Episode Details
Back to Episodes
DtSR Episode 227 - NewsCast for January 10th 2017
Published 9 years, 4 months ago
Description
St. Jude, MedSec and the FDA
- FDA, St. Jude go through disclosure/fix cycle
- No mention of MedSec - interesting for discussion; did they have an impact?
- St. Jude does a fairly great job of notification, updating
- “Benefits outweigh the risks”... that’s a big statement
- http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm535843.htm
- http://www.businesswire.com/news/home/20170109005921/en/St.-Jude-Medical-Announces-Cybersecurity-Updates
- http://www.medsec.com/entries/stj-lawsuit-response.html
- http://podcast.developsec.com/ep-56-security-contacts
New York financial regulator to delay cyber security rules
- Originally supposed to go into effect Jan 1.. New Date is March 1
- We discussed in passing in a previous episode
- There are final adjustments being made, of course
- http://www.reuters.com/article/us-cyber-new-york-idUSKBN14A224
Massachusetts makes data breach reports available online
- http://turnto10.com/news/local/massachusetts-makes-data-breach-reports-available-online-01-04-2017
- Seems less like a report and more of just the quick details of the notification
-
- http://www.mass.gov/ocabr/data-privacy-and-security/data/data-breach-notification-archive.html
- How much value does this provide?
-
- Finding a company on the list doesn’t indicate its current security posture.
- Identifying that you did business with a company on the list.. Not much you can do anyway.
- Still no indications of what happened, or who was actually affected
-
- Wouldn’t you get an email or snail mail during the original notification procedures?