[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 21 Oct 2009 10:23:04 -0400
From: Shawn Merdinger <shawnmer@...il.com>
To: Michael Krymson <krymson@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: McKesson Horizon Clinical Infrastructure
(HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords
Hi Michael,
On Wed, Oct 21, 2009 at 9:36 AM, Michael Krymson <krymson@...il.com> wrote:
> Oh shit, accounting@...esson.com bounced, too! That must mean they don't
> even have any accounting!
Hehe...who knows? Maybe you needed to do @internal.mckesson.com ;-P
Bringing this back to the issue at hand, a security POC at any vendor
is, I suggest, a good thing (tm).
As an fyi, and specifically pertaining to medical device security,
some efforts are underway; and I humbly suggest that this community
could make further recommendations.
Please see the following:
"Manufacturer Disclosure Statement for Medical Device Security" by the
Healthcare Information and Management Systems Society (HIMSS)
Healthcare Information and Management Systems Society (HIMSS) --
http://www.himss.org
HIMSS Manufacturer Disclosure Statement for Medical Device Security --
http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=99
"In light of increased focus on medical device security, the HIMSS
Medical Device Security Work Group created the Manufacturer Disclosure
Statement for Medical Device Security (MDS2)." --
http://www.nema.org/stds/hn1.cfm
Direct PDF download of HIMSS/NEMA HN 1-2008 guidelines:
http://www.jira-net.or.jp/commission/system/04_information/files/HN1_MDS2_final.pdf
MDS2 Excel worksheet:
http://www.nema.org/stds/complimentary-docs/upload/MDS2%20Worksheet.xls
Cheers,
--scm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists