Tag Archives: FDA

FDA Recalls St. Jude Medical Pacemakers for Cybersecurity Patches

The Food and Drug Administration (FDA) has issued a recall of 465,000 St. Jude Medical pacemakers in order to push a mandatory firmware patch of vulnerabilities in six types of radio controlled cardiac pacemakers. According to the FDA, it “has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s FR-enabled implantable cardiac pacemakers … Continue Reading

FDA Issues Final Guidance For Medical Device Exchange of Patient Information

The Food and Drug Administration (FDA) issued guidance yesterday (September 6, 2017) entitled “Design Considerations and Pre-Market Submission Recommendations for Interoperable Medical Devices,” which is intended to “assist industry and FDA staff in identifying specific considerations related to the ability of electronic medical devices to safely and effectively exchange information and use exchanged information.” The … Continue Reading

St. Jude Medical on Hot Seat for Cybersecurity Flaws in Home Monitoring System

The Food and Drug Administration (FDA) recently issued a warning letter to St. Jude Medical, alleging that it failed to properly investigate issues with the batteries in its defibrillator implants and for failing to fix the cybersecurity of its in-home monitoring system, known as Merlin@home. The monitoring system is wireless and is connected to St. … Continue Reading

FDA Guidance on Cybersecurity in Medical Devices

On December 28, 2016, the Food and Drug Administration (FDA) issued guidance on Postmarket Management of Cybersecurity in Medical Devices. The guidance clarified aspects of the reporting requirements under Part 806 (21 CFR part 806), which require device manufacturers and importers to report certain device corrections and removals to the FDA. Most actions taken by … Continue Reading

ONC and OCR Issue Joint Fact Sheet on Use of PHI for Public Health Activities

Whenever fact sheets or other guidance is issued by either the Office of the National Coordinator for Health Information Technology (ONC) or the Office for Civil Rights (OCR), it helps gain insight into the thinking of the regulators so we watch it closely. But when the ONC and OCR issues joint guidance, it is hitting … Continue Reading

FDA issues guidance on the use of EHRs in clinical investigations

The U.S. Food and Drug Administration (FDA) just issued draft guidance on the Use of Electronic Health Record Data in Clinical Investigations for comment within the next 60 days. The guidance is intended to assist all parties associated with clinical research with the appropriate use of electronic health records in FDA-regulated clinical investigations, which in … Continue Reading

FTC, ONC, OCR and FDA release online tool for mobile health app developers

While attending the International Association of Privacy Professionals annual global event, and listening to Chairwoman Edith Ramirez discuss the Federal Trade Commission’s (FTC) concerns about consumer privacy, the FTC, the Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the Food and Drug Administration (FDA) announced that they had … Continue Reading

FDA issues guidance on cybersecurity risk management for medical devices

Last Friday (January 22, 2016), the Food and Drug Administration (FDA) published draft guidance for medical device makers on the importance of including cybersecurity measures in approved products. Further, the guidance highlights the importance of  reporting any post-approval fixes to assist others with cybersecurity measures, particularly for medical devices connected to the Internet. The guidance, … Continue Reading

Increased risk of ‘Medjacking’ calls for better security measures on medical devices

Did you know that right now we have about 5 billion connected smart devices in use? Is it surprising that it is predicted that by 2020 that number will skyrocket to 25 billion? Of all these connected devices, a significant portion of these devices will be medical devices such as pacemakers, in-home monitoring systems and … Continue Reading

FDA issues first medical device hacking alert

Reportedly for the first time ever, the FDA recently issued a declaration that hospitals should not use a medical device manufactured by Hospira Inc. because of security flaws that could allow hackers to penetrate hospital computer networks, commandeer the pumps and manipulate the dosage given to patients. There has been no reporting hacking incident, but … Continue Reading
LexBlog