The management of St. Jude medical devices increasingly looks to be dangerously negligent.
I'm not sure which concerns me more:
The fact that a company implanting RF medical devices in humans has never heard of a high gain antenna,
Or. Them pointing to ISO 27001 as their major security countermeasure,
Or whitewashing likely weak authentication on their updates and control channel with political dancing and careful public company IR press release wording,
Or their complete denial and filibuster marketing non-sense essentially saying they don't plan on improving anything.
The more these guys speak the more concerned I am for their patients who have their devices I'm planted inside their bodies, and the more firmly convinced I am that Justine Bone and the MedSec folks were completely justified in their non-traditional disclosure which led to a stop trading on their stocks. Barnaby Jack pointed them out as a concern in 2014, and it triggered a U.S. federal investigation, which resulted in apparently zero improvements, and seemingly didn't do a thing to shift their corporate culture to more diligence about the security of their systems and designs - if this openly hostile to patient and device security release is any indication about their critical to patient health, and failures lead to serious adverse events devices. I read this press release incredulously, and hope the entire spectrum of information technology knowledgeable folks rally to an outcry when they read it too, over what increasingly looks like serious negligence.
Nick Selby I'm truly regretful and concerned that your mother has to suffer with a medical implant from what seems to be unfolding to look like the Bozo the Clown of the medical industry. Justine, stick to your guns, and fellow InfoSec professionals, please offer your voices in the chorus of WTF.http://goo.gl/9Ja5Tr