• Regulatory NewsRegulatory News

    FDA to Hold Workshop on Medical Device Cybersecurity

    The US Food and Drug Administration (FDA) will convene a two-day public workshop in January to discuss ways that the agency can address what’s becoming a more imminent threat: the cybersecurity of medical devices. The workshop comes five months since FDA issued its first safety communication on a device’s cybersecurity, raising concerns about the vulnerabilities of Hospira’s Symbiq infusion system, a computerized pump. Suzanne Schwartz, who coordinates cybersecurit...
  • Regulatory NewsRegulatory News

    Security Researcher Says Additional Hospira Infusion Pumps Vulnerable to Hacking

    A prominent security researcher is warning that additional infusion pump models manufactured by Hospira are vulnerable to intrusion by hackers, just weeks after a similar warning prompted action by the US Food and Drug Administration (FDA) and the US Department of Homeland Security (DHS). Background In May 2015, DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a warning regarding potential security vulnerabilities within Hospira's LifeCa...
  • Regulatory NewsRegulatory News

    Government Cybersecurity Officials Warn Hospira Device Vulnerable to Hackers

    US cybersecurity officials have issued a warning regarding a medical device manufactured by Hospira, saying the device was identified as having several vulnerabilities which have since been patched. The warning, issued on 5 May 2014 by the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) focuses on Hospira's LifeCare PCA Infusion System, an intravenous pump used to deliver medication to patients. ICS-CERT said that a ...
  • Regulatory NewsRegulatory News

    Hacking Group Targets Regulatory Professionals, Seeking Insider Information

    Regulatory professionals, watch out: A group of hackers is targeting pharmaceutical and medical device companies, and eyeing regulatory professionals as a way past corporate firewalls. The New York Times is reporting that a group of investment-oriented hackers has been targeting more than 100 companies—"the vast majority publicly traded healthcare or pharmaceutical companies"—in a bid to gain a "market edge." The attacks are remarkable, The Times noted, in that the ...
  • Regulatory NewsRegulatory News

    Pacemakers Get Hacked On TV, But Could It Happen In Real Life?

    Jay Radcliffe breaks into medical devices for a living, testing for vulnerabilities as a security researcher. He’s also a diabetic, and gives himself insulin injections instead of relying on an automated insulin pump, which he says could be hacked. “I’d rather stab myself six times a day with a needle and syringe,” Radcliffe recently told security experts meeting near Washington, D.C. “At this point, those devices are not up to standard.” Concern about the vulnerabilit...
  • Regulatory NewsRegulatory News

    Federal Audit Finds FDA Website, Internal Network Vulnerable to Hackers

    A government audit of the US Food and Drug Administration (FDA), ordered last year after one of the agency's databases was compromised, has found the agency is vulnerable to hacking attempts which could lead to the loss of sensitive information. Background In November 2013 FDA quietly reported that several databases maintained by its Center for Biologics Evaluation and Research (CBER) had been hacked into. Information on at least 14,000 accounts had been improperly ac...
  • Senior Legislators Call for Investigation into Hacking of FDA Databases

    Senior Republican members of the House Energy and Commerce Committee have opened an investigation into the hacking of several databases maintained by the Center for Biologics Evaluation and Research (CBER), saying information provided to the public indicates that its databases may not have been properly secured. Background News of the hacking was first reported by Regulatory Focus on 11 November 2013, several days after the US Food and Drug Administration (FDA) quietl...
  • FDA: No Comment on Whether Hacked Data was Encrypted

    US Food and Drug Administration (FDA) officials have refused to say whether passwords that had been hacked into during an October intrusion into the agency's database had been encrypted, saying that to release that information would be to compromise its "IT security posture." Background As first reported by Focus on 11 November, FDA had disclosed on 8 November to a select group of industry officials that databases within the Center for Biologics Evaluation and Rese...
  • FDA: We Were Hacked During Government Shutdown

    US Food and Drug Administration (FDA) officials quietly announced late Friday that their biologics online submission system had been "compromised" by an unauthorized user-hacked, in common parlance-leading to the access of users' account information, email addresses and passwords. Notice of the hacking was sent to members of industry on 8 November 2013 at around 5:30 p.m. FDA said the intrusion was detected on 15 October 2013, a date when much of the agency's staff were...
  • Government Investigators: FDA Must Assess Medical Devices for Hacking Risks

    Government oversight officials are sounding the alarm over what they say is the potential for US Food and Drug Administration-regulated medical devices to be hacked, saying FDA needs to establish new safeguards to ensure unguarded devices don't exhibit easily exploited vulnerabilities. The report, " FDA Should Expand Its Consideration of Information Security for Certain Types of Devices ," was authored by the Government Accountability Office (GAO), an investigative servi...
  • Security Agency Warns About Medical Device Vulnerabilities

    The US Department of Homeland Security (DHS) issued a warning on 4 May regarding the potential for medical devices to be compromised by hackers, saying "health care entities need to take [the threat] very seriously." The report, " Attack Surface: healthcare and Public Health Sector ," put out by DHS's National Cybersecurity and Communications Integration Center (NCCIC), says the US Food and Drug Administration (FDA) currently "cannot regulate medical device use or users,...
  • Researchers Say They Can Stop Medical Device Hackers From Gaining Unauthorized Access

    After reports were issued by a government body warning government regulators of the susceptibility of life-sustaining medical devices to rogue hackers, researchers at the Universities of Purdue and Princeton have announced the creation of a prototype firewall that could prevent such attacks from occurring. The previous report, issued by the National Institute of Standards and Technology, warned the US Food and Drug Administration (FDA) about the lack of security standard...