Smiths Medical could have a cybersecurity problem

The US Dept. of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team has released a warning over issues with Smiths Medical’s Medfusion 4000 wireless syringe infusion pump after discovering 8 cybersecurity vulnerabilities in the device. The notice is for versions 1.1, 1.5 and 1.6 Medfusion 4000 wireless syringe infusion pumps, according to the DHS […]

FDA recognizes UL 2900 cybersecurity standards

By Stewart Eisenhart, Emergo Group A set of standards published by UL to address medical device cybersecurity issues will soon be adopted by the US Food and Drug Administration to help manufacturers support security assurance claims. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog post are the

Researchers find 8k cyber vulnerabilities in pacemakers

Researchers from the security research firm WhiteScope identified cyber vulnerabilities in file system encryption and in the storage of unencrypted patient data across major vendors of implantable cardiac devices, according to the team’s report. “The findings reveal consistency across all vendors, highlighting the inherent weaknesses in the ecosystem architecture,” the firm wrote. Get the full story

FDA cybersecurity workshop offers long-term solutions for medical device sector

By Stewart Eisenhart, Emergo Group The US Food and Drug Administration’s latest workshop on medical device cybersecurity issues, held May 18 and 19, 2017, firmly established myriad challenges in mitigating this risk, and that no easy or quick fixes are yet available to help manufacturers and other stakeholders address these challenges. Get the full story

FDA launches medical device cybersecurity workshop

By Stewart Eisenhart, Emergo Group Effectiveness of ongoing efforts to address medical device cybersecurity risks will depend on whether stakeholders can properly balance security, safety and usability issues as well as understand end-user environments, according to speakers at a new US Food and Drug Administration workshop. Get the full story here at the Emergo Group’s

Cybersecurity: Is medtech ‘lackadaisical’ about it?

The medical device industry needs to shake itself out of its stupor when it comes to cybersecurity, according to James Scott, senior fellow at the Institute for Critical Infrastructure Technology and author of the new paper, How to Crush the Health Sector’s Ransomware Pandemic. Companies in the medtech sector and the overall healthcare space face

MedCrypt and QuiO partner to protect devices from cyberattacks

MedCrypt and QuiO have announced an integration partnership for a set of cloud-connected injection devices known as the Smartinjector devices to provide safe data transfers of patient prescriptions and injections. OuiO will receive software security with this partnership for its Si One, for specialty drugs, and Si Pen, for diabetes patients. MedCrypt’s software will be

5 mistakes found in cloud-connected medical devices

Cloud-connected medical technology will have a significant impact on the healthcare system. Network-connected medical devices create a world of instant information, warns Dana Good, senior software engineer at Stratos Product Development. For example, she said, “an alert from a patient’s insulin pump, heart monitor or fall detector can be quickly relayed to a physician or

FDA won’t do that: Cybersecurity edition

The medical device industry should not treat cybersecurity as though it were a check box—and they may want to brush up on FDA’s role, says Seth Carmody, PhD, cybersecurity program manager at FDA. Speaking this week during an  HIMMS 2017 education session, Carmody warned that the clinical environment “represents a large attack surface for national security

FDA: St. Jude Medical devices really do have a cybersecurity problem

FDA issued a safety communication on January 9, 2017, detailing St. Jude Medical products that could be vulnerable to cyber threats. These threats could result in rapid battery depletion or administration of inappropriate pacing or shocks—potentially lethal outcomes. FDA noted that there have been no reports of patient harm related to the cybersecurity risks. The news comes

St Jude releases FDA-cleared Merlin@home cybersecurity update

Abbott (NYSE:ABT) subsidiary St. Jude Medical said it launched a cybersecurity update for its Merlin@home remote monitoring system designed for use with implantable pacemakers and defibrillator devices. The Little Canada, Minn.-based company said the move was made to “complement the company’s existing measures and further reduce the extremely low cybersecurity risks.” Read the full story at

Medtech cybersecurity: Why you should still be scared

  Medical devices have turned out to be an Achilles’ heel for a healthcare industry still bombarded by cybersecurity breaches, according to TrapX’s “2016 Year-End Healthcare Cyber-Breach Report.” In 2015, healthcare data security breaches became more than a growing concern—they became a new reality. There were 57 attacks, and hackers breached more than 111,812,172 data records. The

IBM Watson tapped for healthcare cybercrime watch

The Watson for Cyber Security beta program launched this week to help prevent crime in finance, healthcare, and other sectors. About 40 companies will adopt the program into their security systems. The initial goal of Watson will be to learn how to identify security events and determine whether they are associated with malware and suspicious

Cybersecurity is key for labs as hackers attack hospitals

The persistence of cyberattacks on hospital networks now makes healthcare the most frequently attacked industry, beating out the financial and retail sectors and costing the industry $5 billion to $6 billion annually. However, laboratories can fend off cybersecurity threats by being aware of best practices, taking steps to protect data and having back-up plans in

Researchers uncover hackable ‘fatal flaws’ in defibrillators

Exploitable cybersecurity flaws that could be fatal were found in 10 different implantable medical devices, according to a new report from a European research team. Researchers at Belgium’s KU Leuven University examined 10 device, specifically implantable cardioverter defibrillators. The team used only commercial, off the shelf items and had no prior knowledge of the devices,