Will a software bill of materials help or hurt medical device cybersecurity?

President Joe Biden's executive order calls for SBOMs, and the FDA wants to require premarket submissions to have an inventory of third-party device components. AdvaMed is concerned the data could be exploited by hackers.

By Greg Slabodkin • Oct. 7, 2021

Medtronic expands 2 MiniMed insulin pump recalls on ring flaw, cyber risks

The recalls have hit the medtech giant at a time when competitors Insulet and Tandem are ramping up in the insulin pump market and amid flagging sales in its diabetes unit.

By Susan Kelly • Oct. 5, 2021

MCIT, cyber, RWE and 3 more takeaways from AdvaMed's 2021 conference

The medtech industry gathered virtually and in person for the lobby's annual conference, with topics ranging from the kill-off of the breakthrough device payment pathway to the pandemic upending CDRH's 2021 reset.

Oct. 4, 2021

Ransomware attacks put availability of medical devices at risk: FDA cyber chief

Industry reached a "watershed moment" earlier this year when a device outage caused by malware endangered patient lives, Kevin Fu, acting director of cybersecurity at CDRH said. "That was something we haven't seen before."

By Greg Slabodkin • Oct. 1, 2021

Quarter of providers saw mortality rates rise after ransomware attacks, survey finds

Only 36% of healthcare organizations said they are effective in knowing where all their medical devices are, while just 35% indicated they know when a device's operating system is at end of life or out of date.

By Rebecca Pifer • Sept. 24, 2021

FTC warns app makers fall under breach notification rule

The agency noted that developers of health apps and connected devices are considered healthcare providers. Any unauthorized access, including sharing information without consent, would trigger the Health Breach Notification Rule.

By Shannon Muchmore • Sept. 16, 2021

FDA creates new office to drive forward digital transformation strategy

Vid Desai, who will help lead the new Office of Digital Transformation, was also named as the agency's chief information officer. FDA is seeking an extra $75.9 million in the 2022 budget to support the modernization plan.

By Nick Paul Taylor • Sept. 16, 2021

ECRI CEO: FDA, industry must revisit COVID-19 medical device EUAs as shortages ebb

Marcus Schabacker spoke to MedTech Dive about patient safety, cyberattacks in healthcare and risks from the rise of at-home care.

By Ricky Zipp • Sept. 3, 2021

Outpatient facilities targeted for cyberattacks nearly as often as hospitals, data shows

The number of breaches at healthcare organizations in the first half of this year was up significantly from the first half of last year, and higher than any six-month period since 2018, according to the Critical Insight report.

By Hailey Mensik • Aug. 30, 2021

FDA warns of BlackBerry cyber vulnerability in medical devices

The operating system is often deployed in devices such as cardiac and patient monitors, drug infusion pumps, imaging and surgical robots, according to Nick Yuran, CEO of security consultancy Harbor Labs.

By Greg Slabodkin • Aug. 18, 2021

Predicting the future of healthcare: 10 takeaways from HIMSS21

Along with "guarded optimism" on the current state of the pandemic, some 19,000 on-site attendees in Las Vegas mulled what's next for AI, telehealth, cybersecurity, mental health and more.

By Rebecca Pifer , Hailey Mensik • Aug. 17, 2021

FDA seeks more power for medical device cybersecurity mandates

CDRH wants to require medtechs to have a Software Bill of Materials ready upfront as part of a premarket submission, as well as the capability to update and patch device security into a product's design.

By Greg Slabodkin • Aug. 17, 2021

Medtechs need to up their cybersecurity threat modeling game, FDA says

The agency "will be looking for much more detailed and comprehensive" cyber threat models as part of premarket review, said Suzanne Schwartz, director of CDRH's Office of Strategic Partnerships and Technology Innovation.  

By Greg Slabodkin • Aug. 13, 2021

Should healthcare organizations pay to settle a ransomware attack? Experts weigh in at HIMSS21

"I don't think there's a single yes or no," said Michael Coates, former chief information security officer for Twitter.

By Rebecca Pifer • Aug. 11, 2021

Growing cyberattacks on hospitals may soon hit bottom lines, patient care: Fitch

The increased use of smart monitoring devices, telehealth and other virtual care capabilities are putting patient data at risk, the report said. CT scanners and MRI machines were not necessarily designed with "cyber risk in mind."

By Ron Shinkman • July 26, 2021

FDA wants to require timely updates, patches for legacy devices: cyber chief

Kevin Fu, acting director of device cybersecurity, spelled out the agency's plans to protect aging devices from hackers. There's no current statutory requirement compelling manufacturers to address the problem.

By Greg Slabodkin • June 30, 2021

More than 1/3 of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the criminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 24, 2021

Medicare lacks cyber oversight of hospitals' networked medical devices: OIG

Without proper cybersecurity controls, these devices can be compromised with the potential for patient harm, according to the HHS watchdog. OIG wants CMS to do more to address hospital vulnerabilities.

By Nick Paul Taylor • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Aging medtech and increasingly sophisticated criminals are leaving hospitals highly vulnerable to attacks.

By Greg Slabodkin • June 22, 2021

FDA seeks feedback on distinction between device remanufacturing and servicing

The long-awaited draft guidance is meant to clarify a blurry line between the two processes. The Medical Imaging and Technology Alliance contends remanufacturing is being done by unregulated third-party device servicers.

By Nick Paul Taylor • June 18, 2021

FDA lays out device cybersecurity efforts as feds look to implement Biden executive order

The president signed an order last month seeking to bolster the nation's cyber posture amid growing threats from hackers. 

By Greg Slabodkin • June 9, 2021

Rising hospital ransomware attacks could endanger patients, hit bottom lines hard, Moody's says

Systems have been rendered more vulnerable due to COVID-19 as more non-clinical employees work from home. The warning echos comments made recently by the FDA's cyber chief for medical devices. 

By Ron Shinkman • May 27, 2021

Ransomware, other cyber threats mount as medtech industry tries to adapt

"Everything is hackable," said Kevin Fu, the FDA's medical device cybersecurity chief, who noted that ransomware in particular can render a device useless. 

By Greg Slabodkin • May 25, 2021

Biden orders Software Bill of Materials to boost cybersecurity. AdvaMed wants uniform standards.

An executive order calls for an electronically readable way to provide an inventory of third-party components in devices. The medtech lobby backs the idea but says standardization is critical.  

By Greg Slabodkin • May 21, 2021

5 things medtech can expect from FDA in 2021

"What you saw under the prior administration was this concept of a kinder, softer FDA to industry," said Dennis Gucciardo, partner at Morgan Lewis. Experts now expect a shift, including more enforcement activity.

By Greg Slabodkin • March 15, 2021