Whitepaper: Dr. Rushanan explains Best Practices for Ensuring Secure… Read Now
CASE STUDY

Wearable Insulin Pump – Guiding a Non-US Medical Device Manufacturer Through FDA Regulatory Clearance After Initial Rejection

Medical System
Wearable Insulin Pump
Project Date
October 2023
Services
Software & Firmware Testing Hardware Testing Regulatory Submission Support
Project Leader

About the Author

  • Dr. Mike Rushanan, Chief Scientist, professional headshot
    Chief Scientist

    Dr. Mike Rushanan is the Chief Scientist at Harbor Labs. Dr. Rushanan has been on the front line of the medical device security industry since its inception, serving as the lead engineer on the FDA’s first ever cybersecurity alert in 2015. His extensive experience with all facets of medical cybersecurity, including regulatory policy, clinical technologies, healthcare IT, cryptography, and secure system design is reflected in the countless thousands of fielded medical systems certified through his reviews. Dr. Rushanan is renowned for his work in diabetes care cybersecurity. He has worked with most major providers and a broad set of diabetes care technologies, including insulin pumps, CGMs, closed loop systems, and diabetes management software. Dr. Rushanan also specializes in cardiac care systems, surgical robotics, next-gen sequencing systems, and drug infusion systems. Dr. Rushanan teaches the course Security and Privacy in Computing, and is the course designer and instructor of Medical Device Security at Johns Hopkins University. His Ph.D. from Johns Hopkins University is in the area of Computer System and Network Security.

Harbor Labs was engaged by a non-US manufacturer of a wearable insulin pump to help resolve a series of disqualifying issues in their 510(k) submission. The manufacturer had already submitted their package to the FDA for review, but had been rejected due to several deficiencies related to their cybersecurity content and test reports.

As a foreign manufacturer unfamiliar with the nuances of the FDA cybersecurity review process, and despite feedback from the reviewer on the deficiencies in their submission, the client was still uncertain how best to remedy these deficiencies in a way that would meet regulatory approval. Moreover, the client was facing schedule pressures and it was imperative that their submission package be redone immediately.

Harbor Labs began the engagement with an extensive gap analysis, reviewing the client’s documentation to identify misordered or mislabeled content, and to note any required content that was absent. Upon completion of the gap assessment, Harbor Labs produced a checklist of tasks to be completed prior to resubmission, including a revised risk assessment and threat model, the production of new architectural views, and a new set of penetration and vulnerability testing. Harbor Labs was engaged to perform a complete overhaul of the submission, reproducing the entirety of all required content.

The client submitted their revised package to the FDA and received 510(k) clearance and authorization to sell in the US market almost immediately.

About the Author

  • Dr. Mike Rushanan, Chief Scientist, professional headshot
    Chief Scientist

    Dr. Mike Rushanan is the Chief Scientist at Harbor Labs. Dr. Rushanan has been on the front line of the medical device security industry since its inception, serving as the lead engineer on the FDA’s first ever cybersecurity alert in 2015. His extensive experience with all facets of medical cybersecurity, including regulatory policy, clinical technologies, healthcare IT, cryptography, and secure system design is reflected in the countless thousands of fielded medical systems certified through his reviews. Dr. Rushanan is renowned for his work in diabetes care cybersecurity. He has worked with most major providers and a broad set of diabetes care technologies, including insulin pumps, CGMs, closed loop systems, and diabetes management software. Dr. Rushanan also specializes in cardiac care systems, surgical robotics, next-gen sequencing systems, and drug infusion systems. Dr. Rushanan teaches the course Security and Privacy in Computing, and is the course designer and instructor of Medical Device Security at Johns Hopkins University. His Ph.D. from Johns Hopkins University is in the area of Computer System and Network Security.

CAPABILITIES

Ready to Help at Any Stage

Not every project fits into a predefined path—and not every security challenge starts with compliance. We also support research teams, software developers, and security leads with targeted expertise and custom testing strategies. If it’s complex, connected, and critical, we’re ready to help.

Persistent Vulnerability Monitoring

Continuous analysis of deployed devices to surface and track emerging threats.

Security & Data Privacy

Design support and documentation to help meet regulatory expectations.

Hardware Testing

Interface validation, physical compromise evaluation, and teardown analysis.

Software & Firmware Testing

Vulnerability analysis, fuzz testing, and formal verification for medical codebases.

Let’s Talk!

Contact Us Today

Whether you’re navigating regulatory hurdles or scaling your security program, our team is here to help. Let’s talk about what’s next.

info@harborlabs.com

1.855.CYBR.SCI

1777 Reisterstown Road, Suite 230
Baltimore, MD 21208

Please fill out the form and we’ll get back to you shortly.

I’m interested in more information about: