Reviewing OWASP /CSA Document for Secure Medical Devices
The OWASP(Open Web Application Security Project) and the CSA(Cloud.Security.Alliance) are both Non-Profit initiatives devoted to various aspects of Cybersecurity with Chapters and
The following document-Secure Medical Devices Deployment came out from a joint collaboration an initiative between both these organizations to look into an area which has seen widespread attacks in the last few years; IoT Medical Devices deployment.
Following are the key recommendations from that Document
Develop a Template for Mock Incidents & an effective Incident Response Plan(which is tested at least once every 6 months).
Do sufficient testing of your Devices via Pentesting, Security testing, OS Hardening, Encrypted Messaging(HLv3).
Physical Security should not be neglected
Compliance Monitoring-should is effective & comprehensive.
Verification and ensure the stability of Update Mechanisms(for Firmware); Keep a Spare copy as Backup for emergency purposes.
Change Default Credentials-to ensure that the easiest way to get into a Document is just not open anymore.