MedISAO’s Large Language Model-based approach will allow organizations to maintain the ability to manage and respond to vulnerabilities as the National Vulnerability Database works on a solution
(PRUnderground) June 4th, 2024
MedISAO, an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy, today announced a Large Language Model (LLM)-approach to analyze medical device vulnerabilities. Microsoft OpenAI Azure Service is being used as mitigation for the recent disruptions in the National Institute of Standards’ (NIST) National Vulnerability Database (NVD) updates, which have raised significant concerns in the cybersecurity community.
A recent report from VulnCheck found that NIST has analyzed less than 1 out of 10 vulnerabilities published in the NVD since mid-February of this year. According to the report, since February 12, 2024, 12,720 new vulnerabilities were added to NVD. However, over 11,000 of these vulnerabilities have not been analyzed, making it challenging for security professionals to determine vulnerabilities within their software. In response, MedISAO is leveraging advanced AI to maintain the flow and quality of vulnerability data to ensure that organizations can still access crucial vulnerability data.
By using an LLM agent, MedISAO’s system processes vulnerability information from NVD, MITRE, and other external sources, constructing CPE product and version match data to ensure continuous vulnerability enrichment, crucial for maintaining robust cybersecurity practices. This AI-driven approach is supported by Medcrypt’s Software Bill of Materials (SBOM) and vulnerability management tool, Helm. Historical data and a custom grammar parser are used to reduce inaccuracies and improve reliability. Daily updates enhance speed and efficiency in managing newly released vulnerabilities.
“Without NVD’s timely processing, managing and responding to newly disclosed vulnerabilities becomes severely hampered. Our approach is a crucial interim measure to ensure continuity and resilience in cybersecurity practices,” said Daniel Beard, MedISAO. “MedISAO remains committed to supporting the cybersecurity community by providing innovative solutions that address current challenges. As the industry awaits the full resumption of NVD operations, MedISAO’s AI-powered service stands as a vital resource for maintaining robust cybersecurity defenses.”
In May 2024, MedISAO announced its endorsement by the Food and Drug Administration (FDA) through a renewed Memorandum of Understanding (MOU) signed on April 18, 2024, marking a continued collaboration and highlighting the importance of improving the security posture of the medical device ecosystem and the healthcare industry at large. For more information, please visit www.medisao.com.
About MedISAO/Medcrypt
MedISAO, a part of Medcrypt Inc., is an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy. MedISAO provides cybersecurity information sharing, education, and tools tailor-made for the medical device industry. MedISAO is a registered ISAO with an FDA MOU providing compliance with the FDA’s recommendation in the Postmarket Management of Cybersecurity in Medical Devices. For more information, visit www.medisao.com and www.medcrypt.com
Medcrypt is helping healthcare technology companies ensure medical devices are secure by design. We provide cybersecurity products and strategic management consulting to expedite the go-to-market process of medical device manufacturers’ new life-saving connected technologies. Founded in 2016 by a team of healthcare cybersecurity experts, Medcrypt is uniquely positioned to be the security catalyst for medical device manufacturers to design secure, FDA-approved technologies. We continue to work with those paving the way toward safe and reliable medtech.
To date, Medcrypt has raised more than $36 million in funding with participation from Johnson & Johnson Innovations, Intuitive Ventures, and Dexcom Ventures. For more information, please visit www.Medcrypt.com.
The post MedISAO Launches AI-Powered Vulnerability Analysis to Address National Vulnerability Database Disruptions first appeared on
Original Press Release.
