From robots to staplers, a top 10 list of medtech safety hazards

The nonprofit ECRI identified increased use of certain devices outside of acute care settings and adoption of some technologies before safety is fully assessed as common themes in its annual ranking.

By Susan Kelly • Oct. 8, 2019

Third-party software vulnerability could endanger medical devices, FDA and DHS warn

The alerts expand the list of vendors whose operating systems could be exploited due to vulnerabilities known as URGENT/11. Medical devices affected include an infusion pump and an anesthesia machine, FDA said Tuesday.

By Susan Kelly • Oct. 2, 2019

FDA creates agencywide tech modernization roadmap

The agency plans to spend the next one to two years upgrading its infrastructure to meet emerging data handling needs.

By Nick Paul Taylor • Sept. 19, 2019

Moody's: Hospitals highly vulnerable to cyberattacks

Although email phishing, EHR breaches and ransomware schemes are most common, the new report also calls attention to vulnerabilities in medical technologies like insulin pumps and cardiac devices.

By Ron Shinkman • Sept. 16, 2019

US needs cyber-savvy doctors as connected device use rises, FDA panel says

Patients deserve cybersecurity training as part of the informed consent process, but healthcare providers aren't well-equipped to offer it, an FDA advisory committee said Tuesday. 

By Maria Rachal • Sept. 11, 2019

FDA looks to define 'triggers' for medical device cybersecurity warnings

When do the benefits of notifying patients of potential risks outweigh possible harms? The agency's Patient Engagement Advisory Committee is weighing in Tuesday.

By Maria Rachal • Sept. 10, 2019

McKesson, Philips devices flagged by DHS for cyber vulnerabilities

Certain cardiovascular IT systems and ultrasound devices could be exploited by hackers, the Department of Homeland Security wrote in separate notices.

By Nick Paul Taylor • Aug. 30, 2019

VA software workarounds put patient data at risk: OIG

The watchdog made several recommendations after determining fixes intended to allow medical devices to interface with the Veterans Health Administration's EHR system compromised patients’ personal information.

By Susan Kelly • Aug. 5, 2019

Data breaches in 2019 already double all of last year

The single largest data breach stemmed from a hack of a major medical collections agency working for companies including Quest and LabCorp, the report from Protenus found. Twenty million patient records were affected.

By Rebecca Pifer • Aug. 2, 2019

Philips, DHS flag cyber vulnerability in EKG analysis software

Highly skilled, unauthorized users may be able to enable system options not purchased in Philips' Holter 2010 Plus software, but the company said the issue shouldn't compromise patient data or overall system operations.  

By Maria Rachal • July 15, 2019

Feds warn of cyber vulnerability in hospital anesthesia machines

The issue, found in GE's Aestiva and Aespire devices, could allow an attacker to impair respirator functionality by silencing alarms, altering time and date records, and changing the composition of aspirated gases.

By Susan Kelly • July 9, 2019

FDA patient advisory meeting set to tackle cybersecurity in devices

The September meeting will partly focus on how healthcare providers should best communicate cybersecurity risks to medical device users.

By Susan Kelly • July 3, 2019

Interagency workshop to focus on device interoperability

The Health Information Technology Research and Development Interagency Working Group is seeking feedback from industry, academia and government experts on potential solutions for creating interoperable systems.

By Susan Kelly • June 28, 2019

Medtronic insulin pump recall lands in FDA's top risk category after cybersecurity warning

The Class I determination follows an FDA warning in June that a hacker could dangerously tamper with insulin dosing. As of Tuesday, the agency is unaware of any cases of patient harm stemming from the vulnerability.

By Nick Paul Taylor • Updated Nov. 5, 2019

SaMD will increase device innovation: Fitch

FDA’s proposed regulatory framework will allow medical technology manufacturers to incorporate AI and machine learning while improving software monitoring.

By Susan Kelly • June 17, 2019

DHS warns of severe security flaw with BD infusion pumps

The department gave the BD Alaris Gateway Workstation vulnerability the maximum score on a standard grading scale.

By Nick Paul Taylor • June 14, 2019

China leads world in digital health adoption, Philips survey finds

Healthcare professionals in China are more likely to recommend patients use digital health technologies than their peers in the West.

By Nick Paul Taylor • June 12, 2019

Quest, LabCorp breach stirs questions of cybersecurity risk from outside vendors

The breach could result in new regulations and rules governing how U.S. companies select and assess their vendors, according to Moody's.

By Rebecca Pifer • Updated June 11, 2019

Inside Quest Diagnostics, LabCorp's supply chain breach

The intrusion happened inside the American Medical Collection Agency, but responsibility is shared through its partner ecosystem.

By Samantha Schwartz • June 6, 2019

LabCorp says 7.7M patients exposed in same data breach as Quest Diagnostics

The company Wednesday also announced Adam Schechter, current lead independent director of LabCorp's board and longtime Merck executive, will replace David King as CEO Nov. 1.

By David Lim • June 5, 2019

11.9M Quest Diagnostics patients potentially exposed to data breach

Financial, medical and other personal information, such as Social Security numbers, may have been exposed, the company reported Monday morning.

By David Lim • June 3, 2019

WannaCry malware still hitting healthcare organizations

About 40% of healthcare delivery organizations have experienced at least one WannaCry attack in the past six months, largely because of older, unmanaged devices that are difficult to patch, according to cybersecurity firm Armis.

By Shannon Muchmore • May 30, 2019

Touchstone Medical Imaging pays $3M to settle HIPAA breach case

HHS found Touchstone failed to properly investigate the security incident until months after it learned of the breach.

By Nick Paul Taylor • May 7, 2019

DHS highlights cybersecurity weakness in Philips EMR

Hackers could exploit a vulnerability in the company's electronic medical record system to access sensitive information or execute arbitrary code, the Cybersecurity and Infrastructure Security Agency said.

By Nick Paul Taylor • May 1, 2019

Legacy systems, employee error leave hospitals, devices vulnerable to cyberattacks

The challenge of guarding health systems is compounded by connected medical devices not being vetted for cybersecurity controls before joining networks, according to new research from threat detection firm Vectra.

By Meg Bryant • April 26, 2019