Featured Product
This Week in Quality Digest Live

More Videos

FDA Compliance Features
The Ultimate Guide to ISO 14155:2020 for Medical Devices
Jón Bergsteinsson
Understanding the standard is essential
Risk Management in ISO 13485
Stephanie Ojeda
The FDA’s new QMSR will harmonize with ISO 13485 for medical device quality management
Validation Life Cycle Management Speeds Auditing, Facilitates Regulatory Inspections
Steve Thompson
An excellent technological tool that improves quality and compliance
Health Systems Need More Insight Into Inventory, Supply Chain
Kelley Jacobsen
Amid rising prices, medical device supply chains need greater scrutiny and standardization
Tiny Magnetic Beads Could Help to Quickly Detect Pathogens
Jennifer Chu
Findings point to faster way to find bacteria in food, water, and clinical samples

More Features

FDA Compliance News
Honeywell Launches Product Quality Review Automation Application
Streamlines annual regulatory review for life sciences
Cablevey Mobile ‘Smart Cart’ Automates Food Conveyor CIP
Facilitates quick sanitary compliance and production changeover
ArisGlobal Signs Agreement to Acquire Amplexor Life Sciences
Creates one of the most comprehensive regulatory SaaS platforms for the industry
MasterControl Raises $150M Series A Funding
Company’s first funding round will be used to accelerate product development for its QMS and MES SaaS offerings
Husky Technologies Travels to Dubai
Showcasing tech, solutions, and services at Gulfood Manufacturing 2022
Maintaining Quality Assurance in Pharmaceutical Packaging
Easy, reliable leak testing with methylene blue
Supply Shortages Could Lead to Greater Food Fraud Risk
Now is not the time to skip critical factory audits and supply chain assessments
ETQ Releases Reliance NXG QMS and New Quality Events Application
Google Docs collaboration, more efficient management of quality deviations
Qualio Focuses on Building a New, Collaborative Life Sciences Ecosystem
Delivers time, cost, and efficiency savings while streamlining compliance activity

More News

Russ King

FDA Compliance

Cybersecurity—A Real Threat to Medical Devices

Safeguards must be implemented to protect patients

Published: Monday, August 24, 2015 - 11:36

The FDA just issued a Safety Communication on the cybersecurity vulnerabilities of the Hospira Symbiq Infusion System, which is a computerized pump designed for the continuous delivery of general infusion therapy for a broad patient population. The pump is mostly used in hospitals or other acute and non-acute health care facilities such as nursing homes and outpatient care centers. This infusion system can communicate with a Hospital Information System (HIS) via a wired or wireless connection over facility network infrastructures.

Unfortunately, it appears that it’s possible to access this pump remotely through a network, allowing unauthorized users to control the pump and change the dosage it delivers, potentially harming the patient. Although it doesn’t appear that any unauthorized access occurred with this particular product, and Hospira is no longer selling it, cybersecurity is still a real concern. Now that more and more devices are connecting remotely to healthcare networks, it will be critical for manufacturers to implement appropriate safeguards.

In June 2013, the FDA outlined good practices to follow in Cybersecurity for Medical Devices and Hospital Networks. In this communication, the FDA recommends that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack.  An attack could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.

As medical devices rely more heavily on networked communication, cybersecurity is going to become an even greater concern. The FDA has already become aware of the following breaches:
• Network-connected/configured medical devices infected or disabled by malware
• The presence of malware on hospital computers, smartphones, and tablets, targeting mobile devices using wireless technology to access patient data, monitoring systems, and implanted patient devices
• Uncontrolled distribution of passwords, disabled passwords, and hard-coded passwords for software intended for privileged device access (e.g., to administrative, technical, and maintenance personnel)
• Failure to provide timely security software updates and patches to medical devices and networks and to address related vulnerabilities in older medical device models (legacy devices)
• Security vulnerabilities in off-the-shelf software designed to prevent unauthorized device or network access, such as plain-text or no authentication, hard-coded passwords, documented service accounts in service manuals, and poor coding/SQL injection

As a medical device manufacturer, it’s important for you to remember that it’s your responsibility to identify risks associated with your devices. The FDA expects you to take appropriate actions to limit opportunities for unauthorized access to the device. If you need assistance implementing safeguards for your devices, we can help you determine how to reduce product risk.

First published Aug. 11, 2015, on the AssurX blog.

Discuss

About The Author

Russ King’s picture

Russ King

Russ King is president of Methodsense, a consulting firm that helps clients deliver medical and technological breakthroughs by effectively meeting the requirements needed to bring their products to market.