Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Healthcare Online User Group
Showing posts tagged with FDA
Showing posts in English
Axel Wirth | 23 Oct 2014 | 0 comments

Like with my previous post on this topic, I am using a quote from one of the presenters to report on Day 2 of the public FDA workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”. And like with my previous post, this quote is a good indicator of the spirit of the day. It is time to move - and we are.

It was reported that the workshop had 200 registrants, requiring the creation of an overflow room, and that Day 1 drew 1100 remote participants!

In his opening keynote Michael Daniel, Special Assistant to the president and White House Cybersecurity Coordinator, called cybersecurity one of the defining challenges of the 21st century and referred to it as a “wicked” problem (drawing applause from the Bostonians in the audience) due to its complex nature: technical, scientific, economical, political, and human. He pointed out that we don’t really...

Axel Wirth | 21 Oct 2014 | 0 comments

The title is probably a good quote to reflect the spirit of the first day of the public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”, jointly hosted by the Food and Drug Administration (FDA), Department of Homeland Security (DHS) and Health and Human Services (HHS).

The number one takeaway from today is the unprecedented collaborative spirit across all stakeholders. Not only the government agencies hosting the event, but across healthcare providers, medical device manufacturers, and security experts. Numerous discussion panels and plenty of audience participation made one thing clear: everybody recognizes the need to address the problem of medical device cyber-vulnerability and everybody is willing to let their guard down and constructively contribute to the solution.

As discussions revealed, the problem is complex and the solution will need to combine technical, procedural, workflow, regulatory, legal, and policy...

Axel Wirth | 02 Oct 2014 | 0 comments
On Oct. 1st, the FDA released final guidance on “Content of Premarket Submission for Management of Cybersecurity in Medical Devices.”  The document had previously been published as a draft version (June 2013), after public comment this final version has been issued. Symantec had submitted review comments and we applaud the FDA on finalizing this important document.
What does the document address?
Overall, the FDA maintained the approach of the initial draft, laying out how manufacturers should consider cybersecurity in the design of network-connected medical devices and that they should make cybersecurity documentation a part of their premarket submission. The document has become more specific in some areas, for example by referencing a list of FDA-recognized standards, but also by specifically referring to patient safety as one of the main drivers behind this guidance.
Axel Wirth | 11 Nov 2013 | 0 comments

Granted, there are easier to decipher acronyms than the one describing the Manufacturer Disclosure Statement for Medical Device Security, short MDS2. The initial version was developed in 2008 through a cooperation of NEMA (National Electrical Manufacturers Association) and HIMSS’ (Health Information and Management Systems Society) Medical Device Security Task Force, in collaboration with multiple industry associations, government agencies and other stakeholders. It provided a basic, 3-page form allowing medical device manufacturers to describe to their customers, i.e. the hospitals, the basic security and privacy properties of a specific medical device; things like the operating system and version, type of network connection, the ability of the operator to install antivirus software, or what PHI (Protected Health Information) is stored on the device and whether it is transient or permanent.

Although the form fulfilled its purpose, there was also some criticism on this...

Axel Wirth | 08 Oct 2012 | 4 comments

We can rightfully assume that everybody who uses a computer or mobile device to connect to the Internet, whether for personal or professional reasons, is aware of the impact of hackers and malware on our online experience. Even if we have not personally been hacked, we are only too aware of the defenses we have to put in place to protect our identities, our information, and our equipment. Anti-Malware software on our devices, spam filters for our email, firewalls to protect our networks, etc. We need to pay for them, maintain them, and we need them to allow us to do what we need to, or enjoy doing – interacting with social media, web surfing, communicating, shopping, studying, and more.

Yet, the U.S. government just told us there is another thing to worry about. Those of us who use implanted electronic medical devices, like pacemakers, neuro-stimulators, or insulin pumps, were just told that these devices, just like our computers or smartphones, may be at risk of being...