During my onstage interview with Dan Geer at S4x18, we discussed what is the best course of action when vulnerabilities are dense (listen beginning at 28:15). I suggested that medical device and software were a great example of dense vulnerabilities, so is the current approach to find and fix vulnerabilities a good approach when a single exploitable bug can take out a hospital for a week.


In this episode I interviewed Josh Corman. He is currently the Chief Security Officer of PTC. His previous roles as the Director of Cyber Statecraft Initiative at the Atlantic Council, Member of the Health Care Industry Cybersecurity Task Force, and founder of I Am The Cavalry put Josh in a position to see the Health Care Cybersecurity issue from all sides: vendors, health care providers, insurers, regulators and patients.

After quickly agreeing that vulnerabilities in medical devices & software are dense, Dale Peterson and Josh Corman discuss where time and money should be spent on improving Medical Sector cybersecurity. Does the find and patch vulnerabilities make sense when the vulnerabilities are dense? Why does a hospital shut down for a week when a single application has an exploited vulnerability? How is the FDA doing in forcing change? What can we expect in the future. This and more in this episode.

Don’t miss the end when Josh talks about some cyber attack simulations run at hospitals to see how patient care would be affected.


This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.