• Regulatory NewsRegulatory News

    Abbott Recalls 465,000 Pacemakers for Cybersecurity Patch

    Medical device maker Abbott on Monday announced it is voluntarily recalling some 465,000 pacemakers to install a firmware update to patch cybersecurity vulnerabilities in the devices. The recall affects six pacemaker models—Accent, Accent MRI, Accent ST, Allure, Anthem and Assurity—that Abbott acquired when it completed its purchase of St. Jude Medical last January. Patients with the devices are being told to speak to their doctors to determine whether they should recei...
  • Regulatory NewsRegulatory News

    ICD and Pacemaker Ecosystems Vulnerable to Hacks: Report

    Cybersecurity firm WhiteScope says it has identified cybersecurity vulnerabilities in the device ecosystems for pacemakers and implantable cardioverter-defibrillators (ICDs) across four major vendors. Background In recent years, the US Food and Drug Administration (FDA) has advanced efforts to improve medical device cybersecurity, and has held three public workshops and issued two final guidances detailing device makers' pre- and postmarket cybersecurity responsibilitie...
  • Regulatory NewsRegulatory News

    FDA, Industry Look for Gaps in Cybersecurity

    The US Food and Drug Administration (FDA) on Thursday kicked off a fortuitously-timed public workshop on medical device cybersecurity, the agency's third on the subject to date. At the workshop, FDA officials, representatives from industry and researchers are trying to determine the current gaps in regulatory science as it relates to cybersecurity with the aim of coming up with fixes for those gaps down the road. FDA's previous cybersecurity workshops in October 2014 an...
  • Regulatory NewsRegulatory News

    FDA to Create Digital Health Unit

    With ongoing work on guidance related to software as a medical device, and a new dedicated unit to digital health coming to the US Food and Drug Administration’s Center for Devices and Radiological Health (CDRH), the agency is slowly but surely dipping its toe into the rapidly advancing field. Bakul Patel, ‎associate center director for digital health at FDA, told attendees at MedCon in Cincinnati on Thursday that current work is directed at funneling through abou...
  • Regulatory NewsRegulatory News

    Cybersecurity: House Committee Looks to Build on Public-Private Partnerships

    The House Energy & Commerce Committee on Tuesday held a hearing looking into ways to improve cybersecurity across the healthcare sector. In recent years, cybersecurity has been a growing concern in healthcare, with high profile cyber-attacks and vulnerabilities causing disruptions for insurers , hospitals and medical device makers . The stakes for patients are high too as patient data could be lost or tampered with, hospital services interrupted or patients harmed t...
  • Regulatory NewsRegulatory News

    FDA, DHS Find Cybersecurity Vulnerabilities in St. Jude Heart Devices

    The US Food and Drug Administration (FDA) and the Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory on Monday warning of cybersecurity vulnerabilities found in St. Jude Medical's Merlin@home wireless transmitter that could affect the company's line of implantable cardiac devices (ICDs). The Merlin@home device is used to communicate with a range of St. Jude's ICDs, including its radio frequency-ena...
  • Regulatory NewsRegulatory News

    FDA Finalizes Postmarket Cybersecurity Guidance

    Just before the close of 2016, the US Food and Drug Administration (FDA) finalized its guidance for managing postmarket cybersecurity for connected medical devices. While the core principles of the guidance are largely similar to the draft version released in January 2016 , FDA has made a number of changes to the guidance pertaining to cybersecurity vulnerability disclosure, remediating and reporting vulnerabilities, and participation in Information Sharing Analysis Org...
  • Regulatory NewsRegulatory News

    Cybersecurity Researcher: Recent Device Vulnerabilities Should Be a Wake-Up Call for FDA

    A prominent cybersecurity researcher says the US Food and Drug Administration (FDA) needs to "buckle down" and regulate medical device cybersecurity more firmly. The warning comes after the US Department of Homeland Security (DHS) issued an advisory last week warning of more than 1,400 cybersecurity vulnerabilities found in third-party software used in CareFusion's Pyxis SupplyStation, an automated, networked, supply cabinet used to store and dispense supplies ranging fr...
  • Regulatory NewsRegulatory News

    NIST Kicks Off Wireless Infusion Pump Cybersecurity Project

    The National Institute of Standards and Technology (NIST) is launching a project to improve the cybersecurity of wireless infusion pumps. To do so, NIST's National Cybersecurity Center of Excellence (NCCoE) is looking for vendors to provide it with the components and technical expertise required to simulate the hospital environment in which infusion pumps operate. In a notice published in the Federal Register Monday, NIST said the goal of the project is to help health...
  • Regulatory NewsRegulatory News

    Questions Remain on How Device Cybersecurity Data Sharing Will Work

    A key component in the US Food and Drug Administration's (FDA) postmarket guidance for medical device cybersecurity is participation in Information sharing analysis organizations (ISAOs), though questions remain about how these organizations will function and be governed. In February 2015, President Obama, through Executive Order 13691 , encouraged the development of ISAOs across various sectors for stakeholders "to share information related to cybersecurity risks and i...
  • Regulatory NewsRegulatory News

    FDA Emphasizes Sharing, Collaboration in Medical Device Cybersecurity

    The US Food and Drug Administration (FDA) is looking to advance awareness of cybersecurity for medical devices by encouraging sharing and collaboration between manufacturers, healthcare providers and cybersecurity researchers. At a workshop at FDA's White Oak campus in Silver Spring, MD, Wednesday, Stephen Ostroff, acting commissioner at FDA, said the threat of cyberattacks targeting medical devices is growing exponentially. "We know the potential harms that can come to...
  • Regulatory NewsRegulatory News

    FDA to Hold Workshop on Medical Device Cybersecurity

    The US Food and Drug Administration (FDA) will convene a two-day public workshop in January to discuss ways that the agency can address what’s becoming a more imminent threat: the cybersecurity of medical devices. The workshop comes five months since FDA issued its first safety communication on a device’s cybersecurity, raising concerns about the vulnerabilities of Hospira’s Symbiq infusion system, a computerized pump. Suzanne Schwartz, who coordinates cybersecurit...