• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
    • Cardiovascular
    • Orthopedics
  • Wall Street Beat
    • Funding Roundup
    • Mergers & Acquisitions
  • Podcasts & Webinars
    • Podcasts
    • Webinars
  • Resources
    • About MassDevice
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech 100 Index
    • Videos
    • Whitepapers
  • DeviceTalks Tuesdays
  • Coronavirus: Live updates
Home » Hacking: FDA is developing a ‘cybersecurity laboratory’

Hacking: FDA is developing a ‘cybersecurity laboratory’

August 6, 2013 By Arezu Sarvestani

Hacking: FDA developing a 'cybersecurity laboratory'

Medical device makers would do well to fortify their cybersecurity strategies in preparation for the extra layers of software testing and review in development at the FDA.

Federal healthcare regulators have solicited bids from security group Codenomicon Defensics to help build a "cybersecurity laboratory" where regulators can take a closer look at software bugs and weaknesses in medtech systems. Codenomicon’s systems will subject devices to "fuzz testing," barraging the software in search of defects or vulnerabilities that could leave a system open to attack.

"This is excellent news for the medical device industry," Codenomicon CEO David Chartier said in prepared remarks. "Cybersecurity for medical devices has been lacking in standardized testing procedures, and the FDA introducing fuzz testing capabilities is big step forward."

The contract came in the weeks after the FDA issued new guidance asking that device makers remain "vigilant" about cybersecurity and that companies document their efforts and submit them for review of new devices. Although the FDA stopped short of recommending specific actions or setting security standards, the action gave the agency leverage in potentially rejecting new technologies that don’t demonstrate sufficient reliability or security in their software.

With the FDA’s July 21 solicitation solicitation, device makers can begin predicting how cybersecurity oversight may play out. The agency is tracking down bugs, it says, testing new products for software vulnerabilities that could cause a device to behave erratically or allow an unknown attacker to access the system or take it over entirely. Fuzzing techniques bombard systems with malformed or unexpected inputs in search of weak points.

It was a pretty basic fuzzing attack that security researchers said brought down a Philips (NYSE:PHG) Xper hospital management system under the force of only 6 lines of code that took just a few days to find and exploit. Security experts Billy Rios and Terry McCorkle, who usually test security in industrial control systems, divulged that hack earlier this year after discovering that they could crash the systems, manipulate them and possibly use them as a gateway to access and hack other networked devices.

The key to avoiding similar issues is a matter of subjecting systems to such attacks during the test phase, so that they can better stand up to the barrage of inputs that may come from attackers or even benign sources.

"That’s the piece that’s missing," McCorkle told MassDevice.com in an interview earlier this year. "You don’t have robust testing behind the scenes."

"Some bugs are exposed and fixed during the testing phase of a software development process," the FDA noted. "The bugs that slip past the testing phase without being found and fixed are unknown vulnerabilities and can be triggered, sometimes with catastrophic results, after the product release."

The agency selected Codenomicon’s fuzzing suite because it subjects systems to a slew of tests and generates output reports defining potential weaknesses and even solutions. The fuzzing program also runs on a popular Java code application that means it’s easy to deploy on the FDA’s existing computers.

The FDA requested Codenomicon tools to test Bluetooth connections, WiFi clients, HTTP servers. The agency also asked for a few radio and Bluetooth transmitters and some training and implementation services.

"When software is fuzz tested proactively, vulnerabilities can be found and fixed before deployment, resulting more secure and robust, high quality software," the FDA said. "Fuzz tested product has less critical vulnerabilities that need to be patched. This means less cost from patch development and release, and product recalls."

Filed Under: Food & Drug Administration (FDA), News Well, Regulatory/Compliance Tagged With: Cybersecurity

In case you missed it

  • 3M Health Care Business president is leaving this year
  • Device developer SeaStar Medical hires chief medical officer
  • AccuPulse raises $10M Series A
  • Exactech announces first U.S. surgeries with its nex-gen laser cage glenoid
  • Baxter expects sales growth momentum through 2025
  • Vivera picks up new patent for electronic dose-controlled drug delivery devices
  • Stryker launches dynamic compression system for foot, ankle applications
  • Entegris opens Life Sciences Technology Center in Massachusetts
  • Glucose monitor maker Know Labs expands leadership team
  • inHeart wins FDA clearance for 3D cardiac modeling software
  • How Glytec is advancing insulin management in the hospital
  • Anumana wins FDA breakthrough nod for AI algorithm that detects pulmonary hypertension
  • FDA clears RapidAI’s pulmonary embolism triage platform
  • Report: Dexcom in talks to acquire Insulet
  • Henry Schein investors push back on executive pay
  • Alcon to pay $60M to acquire Kala Pharmaceuticals’ dry eye treatment
  • Creo Medical inks collaboration agreement with Intuitive

RSS From Medical Design & Outsourcing

  • 3M Health Care Business president is leaving this year
    3M Health Care Business Group President Mojdeh Poul will retire from the company on July 1, 2022. Poul joined Maple Grove, Minnesota-based 3M (NYSE:MMM) in 2011 as the global business VP of critical and chronic care solutions. She later became VP and general manager of the company’s food safety business and president of numerous 3M… […]
  • Iterative Scopes announces positive data in Skout AI colonoscopy algorithm clinical trial
    Iterative Scopes this week announced positive trial data in a study of its colorectal cancer screening algorithm, Skout. Cambridge, Massachusetts-based Iterative Scopes designed Skout as a computer-aided device (CADe) that uses artificial intelligence and computer vision technology to detect suspicious tissue and provide real-time feedback for gastroenterologists performing the procedure. Get the full story on… […]
  • Device developer SeaStar Medical hires chief medical officer
    SeaStar Medical has hired Dr. Kevin Chung as chief medical officer of the medtech developer starting July 1. Denver-based SeaStar is developing a platform therapy focused on hyperinflammation of vital organs. The company’s Selective Cytopheretic Device was designated as a breakthrough device by the FDA earlier this year. SeaStar is set to go public in… […]
  • Varta presents microbattery product portfolio at Computex 2022
    Varta will present its broad product portfolio of microbatteries, which make a wide range of future-proof applications possible, at Computex in Taipei starting today. Varta’s microbattery product portfolio ranges from rechargeable lithium-ion button cells to nickel metal hydride button cells, primary silver oxide cells, primary lithium button cells and cylindrical lithium batteries to hydrogen gas… […]
  • Entegris opens Life Sciences Technology Center in Massachusetts
    Entegris (Nasdaq:ENTG) announced today that it opened a new Life Sciences Technology Center in Billerica, Massachusetts. The new Life Sciences Technology Center was built to offer life sciences customers the opportunity to leverage Entegris’ cold-chain supply expertise to optimize processes, reduce costs and increase speed to market. Get the full story at our sister site,… […]
  • MedAcuity hires SVP of business development
    Medtech software development firm MedAcuity today said it has hired Simon Johnson as SVP of business development. Westford, Massachusetts-based MedAcuity said Johnson previously built the client partner team and managed strategic clients at digital consultancy Mobiquity. He also served as SVP of client services at GreenPages Technologies, responsible for driving services revenue growth leading to… […]
  • Henry Schein investors push back on executive pay
    Nearly half of Henry Schein (Nasdaq:HSIC) shareholders who voted at this month’s annual meeting voted against the company’s pay packages for top executives, according to a new SEC filing. About 48.5% of voting shareholders voted against the company’s executive pay plan in what’s known as the Say-on-Pay vote, according to vote results of the May… […]
  • Creo Medical inks collaboration agreement with Intuitive
    Creo Medical Group (LON: CREO) announced today that it has signed a multi-year collaboration agreement with Intuitive to make certain Creo surgical technologies compatible with the surgical robotic giant’s systems. The London exchange reacted by sending CREO shares up more than 4% to 100 pence apiece by the close of trading today. As of midday… […]
  • MedTrace Pharma moves forward on 15 O-water imaging tech
    MedTrace Pharma announced the first person scanned in its Rapid-Water-Flow Phase 3 clinical trial, further testing its tech to bring 15 O-water to imaging. The first subject scan took place at Aarhus University Hospital in Denmark, using 15 O-water produced, dosed and injected through MedTrace’s P3 automated delivery system. The clinical trial aims to evaluate… […]
  • Zimmer Biomet narrowly avoids shareholder rebuke on executive pay
    An unusually large share of Zimmer Biomet (NYSE:ZBH) investors voted against the orthopedics company’s pay packages for top executives at the annual shareholder meeting. About 54% of voting shareholders supported the pay packages of the company’s five top-paid executives at the May 13 meeting, according to results filed with the SEC yesterday. In 2021, nearly 93%… […]
  • BD, Mitsubishi Gas Chemical partner on better materials for plastic syringes
    BD (NYSE:BDX) announced that it partnered with Mitsubishi Gas Chemical Company on applying new technology to pre-fillable syringes. MGC develops the Oxycapt technology designed to integrate the best of plastic and glass for plastic syringes. BD and Tokyo-based MGC will work together to apply Oxycapt technology to the next generation of pre-fillable syringes (PFS) for advanced… […]

Leave a Reply

You must be logged in to post a comment.

Primary Sidebar

DeviceTalks Weekly

May 20, 2022
DeviceTalks Boston Post-Game – Editors’ Top Moments, Insulet’s Eric Benjamin on future of Omnipod 5
See More >

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Medtech news in a minute?
We Deliver!

MassDevice Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World

Device Talks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our Device Talks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us
Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy | RSS