Nick Yuran
Chief Executive Officer
I was recently interviewed by a prominent medical publication on my thoughts on the FDA’s new policies on wireless management of infusion pumps. This new regulatory guidance allows infusion pump manufacturers to make limited modifications to the wireless capability of their devices without having to initiate a new 510(k) submission process. The goal is to allow for more effective and efficient remote wireless management of deployed devices by the available clinical staff. In this interview, the journalist wanted to understand the inherent security risks and threats to patient health in allowing such unregulated activities by the medical device industry.
I first had to politely correct the interviewer’s premise. The regulatory science behind the FDA’s decision was well-researched, and has informed a very sound policy change. The new guidance is based on the FDA’s belief that the potential security risks being introduced are minimal at best, and are far outweighed by the efficiency gains and clinical benefits. Moreover, even when their activities are unregulated, medical device manufacturers are highly motivated to follow industry best practices for cybersecurity and cybersafety. Indeed, our infusion pump clients have already engaged us to discuss the secure design and implementation of these new capabilities, intent on taking products to market that are every bit as secure as those that have gone through a rigorous regulatory review process.
To quote my interviewer, “You’re not giving me anything!”, and needless to say my remarks never made it to print. Nonetheless, I find it encouraging that there is nothing dire or sensational to say on the matter. The working relationship between regulators, medical device OEMs and the security community is cooperative and highly functional, promoting safe and beneficial innovations such as this one.
Related Insights
Guidelines for Source Code Comparison in Litigation
Guidelines for Source Code Comparison in Litigation
Harbor Labs Director of Firmware Security Dr. Paul Martin describes the strategies, tools, and methodologies used at Harbor Labs when performing source code comparisons in support of litigation consulting and investigation engagements.
Guidelines for Source Code Quality Assessments
Guidelines for Source Code Quality Assessments
Dr. Paul Martin describes the strategies and computer science disciplines involved in performing a code quality assessment, and how these processes can be used to produced a defensible, evidence-based conclusion on the coding quality of a target codebase.
Why FDA Rejects the Cybersecurity Content of Regulatory Submissions
Why FDA Rejects the Cybersecurity Content of Regulatory Submissions
Harbor Labs Chief Scientist Dr. Avi Rubin identifies some of the most common reasons why the FDA rejects the cybersecurity content of regulatory submissions.