Government warns on cybersecurity issue with Fresenius Kabi’s Agilia Connect infusion system

The U.S. Cyber Security & Infrastructure Security Agency today issued a medical advisory for the Fresenius Kabi Agilia Connect infusion system.

Fresenius Kabi’s Agilia Connect infusion system has been deemed “exploitable remotely/low attack complexity” by the agency. Successful exploitation of vulnerabilities could allow an attacker to gain access to sensitive information, modify settings or parameters or perform arbitrary actions as an authenticated user.

Get the full story at our sister site, Drug Delivery Business News.

Read more
  • December 21, 2021
  • 0

FDA says there’s a cybersecurity vulnerability with Apache’s Log4j

[Image from Pixabay]

The FDA is raising awareness about a cybersecurity vulnerability related to Apache’s Log4j — used to log security and performance information for many software applications, including in the medical device space.

The vulnerability involves Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1.

The FDA said in a statement posted on December 17 that it does not know of the Log4j problems causing a medical device adverse event. However, there is still a risk that the situation could make a medical device unavailable, or an unauthorized user could remotely impact safety and effectiveness.

The Cybersecurity and Infrastructure Security Agency (CISA) agency has established a website with more information, including recommendations to address the vulnerability. The FDA encourages manufacturers to communicate with customers about the problem and coordinate with the …

Read more
  • December 20, 2021
  • 0

How to protect medical devices from hidden cybersecurity risks

[Image by Tumisu on Pixabay]

Your software supply chain could be a cybersecurity risk. Here’s what you can do.

Vince Arneja, GrammaTech

The healthcare industry has been fighting a war on two fronts during the COVID-19 pandemic against the virus and an outbreak of cyberattacks. The Department of Health and Human Services says the sector reported a 9,851% increase in cyberattacks in 2020 compared to 2019.

Cybercriminals see healthcare organizations as “soft targets” that are not as well defended; they need to be accessible to users and have heavy traffic of files and records, which leave multiple attack vectors open for criminals. In addition, healthcare is in the midst of a technology expansion, with explosive growth in Internet of Things (IoT) connections, patient portals and telehealth.

All these new medical technology applications run…

Read more
  • December 2, 2021
  • 0

Why cyberattacks targeting pharma are ramping up

Cyberattacks targeting the pharma industry have ramped up during the pandemic, and insider threats and nation-state attacks are on the rise. Meanwhile, the average cost of a pharma breach in 2021 is $5.04 million, according to the IBM-sponsored Ponemon Institute’s Cost of a Data Breach Report. For context, an average data breach incurs damages of $4.24 million.

Pharmaceutical companies are beginning to allocate more resources to cybersecurity, according to Howard Ting, CEO of data detection and response business Cyberhaven (Palo Alto, Calif.).

Pharma companies’ data is increasingly decentralized

The traditional model for protecting sensitive data was to create the networking equivalent to a castle and moat. But in the pharmaceutical industry and elsewhere, sensitive data can no longer be stored under lock and key. Pharmaceutical companies’ data must “move and be shared,” Ting said. For example, a contract manufacturer might need access to sensitive data. …

Read more
  • August 10, 2021
  • 0

BD is upping its game on cybersecurity

BD (NYSE: BDX) is touting that it is the first medical technology company authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority by the CVE Program.

BD officials say the authorization further boosts the company’s healthcare cybersecurity leadership.

Get the full story on our sister site Medical Design & Outsourcing. 

Read more
  • June 7, 2021
  • 0

FDA seeks more money, authority in budget request

The FDA wants more money from Congress for the coming fiscal year, and more power, too.

Out of its $6.5 billion total budget, the agency is asking $676.55 million for its medical device program. That includes $571 million for the Center for Devices & Radiological Health (CDRH) and $105.4 million for the Office of Regulatory Affairs (ORA).

The request includes $452 million that would come from Congress— up nearly $44 million from FY 2021 — and $224.5 million from user fees, a $4.9 million increase.

Get the full story on our sister site, Medical Design & Outsourcing.

Read more
  • June 2, 2021
  • 0

Emergo by UL, MedCrypt pair on cybersecurity

Emergo by UL and MedCrypt will jointly offer cybersecurity risk management and mitigation for connected medical devices and systems.

Medtech and healthcare technology consulting group Emergo and healthcare cybersecurity developer MedCrypt said this week that they will refer prospective clients to one another and co-market their cybersecurity software solutions, consulting and risk management services to ensure clients understand and meet the FDA’s requirements and those of other market regulators.

Get the full story on our sister site, Medical Design & Outsourcing.

Read more
  • May 20, 2021
  • 0

How 5G could affect medtech

The latest standard of broadband technology continues to make waves in 2021. But what about medtech?

 

Cellphone using 5G

Cellphone using 5G (Imagy by Frederik Lipfert on Unsplash)

Wireless tech companies such as Qualcomm are predicting download speeds as high as 10 gigabits per second as next-generation 5G cellular networks roll out worldwide.

The open question in medtech is how quickly companies will take advantage of the super-speedy connectivity for their own products.

“5G is about bringing more capacity and speed to the pipes,” said Don Jones, a member of the advisory council at BrightInsight and a veteran of the digital healthcare space. Jones spent more than 11 years building Qualcomm’s healthcare group.

“What you have to analyze is, ‘Can healthcare take advantage of what essentially amounts to these bigger pipes?’ Because more data can be shoved through them with m…

Read more
  • March 26, 2021
  • 0

New FDA medtech cybersecurity chief: Guidance to debut in 2021

The FDA’s first medical device cybersecurity chief says he will work across private and public lines to lower the threat of cyberattacks against medical devices and the healthcare systems and patients who use them.

Kevin Fu, acting director of medtech cybersecurity at the FDA (Image courtesy of the University of Michigan)

Medical device manufacturers can expect a new FDA cybersecurity draft guidance for new medical devices sometime this year, according to the agency’s first acting director of medical device cybersecurity.

University of Michigan computer science researcher Kevin Fu has a big assignment to tackle during his one-year tenure — to bridge the gap between medicine and computer science and help manufacturers protect medical devices from digital security threats.

An associate professor of electrical engineering and computer science, Fu is the founder of the Archimedes Center for Medical Device Security at the university and considers updating leg…

Read more
  • February 19, 2021
  • 0

FDA names first medtech cybersecurity chief

Kevin Fu (Image courtesy of University of Michigan)

University of Michigan computer science researcher Kevin Fu has been named acting director of medical device cybersecurity at the FDA.

Fu began working in the newly created 12-month post on Jan. 1, 2021, according to the university. His assignment is to bridge the gap between medicine and computer science and help manufacturers protect medical devices from digital security threats.

An associate professor of electrical engineering and computer science, Fu is the founder of the Archimedes Center for Medical Device Security. As an acting director, he’ll retain his university appointment.

Get the full story on our sister site, Medical Design & Outsourcing.

Read more
  • February 3, 2021
  • 0

MedCrypt acquires MedISAO in medtech cybersecurity deal

(Photo by Markus Spiske on Unsplash)

Healthcare cybersecurity company MedCrypt (San Diego) today announced the acquisition of Irvine, Calif.-based MedISAO, a cybersecurity information-sharing organization that works with the medical device industry.

MedCrypt is now offering MedISAO’s information-sharing analysis network for small and midsize business as well as its Cyber Protek software bill of materials (SBoM) and dependency vulnerability management tool. MedISAO’s founder, Daniel Beard, will also join the MedCrypt team in integrating and expanding the platforms.

Get the full story on our sister site, Medical Design & Outsourcing.

Read more
  • August 13, 2020
  • 0

B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

The U.S.  Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of vulnerabilities affecting Treck IP stack implications for embedded systems.

Known as Ripple20, the vulnerabilities allow a remote attacker to exploit and take control of an affected system, according to the CISA statement.

Among the affected companies were B. Braun, Baxter (NYSE:BAX), Green Hills Software and CareStream. CISA encouraged affected users and administrators to review the affected products for additional information and mitigations, as well as to update to the latest stable version of the Treck IP stack software.

B. Braun issued a statement saying that it is aware of the notification from CISA, sharing that the vulnerabilities exist in the third-party software used for network communication in its Outlook 400ES safety infusion pump system.

The company said it received 24 patches from Treck to resolve vulnerabilities, determining that 20 patche…

Read more
  • June 29, 2020
  • 0