Cybersecurity


  • Image attribution tooltip
    Sean Gallup via Getty Images

    Employees cause more cyber breaches in healthcare than other industries, report finds

    Employees were responsible for 39% of healthcare breaches last year. That's compared to 18% across all industries, according to new Verizon research.

    By Rebecca Pifer • May 27, 2022
  • Image attribution tooltip
    Stefan Zaklin via Getty Images

    House user-fees bill details clinical trial diversity, cybersecurity requirements

    The legislation would let the FDA bring in $1.78 billion in fee revenue from 2023 to 2027 to fund the review of medical devices. That amount could increase to $1.9 billion if the agency meets certain performance goals.

    By May 10, 2022
  • Image attribution tooltip
    Brian Tucker

    CDRH's Shuren expects center to return to normal this year despite ongoing COVID work

    Jeff Shuren, the director of the FDA's Center for Devices and Radiological Health, also stressed the need for increased cybersecurity and supply chain funding and authority during an event on April 29.

    By May 2, 2022
  • Image attribution tooltip
    Sean Gallup via Getty Images

    Medtech survey finds widespread cybersecurity noncompliance despite rising investment

    Over 80% of respondents see device security as a competitive advantage and almost every company budgeted more money for it this year. However, 80% view the issue as a "necessary evil" imposed by regulators.

    By April 21, 2022
  • Image attribution tooltip

    Image courtesy of FDA

    FDA official: Draft cybersecurity guidance has 'teeth'

    Not following the guidance in premarket submissions means potential delays for device makers, said Suzanne Schwartz, director of CDRH's Office of Strategic Partnerships and Technology Innovation.

    By April 11, 2022
  • Image attribution tooltip
    sturti/E+ via Getty Images
    Sponsored by Skyflow

    Going beyond HIPAA compliance is worthwhile

    Just because HIPAA doesn't require the use of data governance technology doesn't mean you can do without it.

    April 11, 2022
  • Image attribution tooltip
    Sarah Silbiger via Getty Images

    FDA clarifies cybersecurity recommendations for device makers in new guidance

    The draft guidance, which replaces a 2018 document, sets recommendations for how medical device companies should approach cybersecurity in premarket submissions and maintaining products throughout their lifecycle.

    By April 7, 2022
  • Image attribution tooltip
    DK Fielding via Getty Images

    Senators drill down on rising user fees, cybersecurity and clinical trial diversity in MDUFA hearing

    While Tuesday's Senate hearing did not include FDA officials, lawmakers questioned industry groups as they consider the MDUFA V agreement that would increase the amount the agency can collect in fees from device makers.

    By April 6, 2022
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/MedTech Dive; photograph by yucelyilmaz via Getty Images

    CISA warns about cyber flaw in Philips MRI monitoring software

    Philips' e-Alert has a vulnerability that could allow an unauthorized user to remotely shut down the system, the U.S. Cybersecurity and Infrastructure Security Agency said in an advisory.

    By March 30, 2022
  • Image attribution tooltip
    Sarah Silbiger via Getty Images

    FDA asks Congress for 14% bump in device budget for supply chain, cybersecurity programs

    For the devices program, the FDA is asking for roughly $698 million, with approximately $466 million from the budget authority and $232 million from user fees.

    By March 29, 2022
  • Image attribution tooltip
    Win McNamee via Getty Images

    'On high alert': Hospitals wary of cyber threats from Russia-Ukraine war

    Cybersecurity has always been chronically underfunded in hospitals, even before COVID-19 swallowed up more resources. Now, this major international threat is creating a "perfect storm," one cybersecurity expert said.

    By Rebecca Pifer • March 21, 2022
  • Image attribution tooltip
    JuSun via Getty Images

    FDA warns of cyber vulnerabilities in medical device software components

    An agency alert warned that flaws in PTC's Axeda agent and desktop server, used in devices from several manufacturers, could allow an unauthorized attacker to take full control of the host operating system.

    By March 9, 2022
  • Image attribution tooltip
    Getty Images

    75% of infusion pumps have cyber flaws, putting them at risk from hackers: study

    An analysis of more than 200,000 infusion pumps, using crowd-sourced data supplied by healthcare organizations, found about half were susceptible to "critical" and "high" severity cybersecurity vulnerabilities.   

    By March 3, 2022
  • Deep Dive

    Medtech, hospitals on alert for cyberattacks after Russia's invasion of Ukraine

    While cybersecurity threats to healthcare and medical devices have grown during the pandemic, the Russia-Ukraine conflict has raised the threat level, putting patient safety at risk.

    By Feb. 28, 2022
  • Image attribution tooltip
    JuSun via Getty Images

    Cybersecurity leads ECRI's list of top medtech hazards for 2022

    Cyber incidents can compromise patient care and attacks against hospitals have become more prevalent in recent years. However, ECRI said the worst consequences are preventable.

    By Jan. 18, 2022
  • Image attribution tooltip
    Sean Gallup via Getty Images

    FDA warns about Log4j cybersecurity vulnerabilities in medical devices

    The bugs in Apache's Java-based open source logging library could potentially allow unauthorized users to remotely impact the safety and effectiveness of device functionality, according to the agency.

    By Dec. 20, 2021
  • Image attribution tooltip
    Win McNamee via Getty Images
    Deep Dive

    Medical device security continues to be casualty of hospital-medtech divide

    FDA says manufacturers and hospitals are both responsible for protecting devices from growing cybersecurity threats. However, experts say healthcare providers carry a much heavier load.

    By Dec. 1, 2021
  • Image attribution tooltip
    JuSun via Getty Images

    Cyber playbook sets out strategies for modeling threats to medical devices

    The FDA-funded guide arrives against a backdrop of calls from the agency for the medtech industry to step up its threat modeling throughout the device lifecycle in order to strengthen cybersecurity and patient safety.

    By Dec. 1, 2021
  • Image attribution tooltip
    zefart/iStock/Getty via Getty Images

    Siemens software vulnerabilities potentially put millions of medical devices at risk

    A U.S. cybersecurity agency issued an alert about the vulnerabilities which could allow hackers to disrupt the operation of anesthesia machines and bedside monitors from multiple manufacturers.

    By Nov. 11, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images
    Deep Dive

    Will a software bill of materials help or hurt medical device cybersecurity?

    President Joe Biden's executive order calls for SBOMs, and the FDA wants to require premarket submissions to have an inventory of third-party device components. AdvaMed is concerned the data could be exploited by hackers.

    By Oct. 7, 2021
  • Medtronic expands 2 MiniMed insulin pump recalls on ring flaw, cyber risks

    The recalls have hit the medtech giant at a time when competitors Insulet and Tandem are ramping up in the insulin pump market and amid flagging sales in its diabetes unit.

    By Oct. 5, 2021
  • Image attribution tooltip
    Retrieved from AdvaMed on October 04, 2021

    MCIT, cyber, RWE and 3 more takeaways from AdvaMed's 2021 conference

    The medtech industry gathered virtually and in person for the lobby's annual conference, with topics ranging from the kill-off of the breakthrough device payment pathway to the pandemic upending CDRH's 2021 reset.

    Oct. 4, 2021
  • Ransomware attacks put availability of medical devices at risk: FDA cyber chief

    Industry reached a "watershed moment" earlier this year when a device outage caused by malware endangered patient lives, Kevin Fu, acting director of cybersecurity at CDRH said. "That was something we haven't seen before."

    By Oct. 1, 2021
  • Image attribution tooltip
    Max Pixel

    Quarter of providers saw mortality rates rise after ransomware attacks, survey finds

    Only 36% of healthcare organizations said they are effective in knowing where all their medical devices are, while just 35% indicated they know when a device's operating system is at end of life or out of date.

    By Rebecca Pifer • Sept. 24, 2021
  • Image attribution tooltip
    Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.

    FTC warns app makers fall under breach notification rule

    The agency noted that developers of health apps and connected devices are considered healthcare providers. Any unauthorized access, including sharing information without consent, would trigger the Health Breach Notification Rule.

    By Shannon Muchmore • Sept. 16, 2021