Medical Devices

Cyberattackers have been shifting to strategies where legitimate tools commonly installed on desktops and servers are abused for malicious purposes. To fight back, knowledge is power.

Despite the highest agency user fees on record, and granted new authorities to reform and accelerate medical device and biologics approvals, representatives questioned delays in getting products to patients faster.

Also, IHH Healthcare is now offering AI-based sleep monitoring solutions.

The Advanced Research Projects Agency for Health, ARPA-H, seeks to scale hospitals' cybersecurity capacity by automating patch deployments across networks and medical devices, speeding the time from vulnerability detection to software updates.

The company's Dream Sock, which received FDA 510(k) clearance in November, gathers real-time health readings, including a baby's sleep trends and pulse rate.  

The Agency has qualified Apple's atrial fibrillation history feature as a medical device development tool, allowing it to be used in clinical trials.  

To improve healthcare cybersecurity, an organization can shore up Internet-enabled device misconfigurations by starting with CIS Benchmarks, before moving on to industry-specific standards, Fortra’s Tyler Reguly said.

Also: CloudWave and FDA extend their threat intelligence partnership to offer an open-source vendor assessment framework.

Most hospitals do not patch medical devices at the same frequency as traditional networks and need compensating security controls to address their unquantified device vulnerabilities, says Richard Staynings, chief security strategist at Cylera.

The agency further defines when it considers a device to be Internet-enabled, proposes to add vulnerability disclosures and makes recommendations for cyber device maintenance plans and patch timelines.