Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER)
SPECIAL ALERT – PETYA Ransomware
The MS-ISAC is aware of new ransomware activity similar to WannaCry using the Petya ransomware. Petya encrypts the Master File Table (MFT) for NTFS partitions and overwrites the Master Boot Record (MBR) with a custom bootloader. The ransomware demands an average payment of $300 in bitcoins.
The NH-ISAC Blog Page will have updates as they are made available https://nhisac.org/nhisac-alerts/petya-ransomware-updates
The MDSISC is engaged with networks of hospitals and manufacturers in active surveillance for the Petya outbreak.
If you are a manufacturer, health care organization or other organization that could facilitate the collection of data for Petya surveillance, please contact MD-VIPER
SPECIAL ALERT – WANNACRY
The NH-ISAC Blog Page will have updates as they are made available https://nhisac.org/wannacry-ransomware-update/
The MDSISC is engaged with networks of hospitals and manufacturers in active surveillance for the WannaCry outbreak.
If you are a manufacturer, health care organization or other organization that could facilitate the collection of data for WannaCry surveillance, please contact MD-VIPER
MEDICAL DEVICE VULNERABILITY INTELLIGENCE PROGRAM FOR EVALUATION AND RESPONSE (MD-VIPER)
Welcome to the Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER), a program of the Medical Device Security Information Sharing Council (MDSISC) under the National Health Information Sharing and Analysis Center (NH-ISAC) and the Medical Device Innovation, Safety & Security (MDISS) Consortium. MD-VIPER was created through an operational partnership & MOU between the FDA, NH-ISAC and MDISS. The website is a new, secure, narrowly-scoped public health initiative designed to meet the FDA Postmarket regulatory guidance for cybersecurity vulnerability disclosure and reporting. The web services provide a means for all stakeholders in the medical device community to learn and mature efficient and value-added risk assessment, vulnerability information sharing, and surveillance components. Other medical device cybersecurity data sharing initiatives and ties to data streams including the DHS ICS-CERT are components of other related controlled pilots that are underway.
The MD-VIPER program goals are to: (1) provide a medical device vulnerability sharing, evaluation, and response service; (2) support FDA’s Postmarket Management of Cybersecurity in Medical Devices final guidance; (3) create an open community of medical device cybersecurity stakeholders (manufacturers, healthcare delivery organizations (HDOs), independent security researchers, regulatory agencies, etc.) to promote a consensus & consistency of vulnerability reporting and information sharing approach and process; (4) contribute significantly to medical device cybersecurity education; and (5) foster situational awareness of medical device cybersecurity threats, best practices and mitigation strategies.
Please direct all questions/inquiries about MD-VIPER to:
To become a participant in MD-VIPER, complete and submit the
and your registration will be reviewed.