FDA wants to require timely updates, patches for legacy devices: cyber chief

Kevin Fu, acting director of device cybersecurity, spelled out the agency's plans to protect aging devices from hackers. There's no current statutory requirement compelling manufacturers to address the problem.

By Greg Slabodkin • June 30, 2021

More than 1/3 of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the criminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 24, 2021

Medicare lacks cyber oversight of hospitals' networked medical devices: OIG

Without proper cybersecurity controls, these devices can be compromised with the potential for patient harm, according to the HHS watchdog. OIG wants CMS to do more to address hospital vulnerabilities.

By Nick Paul Taylor • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Aging medtech and increasingly sophisticated criminals are leaving hospitals highly vulnerable to attacks.

By Greg Slabodkin • June 22, 2021

FDA seeks feedback on distinction between device remanufacturing and servicing

The long-awaited draft guidance is meant to clarify a blurry line between the two processes. The Medical Imaging and Technology Alliance contends remanufacturing is being done by unregulated third-party device servicers.

By Nick Paul Taylor • June 18, 2021

FDA lays out device cybersecurity efforts as feds look to implement Biden executive order

The president signed an order last month seeking to bolster the nation's cyber posture amid growing threats from hackers. 

By Greg Slabodkin • June 9, 2021

Rising hospital ransomware attacks could endanger patients, hit bottom lines hard, Moody's says

Systems have been rendered more vulnerable due to COVID-19 as more non-clinical employees work from home. The warning echos comments made recently by the FDA's cyber chief for medical devices. 

By Ron Shinkman • May 27, 2021

Ransomware, other cyber threats mount as medtech industry tries to adapt

"Everything is hackable," said Kevin Fu, the FDA's medical device cybersecurity chief, who noted that ransomware in particular can render a device useless. 

By Greg Slabodkin • May 25, 2021

Biden orders Software Bill of Materials to boost cybersecurity. AdvaMed wants uniform standards.

An executive order calls for an electronically readable way to provide an inventory of third-party components in devices. The medtech lobby backs the idea but says standardization is critical.  

By Greg Slabodkin • May 21, 2021

5 things medtech can expect from FDA in 2021

"What you saw under the prior administration was this concept of a kinder, softer FDA to industry," said Dennis Gucciardo, partner at Morgan Lewis. Experts now expect a shift, including more enforcement activity.

By Greg Slabodkin • March 15, 2021

COVID-19 leads to explosion in cyberattacks, data breaches

A survey from CI Security found successful hacks involving healthcare organizations or their business associates soared in the second half of last year, leading to a jump in the number of breached patient records.

By Ron Shinkman • Feb. 12, 2021

FDA appoints first medical device cybersecurity chief

University of Michigan professor Kevin Fu will serve a one-year term as acting cyber director at the Center for Devices and Radiological Health. Experts fear the chaos of the pandemic creates the perfect storm for hackers to exploit.

By Greg Slabodkin • Feb. 3, 2021

3 big predictions for digital health in 2021

As tech and data sharing become more pervasive, healthcare will likely pivot to being more predictive and telehealth will evolve, giving rise to new modalities of care. This will force companies to invest more in cybersecurity.

By Rebecca Pifer • Jan. 29, 2021

Healthcare funding shatters records in 2020, helped by COVID-19

Medical device startups raised roughly $6 billion in the fourth quarter, a high point over the last three years, according to a CB Insights report.

By Rebecca Pifer • Jan. 22, 2021

Healthcare cyberattacks spiked 45% since November, report finds

While most ransomware attacks a broad sector, Check Point found Ryuk is tailored toward targets in the healthcare industry.

By Samantha Schwartz • Jan. 5, 2021

BD calls for 'Zero Trust' to combat rising healthcare hacking amid pandemic

The medtech warns threats are plaguing the industry as providers increasingly rely on telehealth and remote monitoring to deliver care to patients.

By Susan Kelly • Dec. 14, 2020

GE medical imaging devices impacted by critical cyber vulnerability

Dozens of products like CT scanners and MRI machines are susceptible to hackers getting access to sensitive health data and disrupting their operation, according to firm CyberMDX. GE says there is no risk to patient safety.

By Greg Slabodkin • Dec. 8, 2020

BD's Alaris infusion pumps flagged for cybersecurity vulnerability

The Department of Homeland Security alert scored the issue 6.5 out of 10 and said a successful attack that exploited the weakness could force operators to manually program the pumps.

By Nick Paul Taylor • Nov. 13, 2020

FDA floats framework to message cybersecurity threats to patients

The proposal, which has the agency and industry sharing responsibility for making the information easy to find, comes as the risks to medical devices continue to grow.

By Nick Paul Taylor • Oct. 21, 2020

FDA launches years-in-the-making digital health center

The center's focus areas will include the Pre-Cert program, AI and machine learning in software as a medical device, as well as cybersecurity and wireless medical devices.

By Susan Kelly • Sept. 23, 2020

Insulin pumps among millions of devices facing risk from newly disclosed cyber vulnerability, IBM says

The firm's hacking team said the vulnerability may allow criminals to remotely alter patient dosing, as well as manipulate readings from medical device monitors "to cover up concerning vital signs or create false panic."

By Greg Slabodkin • Aug. 25, 2020

'If the public knew:' Ripple20 shows medical device software cyber weakness

Last month’s discovery that Baxter and B. Braun infusion pumps face risk of remote attacks by hackers comes as a medtech effort gains momentum to track third-party components in devices.

By Greg Slabodkin • July 7, 2020

Baxter, B. Braun infusion pumps among millions of devices implicated in Ripple20 cyber alert

Despite warnings that a remote hacker could gain control of a pump, medtechs affected by the vulnerabilities described it as low risk and manageable.

By Greg Slabodkin • June 24, 2020

Lack of data encryption for Baxter devices flagged in flurry of DHS alerts

The Department of Homeland Security's cyber agency published four advisories, ranging from 7.5 to 8.6 on its 10-point severity scale, about vulnerabilities in infusion pumps, hemodialysis delivery systems and other tech.

By Nick Paul Taylor • June 19, 2020

Coronavirus chaos ripe for hackers to exploit medical device vulnerabilities

Interpol warned that cybercriminals are using ransomware to target healthcare organizations already overwhelmed by COVID-19, and noted a significant increase in detected health system attacks since the start of the pandemic.

By Greg Slabodkin • April 8, 2020