Cybersecurity remains a pressing issue for medical technology, in part because there are new, small companies jumping into this space seemingly every day. However, there is a shortage of talent in cybersecurity, something that Dan Lyon, director of cybersecurity at Boston Scientific Corp., of Marlborough, Mass., said will not ease soon due to a lack of interest among colleges and universities in providing curriculum and degrees in this area.
The European Commission has acted to thwart cybersecurity risks with a proposed cybersecurity regulation and separate proposal for information security. What is not clear, however, from these proposals is whether they would interact with existing EU rules governing cybersecurity for medical devices, raising the prospect that medical technologies will be subject duplicate oversight for cybersecurity.
If the U.S. SEC goes forward with amendments it proposed March 9 to enhance and standardize cybersecurity-related disclosures, public biopharma and med-tech companies will have more reporting to do.
Responding to the growing number of state-sponsored cyber threats to health care and other key sectors and to the compromise of the Microsoft Exchange Server, which was disclosed in March, Canada, the EU, U.K., U.S. and other NATO allies issued statements July 19 laying out expectations and markers for how responsible nations behave in cyberspace and specifically calling out China’s “malicious cyber activity.”
A new report on the biopharma industry by cybersecurity firm Bluevoyant LLC found that the eight most prominent players in the race for a COVID-19 vaccine faced the highest volume of targeted, malicious cyberattacks, and 77% of the total 20 companies examined had unsecured remote desktop protocol (RDP) ports and email domains lacking basic measures to block hackers. “COVID-19 vaccines are the crown jewels of 2020 – and cyber attackers know it,” the report says.
A new report on the biopharma industry by cybersecurity firm Bluevoyant LLC found that the eight most prominent players in the race for a COVID-19 vaccine faced the highest volume of targeted, malicious cyberattacks, and 77% of the total 20 companies examined had unsecured remote desktop protocol (RDP) ports and email domains lacking basic measures to block hackers. “COVID-19 vaccines are the crown jewels of 2020 – and cyber attackers know it,” the report says.
The latest global regulatory news, changes and updates affecting medical devices and technologies, including: FDA posts list of essential devices, drugs; Members of Congress query NIH’s Collins on RADx program; Imminent malware threat reported; CDC posts telehealth report; CMS unveils seven AI competition finalists.
Researchers at Ben-Gurion University of the Negev (BGU) presented a new artificial intelligence technique that could protect medical imaging systems from hacking and human errors at the 2020 International Conference on Artificial Intelligence in Medicine (AIME) on Aug. 26. Their innovative solution uses a dual-layer architecture that screens for two different types of anomalous instructions to capture those that are always unusual or outside of safe ranges and those that are inappropriate in the specific context.
UL LLC, of Northbrook, Ill., has concluded a two-year cooperative research and development agreement (CRADA) with the U.S. Department of Veterans Affairs (VA), a program that verified that the UL 2900 standard provides a more seamless cybersecurity blanket for connected medical devices. UL said this marks is an important step toward the development of cybersecurity tools that ensure that devices can be used without undue risk to patients.
The device industry is quite familiar with whistleblower lawsuits, but Cisco Systems Inc., of San Jose, Calif., was recently forced to pay more than $8 million in connection with a qui tam lawsuit over cybersecurity lapses for video surveillance equipment sold to state and federal government agencies. The case suggests device makers will have to be up to speed on cybersecurity if they wish to avoid suffering a similar fate, particularly given a recent warning the FDA posted regarding a widespread cybersecurity vulnerability.
