FDA warns of BlackBerry cyber vulnerability in medical devices

The operating system is often deployed in devices such as cardiac and patient monitors, drug infusion pumps, imaging and surgical robots, according to Nick Yuran, CEO of security consultancy Harbor Labs.

By Greg Slabodkin • Aug. 18, 2021

Predicting the future of healthcare: 10 takeaways from HIMSS21

Along with "guarded optimism" on the current state of the pandemic, some 19,000 on-site attendees in Las Vegas mulled what's next for AI, telehealth, cybersecurity, mental health and more.

By Rebecca Pifer , Hailey Mensik • Aug. 17, 2021

FDA seeks more power for medical device cybersecurity mandates

CDRH wants to require medtechs to have a Software Bill of Materials ready upfront as part of a premarket submission, as well as the capability to update and patch device security into a product's design.

By Greg Slabodkin • Aug. 17, 2021

Medtechs need to up their cybersecurity threat modeling game, FDA says

The agency "will be looking for much more detailed and comprehensive" cyber threat models as part of premarket review, said Suzanne Schwartz, director of CDRH's Office of Strategic Partnerships and Technology Innovation.  

By Greg Slabodkin • Aug. 13, 2021

Should healthcare organizations pay to settle a ransomware attack? Experts weigh in at HIMSS21

"I don't think there's a single yes or no," said Michael Coates, former chief information security officer for Twitter.

By Rebecca Pifer • Aug. 11, 2021

Growing cyberattacks on hospitals may soon hit bottom lines, patient care: Fitch

The increased use of smart monitoring devices, telehealth and other virtual care capabilities are putting patient data at risk, the report said. CT scanners and MRI machines were not necessarily designed with "cyber risk in mind."

By Ron Shinkman • July 26, 2021

FDA wants to require timely updates, patches for legacy devices: cyber chief

Kevin Fu, acting director of device cybersecurity, spelled out the agency's plans to protect aging devices from hackers. There's no current statutory requirement compelling manufacturers to address the problem.

By Greg Slabodkin • June 30, 2021

More than 1/3 of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the criminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 24, 2021

Medicare lacks cyber oversight of hospitals' networked medical devices: OIG

Without proper cybersecurity controls, these devices can be compromised with the potential for patient harm, according to the HHS watchdog. OIG wants CMS to do more to address hospital vulnerabilities.

By Nick Paul Taylor • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Aging medtech and increasingly sophisticated criminals are leaving hospitals highly vulnerable to attacks.

By Greg Slabodkin • June 22, 2021

FDA seeks feedback on distinction between device remanufacturing and servicing

The long-awaited draft guidance is meant to clarify a blurry line between the two processes. The Medical Imaging and Technology Alliance contends remanufacturing is being done by unregulated third-party device servicers.

By Nick Paul Taylor • June 18, 2021

FDA lays out device cybersecurity efforts as feds look to implement Biden executive order

The president signed an order last month seeking to bolster the nation's cyber posture amid growing threats from hackers. 

By Greg Slabodkin • June 9, 2021

Rising hospital ransomware attacks could endanger patients, hit bottom lines hard, Moody's says

Systems have been rendered more vulnerable due to COVID-19 as more non-clinical employees work from home. The warning echos comments made recently by the FDA's cyber chief for medical devices. 

By Ron Shinkman • May 27, 2021

Ransomware, other cyber threats mount as medtech industry tries to adapt

"Everything is hackable," said Kevin Fu, the FDA's medical device cybersecurity chief, who noted that ransomware in particular can render a device useless. 

By Greg Slabodkin • May 25, 2021

Biden orders Software Bill of Materials to boost cybersecurity. AdvaMed wants uniform standards.

An executive order calls for an electronically readable way to provide an inventory of third-party components in devices. The medtech lobby backs the idea but says standardization is critical.  

By Greg Slabodkin • May 21, 2021

5 things medtech can expect from FDA in 2021

"What you saw under the prior administration was this concept of a kinder, softer FDA to industry," said Dennis Gucciardo, partner at Morgan Lewis. Experts now expect a shift, including more enforcement activity.

By Greg Slabodkin • March 15, 2021

COVID-19 leads to explosion in cyberattacks, data breaches

A survey from CI Security found successful hacks involving healthcare organizations or their business associates soared in the second half of last year, leading to a jump in the number of breached patient records.

By Ron Shinkman • Feb. 12, 2021

FDA appoints first medical device cybersecurity chief

University of Michigan professor Kevin Fu will serve a one-year term as acting cyber director at the Center for Devices and Radiological Health. Experts fear the chaos of the pandemic creates the perfect storm for hackers to exploit.

By Greg Slabodkin • Feb. 3, 2021

3 big predictions for digital health in 2021

As tech and data sharing become more pervasive, healthcare will likely pivot to being more predictive and telehealth will evolve, giving rise to new modalities of care. This will force companies to invest more in cybersecurity.

By Rebecca Pifer • Jan. 29, 2021

Healthcare funding shatters records in 2020, helped by COVID-19

Medical device startups raised roughly $6 billion in the fourth quarter, a high point over the last three years, according to a CB Insights report.

By Rebecca Pifer • Jan. 22, 2021

Healthcare cyberattacks spiked 45% since November, report finds

While most ransomware attacks a broad sector, Check Point found Ryuk is tailored toward targets in the healthcare industry.

By Samantha Schwartz • Jan. 5, 2021

BD calls for 'Zero Trust' to combat rising healthcare hacking amid pandemic

The medtech warns threats are plaguing the industry as providers increasingly rely on telehealth and remote monitoring to deliver care to patients.

By Susan Kelly • Dec. 14, 2020

GE medical imaging devices impacted by critical cyber vulnerability

Dozens of products like CT scanners and MRI machines are susceptible to hackers getting access to sensitive health data and disrupting their operation, according to firm CyberMDX. GE says there is no risk to patient safety.

By Greg Slabodkin • Dec. 8, 2020

BD's Alaris infusion pumps flagged for cybersecurity vulnerability

The Department of Homeland Security alert scored the issue 6.5 out of 10 and said a successful attack that exploited the weakness could force operators to manually program the pumps.

By Nick Paul Taylor • Nov. 13, 2020

FDA floats framework to message cybersecurity threats to patients

The proposal, which has the agency and industry sharing responsibility for making the information easy to find, comes as the risks to medical devices continue to grow.

By Nick Paul Taylor • Oct. 21, 2020