Zoe Bollinger
Nov 6, 2014
Medical devices’ cybersecurity risks get FDA’s attention
Medical devices cybersecurity risks get FDA attention - SFGate
In October, the FDA released cybersecurity guidelines for medical device manufacturers, asking them to document how theyâve considered cybersecurity for products they submit for approval. âBasically, any implanted medical device has a radio interface so doctors can make adjustments and take readings off of it,â said Mike Ahmadi, global director of medical security at Codenomicon, a Saratoga company that creates platforms to test digital vulnerability, chosen by the FDA for use in its cybersecurity lab. Since interfaces allow communication with other devices, they could also allow malicious communication. The FDA also brought together medical device, health care, insurance, government and security experts last month in Washington, D.C., to discuss cybersecurity in medical devices. Representatives from companies with locations or outposts in the Bay Area, including security firms like Codenomicon and Qualys, and medical device manufacturing companies, like St. Jude Medical Inc. and Medtronic Inc., attended. Another threat, the theft of sensitive information â like Social Security and financial data â through cybersecurity weaknesses in health care networks, is well-documented.
In October, the FDA released cybersecurity guidelines for medical device manufacturers, asking them to document how theyâve considered cybersecurity for products they submit for approval. âBasically, any implanted medical device has a radio interface so doctors can make adjustments and take readings off of it,â said Mike Ahmadi, global director of medical security at Codenomicon, a Saratoga company that creates platforms to test digital vulnerability, chosen by the FDA for use in its cybersecurity lab. Since interfaces allow communication with other devices, they could also allow malicious communication. The FDA also brought together medical device, health care, insurance, government and security experts last month in Washington, D.C., to discuss cybersecurity in medical devices. Representatives from companies with locations or outposts in the Bay Area, including security firms like Codenomicon and Qualys, and medical device manufacturing companies, like St. Jude Medical Inc. and Medtronic Inc., attended. Another threat, the theft of sensitive information â like Social Security and financial data â through cybersecurity weaknesses in health care networks, is well-documented.