The U.S. FDA released the latest version of its premarket cybersecurity guidance regarding medical devices, replacing the 2025 edition and offering recommendations on implementing measures for preventing digital attacks or authorized access.
The Advanced Research Projects Agency for Health (ARPA-H) is taking aim at the shortage of medical services with a program designed to foster development of micro-robots, or microbots, which will autonomously conduct part or all of a variety of surgical procedures.
The U.S. Department of Justice announced July 31 that Illumina Inc. agreed to pay $9.8 million to settle allegations it sold genomic sequencing equipment that suffered from cybersecurity problems. The settlement concludes a qui tam lawsuit filed by a former employee and highlights the hazards of poor cybersecurity for med-tech firms.
The U.S. Federal Trade Commission announced a $14.6 million grant it received for an upgrade of its IT infrastructure. The same grant mechanism is leveraged by the Department of Justice, which is a clear sign that U.S. enforcement will be more vigorously enabled by sophisticated analytics going forward.
The continuing proliferation of U.S. state privacy law drew the attention of developers of med-tech wearables for some time, but a recent Senate hearing delivered the news to Congress that a failure to preempt it will slow digital health innovation to a crawl.
The U.S. FDA finalized the latest edition of its premarket cybersecurity guidance, but the agency is of the view that any device with software is subject to the terms of the guidance even though the statute would seem to exempt device software that lacks connectivity.
The U.S. FDA’s authority to require cybersecurity measures in premarket submissions is a radical change for industry, but firms must document that they have erected solid cybersecurity measures.
Makers of digital health apps are not often subject to the provisions of the Health Insurance Portability and Accountability Act (HIPAA), but any such liabilities may soon become more onerous. The Department of Health and Human Services released a draft update for HIPAA cybersecurity mandates – the final version of which is sure to be accompanied by much more vigorous enforcement.
The U.S. Centers for Medicare & Medicaid Services posted a Sept. 6 statement regarding a cyber incident involving nearly 950,000 patient records held by a Medicare administrative contractor.
U.S. federal enforcement authorities rang up some significant settlements under the False Claims Act in the first half of 2024, amounting to a record $1 billion in total settlements, according to a report by the law firm of Gibson, Dunn & Crutcher LLP.
