• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
    • Cardiovascular
    • Orthopedics
  • Wall Street Beat
    • Funding Roundup
    • Mergers & Acquisitions
  • Podcasts
    • DeviceTalks Weekly
  • Resources
    • About MassDevice
    • Newsletter Signup
    • Job Board
    • Leadership in Medtech
    • Manufacturer Search
    • MedTech 100 Index
    • Videos
    • Whitepapers
  • DeviceTalks Tuesdays
    • DeviceTalks
  • Coronavirus: Live updates
Home » Hacking: FDA is developing a ‘cybersecurity laboratory’

Hacking: FDA is developing a ‘cybersecurity laboratory’

August 6, 2013 By Arezu Sarvestani

Hacking: FDA developing a 'cybersecurity laboratory'

Medical device makers would do well to fortify their cybersecurity strategies in preparation for the extra layers of software testing and review in development at the FDA.

Federal healthcare regulators have solicited bids from security group Codenomicon Defensics to help build a "cybersecurity laboratory" where regulators can take a closer look at software bugs and weaknesses in medtech systems. Codenomicon’s systems will subject devices to "fuzz testing," barraging the software in search of defects or vulnerabilities that could leave a system open to attack.

"This is excellent news for the medical device industry," Codenomicon CEO David Chartier said in prepared remarks. "Cybersecurity for medical devices has been lacking in standardized testing procedures, and the FDA introducing fuzz testing capabilities is big step forward."

The contract came in the weeks after the FDA issued new guidance asking that device makers remain "vigilant" about cybersecurity and that companies document their efforts and submit them for review of new devices. Although the FDA stopped short of recommending specific actions or setting security standards, the action gave the agency leverage in potentially rejecting new technologies that don’t demonstrate sufficient reliability or security in their software.

With the FDA’s July 21 solicitation solicitation, device makers can begin predicting how cybersecurity oversight may play out. The agency is tracking down bugs, it says, testing new products for software vulnerabilities that could cause a device to behave erratically or allow an unknown attacker to access the system or take it over entirely. Fuzzing techniques bombard systems with malformed or unexpected inputs in search of weak points.

It was a pretty basic fuzzing attack that security researchers said brought down a Philips (NYSE:PHG) Xper hospital management system under the force of only 6 lines of code that took just a few days to find and exploit. Security experts Billy Rios and Terry McCorkle, who usually test security in industrial control systems, divulged that hack earlier this year after discovering that they could crash the systems, manipulate them and possibly use them as a gateway to access and hack other networked devices.

The key to avoiding similar issues is a matter of subjecting systems to such attacks during the test phase, so that they can better stand up to the barrage of inputs that may come from attackers or even benign sources.

"That’s the piece that’s missing," McCorkle told MassDevice.com in an interview earlier this year. "You don’t have robust testing behind the scenes."

"Some bugs are exposed and fixed during the testing phase of a software development process," the FDA noted. "The bugs that slip past the testing phase without being found and fixed are unknown vulnerabilities and can be triggered, sometimes with catastrophic results, after the product release."

The agency selected Codenomicon’s fuzzing suite because it subjects systems to a slew of tests and generates output reports defining potential weaknesses and even solutions. The fuzzing program also runs on a popular Java code application that means it’s easy to deploy on the FDA’s existing computers.

The FDA requested Codenomicon tools to test Bluetooth connections, WiFi clients, HTTP servers. The agency also asked for a few radio and Bluetooth transmitters and some training and implementation services.

"When software is fuzz tested proactively, vulnerabilities can be found and fixed before deployment, resulting more secure and robust, high quality software," the FDA said. "Fuzz tested product has less critical vulnerabilities that need to be patched. This means less cost from patch development and release, and product recalls."

Filed Under: Food & Drug Administration (FDA), News Well, Regulatory/Compliance Tagged With: Cybersecurity

In case you missed it

  • Innocoll Biotherapeutics initiates Phase 3 trials for collagen drug-device
  • More than 50 medtech testing sites win FDA pilot accreditation
  • EU won’t renew J&J, AstraZeneca vaccine contracts, report says
  • Better Therapeutics initiates real-world study for digital therapeutic for diabetes
  • Pfizer to boost vaccine production for U.S. by 10%
  • 9 things to know as AstraZeneca and J&J COVID-19 vaccines face safety scrutiny
  • Medline Industries up for sale?
  • OncoSec wins CE mark for electroporation device to treat solid tumors
  • Medtronic launches 7-day infusion set for diabetes in Europe
  • Ortho Clinical Diagnostics lands CE mark for high-volume COVID-19 test
  • Outset Medical closes $149.7M public offering
  • CeQur raises $115M for wearable insulin delivery device
  • Survey shows solid medical device industry performance despite pandemic
  • Cardinal Health wins $58M federal PPE contract
  • SentiAR closes $5.1M Series A
  • Endologix acquires PQ Bypass
  • Could BrainCheck’s simple test help COVID long-haulers?

RSS From Medical Design & Outsourcing

  • Micro to add plant in Costa Rica
    Contract manufacturer Micro today announced plans to open a new plant in Costa Rica. The 32,000 ft² facility will significantly increase Micro’s cleanroom assembly capacity, according to the Somerset, N.J.-based company. It will be located in the Zona Franca Metro business park and is expected to open in late 2021 with operations beginning in 2022.… […]
  • Survey shows solid medical device industry performance despite pandemic
    By Stewart Eisenhart, Emergo Group Medical device and IVD manufacturers report healthy performance over the course of 2020, but also faced significant operational and regulatory challenges related to the coronavirus pandemic. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog post are the author’s only and do not… […]
  • Cardinal Health wins $58M federal PPE contract
    Cardinal Health (NYSE: CAH) today said it has won a $57.8 million contract from the U.S. Dept. of Health and Human Services to support the Strategic National Stockpile. The Dublin, Ohio-based company received the contract, which includes options that if exercised by the HHS could reach $91.6 million, to store and distribute 80,000 pallets of… […]
  • Qosina adds single-use bioprocessing devices
    Qosina this week launched its product line for the single-use bioprocess industry. The new product line includes tube-to-tube bard connectors, luer fittings, check valves, tubing pinch clamps, tubing, steam thru connectors and more. Get the full story on our sister site, Medical Tubing + Extrusion. The post Qosina adds single-use bioprocessing devices appeared first on […]
  • Could BrainCheck’s simple test help COVID long-haulers?
    BrainCheck‘s eponymous mobile neurocognitive test can detect dementia and concussion. But it has a new application: post-COVID brain fog. Developed by neurologists at Baylor College of Medicine’s Eagleman Laboratory for Perception and Action, BrainCheck carries an FDA Class II Software as a Medical Device (SaMD) designation and can be used on a tablet or laptop… […]
  • XL Precision Technologies holding an April 28 webinar about laser tech
    XL Precision Technologies is holding an online webinar on April 28 at 8 a.m. Eastern time (1 p.m. U.K. time) about laser technology in medical device manufacturing. Register for the webinar here: https://bit.ly/XL-MER-Webinar2 Stockton-on-Tees, U.K.–based XL Precision Technologies provides laser welding, laser cutting of fine tubes and flat material and laser etching of components. It’s… […]
  • Medical device companies put $3.6 billion in docs’ pockets, study finds
    Medtech companies paid $3.62 billion for access to physicians — 10% more than drug companies did — from 2014 to 2017, according to new research. Device company payments to surgical specialists were significantly more tied to the surgeons’ Medicare billing than payments from drug companies to specialists, according to the study, which appears in the… […]
  • FDA slaps Class I label on rapid infuser recall
    The FDA today declared that the recall of an emergency infusion device kit is the most serious type. The recall covers three models of disposable sets made by Smisson-Cartledge Biomedical for its ThermaCor 1200 rapid infuser, which is used for fluid or bolus delivery. The system is made of a footswitch for hands-free fluid control,… […]
  • Cretex breaks ground on new plant north of Minneapolis
    Cretex Cos. last week broke ground on a new 245,000 ft2 medical device contract manufacturing plant in Brooklyn Park, Minn. Elk River, Minn.–based Cretex plans to complete facility construction by the end of the year. The company expects the facility by the end of 2022 to house its stamping, molding and tool design — and… […]
  • Resonetics to expand manufacturing in Costa Rica
    Resonetics announced today it has leased new manufacturing space in Costa Rica to more than double its production there. The space, in a building near its current site in the Coyol Free Zone business park in Alajuela, will be expanded and reconfigured to create a 45,000 ft² production site. The move comes after the company… […]
  • Are Black patients not getting LVADs as quickly as white patients?
    Researchers from the University of Missouri conducted a study that found disparities in treating Black and white patients with advanced heart failure. According to a news release, the study found that Black patients with advanced heart failure were more likely to receive a left ventricular assist device (LVAD) — a pump implanted into the chest… […]

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Medtech news in a minute?
We Deliver!

MassDevice Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

Tweets by @MassDevice
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube

Copyright © 2021 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy | RSS