FDA Introduces Cybersecurity Modernization Plan to Prevent Hacking of Medical Devices

A growing rise in cybersecurity hacking attempts have been identified since the beginning of the COVID-19 pandemic, leading to increased attention on preventative measures

November 21, 2022
By: Luke Tollen
Add Your Comments

Federal regulators have released a new series of cybersecurity enhancements, which are designed to prevent hacking of medical devices, by adopting a “Zero Trust” rule.

The U.S. Food and Drug Administration (FDA) and the Office of Digital Transformation (ODT) announced the Cybersecurity Modernization Action Plan (CMAP) on November 17, as part of an ongoing effort to reduce the growing risk of medical devices being hacked due to security vulnerabilities.

Cybersecurity threats in the medical field have been a growing concern over the last few years, as vulnerabilities to healthcare organizations’ record systems and medical devices have surfaced.

During the pandemic, the FDA warned that there was an increase in reconnaissance activities, denial of service, attempted exploitation, and other cyber issues against the digital infrastructure. The agency reported a 457% increase in issues which include almost 10 billion firewall and intrusion blocks monthly.

The agency indicates this increase in hacking attempts poses a significant threat to its operations of a global technology enterprise. Therefore, the FDA announced it will continue to leverage innovative tools and technologies like machine learning, AI, data sharing, collaboration platforms, and high-performance computing.

To further combat cybersecurity threats, the FDA and ODT are adopting a Zero Trust strategy which aims to only grant authorized personnel with access to necessary information. Officials stated this approach will limit the ways in which information can be intercepted or released.

The key elements outlined in the Cybersecurity Modernization Action Plan include:

  • Establish a comprehensive Zero Trust approach to facilitate new digital services and modernization efforts.
  • Promote software assurance best practices that include security measures at every stage of the development lifecycle
  • Enhance interoperable and secure data exchange, and collaboration across FDA and its public health partners.
  • Leverage Artificial Intelligence/Machine Learning (AI/ML) technologies to enhance cyber detection and response capabilities.
  • Integrate counterintelligence and insider risk principles with the Zero Trust model to enable an intelligence driven approach.
  • Prioritize and invest in FDA’s cybersecurity workforce.

The plan is to create a high-skilled cyber workforce with the latest technology and processes to adapt to the modern cybersecurity landscape, officials said. The cybersecurity threats endanger many different parts of people’s lives, including their medical health.

Since 2019, the FDA has taken actions against cybersecurity attacks with its releases of the Technology Modernization Action Plan (TMAP), Data Modernization Action Plan (DMAP) in 2021, and Enterprise Modernization Action Plan (EMAP) this year.

Medical Device Cybersecurity Attacks

Since 2014, the U.S. Department of Homeland Security (DHS) has been actively investigating at least two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment. According to DHS, if preventative actions to strengthen the medical field’s cybersecurity issues are not taken, hackers could exploit these vulnerabilities and put patients in serious risk.

The FDA issued a cybersecurity warning on September 20, alerting medical device users that the Medtronic MiniMed 600 Series Insulin Pump System has a communication protocol that could allow unauthorized use. The agency warned this exploit could be used to cause the pumps to deliver too much, or too little, insulin, which could prove fatal.

MEDTRONIC MINIMED LAWSUITS

Did you or a loved one receive a Medtronic MiniMed insulin pump?

Recalled Medtronic MiniMed insulin pumps have been linked to reports of hypoglycemia, hyperglycemia and other serious injuries.

Learn More About this Lawsuit SEE IF YOU QUALIFY FOR COMPENSATION

This warning came after a previous one made in March 2019 regarding vulnerabilities with Medtronic ICDs or cardiac resynchronization therapy defibrillators (CRT-Ds), after discovering the wireless telemetry system used to communicate and alter the implanted devices could be hacked due to a lack of security protocols.

Other announcements have been made over the past few years similar to the Medtronic MiniMed issues. The Department of Homeland Security (DHS) and the FDA released a medical device cybersecurity warning, titled “URGENT/11”, on October 1, 2019, which detailed how certain medical devices that communicate over a network may contain vulnerabilities, potentially allowing hackers to remotely take control of the device and change its functions.

Tags: Cybersecurity, Medical Device

More Medtronic MiniMed Lawsuit Stories

Medfusion Syringe Pump Recall Issued Over Software Errors
Medfusion Syringe Pump Recall Issued Over Software Errors

03/06/24
Medfusion Syringe Pump Recall Issued After Software Error Linked to Injury Risk
Medfusion Syringe Pump Recall Issued After Software Error Linked to Injury Risk

02/15/24
Infusomat, Space Infusion Pump Recall Issued After Alarm Failure Linked to Patient Death
Infusomat, Space Infusion Pump Recall Issued After Alarm Failure Linked to Patient Death

11/20/23

0 Comments

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Novo Nordisk Fails To Warn About Risk of Gastroparesis from Wegovy, Lawsuit Alleges
Novo Nordisk Fails To Warn About Risk of Gastroparesis from Wegovy, Lawsuit Alleges (Posted yesterday)

A Wegovy gastroparesis lawsuit filed by a Pennsylvania couple accuses the manufacturer, Novo Nordisk, of failing to provide adequate warnings about the true risks of the injectable weight loss drug.

More About: Ozempic Lawsuit
Lawyers
Lawyers "Optimistic" Suboxone Tolling Agreement Will Be Reached For Tooth Decay Lawsuits (Posted yesterday)

Plaintiffs and defendants involved in Suboxone tooth decay lawsuits say they are close to a deal that would allow the filing of federal complaints after some state statue of limitation laws would have disqualified plaintiffs from filing.

More About: Suboxone Tooth Decay Lawsuit
Lawsuit Indicates Tepezza Hearing Impairment Warnings Were Delayed By Horizon Therapeutics, Disregarding Safety of Users
Lawsuit Indicates Tepezza Hearing Impairment Warnings Were Delayed By Horizon Therapeutics, Disregarding Safety of Users (Posted 2 days ago)

New Jersey man indicates he has been left with permanent hearing impairment from Tepezza, alleging that Horizon Therapeutics failed to instruct doctors about the importance of conducting hearing tests on patients using the thyroid eye disease drug.

More About: Tepezza Hearing Loss Lawsuit
Show More