commercially available technologies, like BlueFlow™ can be integrated with existing tools to:

• Provide discovery, categorization, grouping, tagging, and identification of medical devices along with open-source Tapirx™ discovery tool.
• Provide flexible user-defined risk assessment & scoring.
• Provide threat feed for known medical devices.
• Provide vulnerability management via integration with vulnerability scanners.
• Provide reporting on risk and security properties for groups of assets.

“The practice guide offers healthcare security professionals a practical approach to deploying medical imaging technology in a more secure manner. Because NIST is a standards organization, we’re always striving to address the nation’s most pressing cybersecurity challenges by using industry best practices and open standards. That’s what this guide provides.” - Jennifer Cawthra, NIST NCCoE healthcare sector lead

To complete this guide, the NCCoE collaborated with other technology vendors, including Cisco, Clearwater Compliance, Digicert, Forescout, Hyland, Philips, Symantec, TDI Technologies, Tempered Networks, Tripwire, and Zingbox.

The NCCoE believes the guide helps meet a critical cybersecurity and economic need, but we want to hear from you. Please share your thoughts on this step-by-step guide to enhance it. Download the draft guide and provide your feedback on the NCCoE comment page. The public comment period closes on November 18, 2019.

*While the example implementation uses certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
Virta Laboratories, Inc.
Michael Holt