Federal Mandates on Medical-Device Cybersecurity Get Serious
For six months, medical device makers have had to comply with new cybersecurity regulations aimed at hardening medical devices against cyber attacks, but the US Food and Drug Administration has largely refrained from using its “refuse to accept” power up to now. On Oct. 1, the FDA’s grace period — during which the agency stated…
FDA Announces New Cybersecurity Requirements for Medical Devices
Guidance issued by the agency on March 30 explains that the new requirements are part of the Consolidated Appropriations Act signed into law in late 2022, specifically a section titled “Ensuring Cybersecurity of Medical Devices”, which amended the Federal Food, Drug, and Cosmetic Act (FD&C Act). According to the FDA, submissions for new medical devices…
The future history of medical device cybersecurity
In 1555, Nostradamus published his famous Les Prophéties containing obfuscated prophecies for the world to come. Some believe that one of these predictions pertains to the year 2020 and it reads, in part: “The false trumpet concealing madness / will cause Byzantium to change its laws.” Yeah… I have no idea what that means either!…
Seven cybersecurity and privacy forecasts for 2020
The developments in the area of cybersecurity are alarming. As the number of smart devices in private households increases, so do the opportunities for cyber criminals to attack, TÜV Rheinland reveals. Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers. “From…
How to reduce the attack surface associated with medical devices
As the number of connected medical devices continues to rise, so does healthcare organizations’ attack surface. “Most medical devices available in the healthcare system today were not built with security in mind and it will take years until they are replaced (if they are at all) with next-generation devices,” says Leon Lerman, CEO and co-founder…
Hacking our way into cybersecurity for medical devices
Hospitals are filled with machines connected to the internet. With a combination of both wired and wireless connectivity, knowing and managing which devices are connected has become more complicated and, consequently, the institutions’ attack surface has expanded. When did these devices get smart? A brief timeline shows the FDA didn’t start regulating the connectivity of…
Hackers are finding creative ways to target connected medical devices
Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights, according to Zingbox. These insights are then used to refine the attacks, increasing the chance of successful hack. “Hackers are finding new and creative ways to target connected medical devices. We have to…