Sen. Warner enlists healthcare industry help on cybersecurity


[Image courtesy of Blogtrepreneur on Flickr, per Creative Commons 2.0 license]

U.S. Senator Mark Warner (D-Va.) is wrote a letter to several healthcare organizations yesterday, asking their help in improving cybersecurity in the industry.

A member of the Senate Finance Committee and chair of the Senate cybersecurity caucus, Warner pointed to apparent gaps in oversight, expressed concern about the impact of cyberattacks on the health care sector, and said he wants to help develop strategies that strengthen information security.

Ransomeware and other cyberattacks have stunned the healthcare industry. The 2017 WannaCry attack affected hospitals in the U.S. and U.K., including medical devices made by Bayer, Siemens and others, according to the Health Information Trust Alliance. A 2017 report by internet security software company Trend Micro found that more than 100,000 medical devices and systems were exposed directly to the public internet. The U.S. Department of Homeland Security issued an alert in 2018 indicating that several GE Healthcare imaging devices were vulnerable to cyberattack.

Healthcare hacking incidents accounted for 44% of all tracked data breaches in 2018,  the most of any type of breach, according to a report published in HIPAA Journal.  FDA published an updated draft of its cybersecurity premarket guidance for medical device makers in October 2018.

Warner’s office sent the letters to medtech trade group AdvaMed, the Healthcare Information and Management Systems Society, the American Hospital Association, and several other organizations.

“I would like to work with you and other industry stakeholders to develop a short and long term strategy for reducing cybersecurity vulnerabilities in the health care sector,” Warner said in the letter. “It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience, and security of our health care industry.”





The post Sen. Warner enlists healthcare industry help on cybersecurity appeared first on MassDevice.

IEEE publishes safety standards draft for medtech interoperability

The Institute of Electrical and Electronics Engineers (IEEE) Standards Association said it has published a draft set of standards intended to provide safe and secure medical device interoperability.

IEEE 11073-20701-2018, also known as IEEE Approved Draft Standard for Service-Oriented Medical Device Exchange Architecture & Protocol Binding, completes the International Organization for Standardization (ISO)/IEEE 11073 family of standards for point-of-care (PoC) medical device communication and defines an architecture for service-oriented, distributed PoC medical devices and medical IT systems. The standard defines a binding of the participant and communication model defined in IEEE 11073-10207 to the profile for transport over Web services defined in IEEE 11073-20702. IEEE 11073-20701 also defines a binding to network time protocol (NTP) and five differentiated services for time synchronization and to meet transport quality-of-service requirements.

Get the full story on our sister site, Medical Design & Outsourcing.

The post IEEE publishes safety standards draft for medtech interoperability appeared first on MassDevice.

Hospitals to medtech: Clean up your cybersecurity act


[Image courtesy of Blogtrepreneur on Flickr, per Creative Commons 2.0 license]

A consortium of hospital associations wants the medical device industry to up its game when it comes to interoperability and data sharing, especially concerning cybersecurity.

The group issued a report this month to make recommendations for all stakeholders in the U.S. hospital care system, including providers, patients, physicians, insurers and industry. The Jan. 18 report, “Sharing Data, Saving Lives: The Hospital Agenda for Interoperability,” in part urged medtech makers to clean up their act regarding the security of patient data in the Internet era.

“Medical device manufacturers must do more to confront the privacy challenges that unsecurable devices may pose to hospitals and health systems,” the authors wrote. “Hospitals and health systems, clinicians and patients must be able to trust that the data being shared is accurate, secure and being used in accordance with best practices and patient expectations. Security and privacy requirements must be embedded into every layer of the infrastructure. This includes mechanisms to validate the practices and standards of third-party apps and APIs that allow more flexible sharing of data. The infrastructure also must include a mechanism for health care providers to verify that a request for information is authorized, and each entity with access to individuals’ data must be responsible for appropriately securing and using that data.”

Specifically, the AHA wants medtech to expand the “plug and play” approach in the design and function of its devices, enhance the security of data collected and transmitted by those devices and add lifecycle support for them.

More generally, the report identified six key issues “as the surest pathways to full interoperability,” including security and privacy; efficient, usable solutions; cost-effective, enhanced infrastructure; “standards that work;” connecting beyond electronic health records; and shared best practices.

“The ability to communicate vital health data is necessary to realize the full potential of our nation’s system of health care. This joint statement from seven leading associations representing America’s hospitals and health systems, and the physicians and care team members who practice within these systems, sets forth our agenda in support of the urgent need for continued momentum on improving interoperability among health information technology (IT) systems—a goal that holds great promise for lasting improvement in patient care. Together, we seek to enlist and expand public and private stakeholder support around this goal to benefit all individuals, their families and caregivers,” according to the report.

The hospital consortium that created the report includes America’s Essential Hospitals, the American Hospital Assn., the Assn. of American Medical Colleges, the Catholic Health Assn. of the United States, the Children’s Hospital Assn., the Federation of American Hospitals and the National Assn. for Behavioral Healthcare.

The post Hospitals to medtech: Clean up your cybersecurity act appeared first on MassDevice.

UnitedHealth Group’s Optum sues VP who left for Amazon venture

judge gavel lawsuit medtech medical device Optum Amazon

[Image from Unsplash]

UnitedHealth Group’s Optum IT-based health services unit has sued former VP David Smith, claiming that he misappropriated trade secrets before leaving to join a new healthcare venture supported by Amazon.

Smith’s lawyers are seeking to move the case to arbitration.

The complaint, filed Jan. 16 in U.S. District Court in Massachusetts, accuses Smith of printing out a confidential Optum in-depth healthcare market analysis just a minute before printing out his resume. It was the same day that he spoke with the healthcare innovation venture nicknamed ABC, now led by Dr. Atul Gawande and supported by Amazon, Berkshire Hathaway and J.P. Morgan Chase.

Smith, who went from being VP of corporate strategy to being VP of product during 18 months at Optum, also sought confidential information from colleagues that was not related to his job duties, according to the lawsuit complaint.

Smith resigned Optum last month to join ABC as director of product strategy and research. Just a day before he told Optum that he planned to resign, he printed out a highly confidential document including product portfolio performance, new product development and a product job family and assessment plan, the complaint said.

“If Smith is permitted to work for ABC, he will inevitably use Optum’s trade secrets to expedite ABC’s development of competitive capabilities and products. Even if those products take more than a year to commercialize, Smith’s assistance in the process of beginning to develop them now is a direct competitive harm to Optum,” Optum’s lawyers said in the complaint.

Optum is seeking an injunction to prevent Smith from working for ABC or divulging trade secrets, as well as damages.

Smith’s lawyers in their own filing argue that the dispute falls under Optum’s employment arbitration policy, so the case should be handled through arbitration, not a lawsuit trial.

Said Smith’s lawyers: “There is no reason for this case to be in court.”

The post UnitedHealth Group’s Optum sues VP who left for Amazon venture appeared first on MassDevice.

Cynerio poised to enter U.S. healthcare cybersecurity market

 said it has completed a $7 million funding round to fuel growth in North America for its healthcare-focused cybersecurity platform.

Investors include global venture capital firms, Accelmed, an unidentified medtech investment firm, and RDC, and RDC, a joint venture between Israeli investment firm Elron and Israeli defense systems manufacturer Rafael.

Get the full story on our sister site, Medical Design & Outsourcing.


The post Cynerio poised to enter U.S. healthcare cybersecurity market appeared first on MassDevice.

What you need to know about growing cyber threats to medtech

Medical devices are an especially rich cybersecurity target for malicious activity by those seeking commercial gain or just trying to wreak havoc. And while data theft is a serious threat, the risks posed by hacks that involve the expanding universe of networked medical devices can be especially menacing.

Nach Davé and John Pappan, Premier Research


[Image courtesy of Blogtrepreneur on Flickr, per Creative Commons 2.0 license]

In 2015, the FDA warned that a networked infusion pump was vulnerable to being accessed and controlled by unauthorized users. Concerned that attackers could harm patients by altering their medication dosing, the agency warned healthcare facilities to discontinue its use. Years earlier, before hacking of these devices was on most people’s radar, doctors for former Vice President Dick Cheney ordered that his heart defibrillator’s wireless capability be turned off to prevent the possibility of tampering by terrorists.

Get the full story on our sister site, Medical Design & Outsourcing.

The post What you need to know about growing cyber threats to medtech appeared first on MassDevice.

What is the future of medtech in 2019?

future of medtech medical device predictions crystal ball

[Image from Unsplash]

A global push to increase medical device industry regulation and the continued blurring of high tech and medtech – those are but some of the predictions that Medical Design & Outsourcing editors are hearing from experts.

Read on to discover some of the top predictions of where the industry is going in 2019.


Senior editor Nancy Crotti and assistant editor Danielle Kirsh contributed to this report. 

The post What is the future of medtech in 2019? appeared first on MassDevice.

Hospital software dev Jump Tech raises $3m

Jump Technologies

Hospital supply chain solutions developer Jump Technologies said today it closed a $2 million follow-on investment round.

The Eagan, Minn.-based company developed and supports the JumpStock could-based hospital supply chain software, according to a press release.

The financing round was led by Black Granite Capital and joined by new strategic investor Mount Sinai Ventures, as well as two large unnamed investors, Jump Tech said.

“Health Systems need to drive innovation in business practices and technologies, not only in clinical care or practice. Our partnership with Jump Technologies has enabled the development of a best-in-class inventory management solution that reflects the unique needs of our system and brings increased efficiency and support to our world-class clinical teams and the patients we serve,” Les Grant of Mount Sinai Health System said in a prepared statement.

“Additional investment capital helps us expand our footprint more quickly to hospitals and health systems across the country. Hospitals invest in cutting-edge technology to treat patients, but when it comes to inventory management, some facilities still rely on individuals counting materials in store rooms every day. We’re improving this dramatically with our powerful automation and data analytics and simple user interface. By delivering actionable analytics that are visible to all areas of the hospital, we can positively impact the supply room, patient care, and an organization’s bottom line,” Jump Tech CEO John Freund said in a press release.

The post Hospital software dev Jump Tech raises $3m appeared first on MassDevice.

Dartmouth-Hitchcock hospitals to deploy Philips’ tele-ICU program

Philips’ eICU program combines predictive analytics, data visualization, and advanced reporting capabilities to deliver vital information to bedside caregivers. (Image courtesy of Royal Philips)

Dartmouth-Hitchcock Health (Lebanon, N.H.) has agreed to implement Royal Philips’ (NYSE: PHG) eICU program technology.  The program aims to help reduce mortality, length of stay, and ventilation days while providing care to patients wherever they are located.

Philips’ eICU is a tele-ICU program that will link specialists at the health system’s flagship hospital, Dartmouth-Hitchcock Medical Center (DHMC) in Lebanon, N.H., with the patient’s local hospital. Dartmouth-Hitchcock’s program will start with medical, surgical, and neurology intensive care units at DHMC, along with the intensive care unit at Cheshire Medical Center. The program’s tele-ICU hub will also be located at DHMC, where it will leverage Philips’ IntelliSpace eCareManager, the program’s source-agnostic software, providing clinicians with a single integrated view of patient data.

Get the full story on our sister site, Medical Design & Outsourcing.

The post Dartmouth-Hitchcock hospitals to deploy Philips’ tele-ICU program appeared first on MassDevice.

Senators question basis for FDA’s digital health pre-cert pilot

Sens. Elizabeth Warren (D-Mass., left), Tina Smith (D-Minn., center) and Patty Murray (D-Wash. right) [Images are public domain]

Three Democratic senators representing major high tech and medtech hubs in the United States are questioning the statutory basis of FDA’s new pilot program for digital health product precertification.

“We support FDA’s efforts to update the medical device review regime to better accommodate digital health devices and believe that it is an important step in ensuring that America remains an innovative, cutting-edge producer of medical devices. However, it is essential that changes to FDA’s regulatory framework are done in compliance with the current statutory framework and do not compromise public safety.” Sens. Elizabeth Warren (D-Mass.), Tina Smith (D-Minn.) and Patty Murray (D-Wash.) wrote in a letter dated Oct. 10 to FDA Commissioner Scott Gottlieb.

Their letter requests a response from Gottlieb by Nov. 9. FDA plans to respond directly to the senators, said agency spokesperson Stephanie Caccomo.

Get the full story on our sister site Medical Design & Outsourcing. 

The post Senators question basis for FDA’s digital health pre-cert pilot appeared first on MassDevice.