This Week Health

Don't forget to subscribe!

Windows XP went end of life on April 8th, 2014, but it's probably running on more than one BioMed device at your health system.

Can you think of an area more needing for Cybersecurity focus than BioMed devices? Well, the FDA has finally moved to address this gap.


The Food and Drug Administration recently named Kevin Fu as the agency’s first Acting Director of Medical Device Cybersecurity in its Center for Devices and Radiological Health.

The newly created position is designed as a 12-month post, which began on January 1, 2021. Fu will lead the FDA’s ongoing efforts to ensure the safety and effectiveness of medical devices, including pacemakers, insulin pumps, hospital imaging machines, and other electronic devices.


If you want to know where he is going.

“You can’t simply sprinkle magic security pixie dust after designing a device,” Fu explained to the University of Michigan. “Whether for manufacturers of the Internet of Things or medical devices, we’re not providing the necessary level of security engineering training that companies need.” 

Dust off your bio med device security playbooks. I would be shocked if they have much dust on them, but get them out and turn to page ... 


This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Today in Health it, this story is biomed device security. I know really sexy topic for this Tuesday. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current. And engaged. I wanna thank our sponsor for today's Sirius Healthcare.

They've reached out to me roughly about this time last year and said, we love what you're doing and really appreciate your mission to develop the next generation of health leaders. And the rest is history. They've been sponsoring the show ever since. If you believe in our mission as well and wanna support our show, please shoot me a note at partner at this week in health

Alright, onto today's story. . This comes from health it The story's by Jessica Davis. Uh, it's covered in a lot of different places, but I, I like this version the best. Anytime I'm looking at a security story, I go to the health it website. Okay, here it is. The Food and Drug Administration recently named Kevin Fu.

As the agency's first acting director of Medical Device Cybersecurity in its center for device and radiological health, this is a huge gap in security for most health systems. You can literally find Windows XP, an operating system, which went end of life on April 8th, 2014 on medical devices in hospitals.

That means no more resources at Microsoft are working on Windows xp. That device that's connected to you in the hospital bed, it may be running on a bug ridden and and whole infested software. All right, back to back to, sorry. That was my rant. Back to the article. FU is an associate professor of electoral engineering and computer science at the University of Michigan and a Dwight e Harken memorial lecturer.

He also is the founder and chief scientist of the Archimedes Center for Medical Device Security. He'll maintain these roles as he leads the FDA effort. The newly created position is designed as a 12 month post, which began on January 1st, 2021. FU will lead the FDA's ongoing efforts to ensure the safety and effectiveness of medical devices, including pacemakers, insulin pumps, hospital imaging machines, and other electronic devices.

Food is tasked with working to bridge the gap between medicine and computer science, as well as supporting manufacturers in protecting medical devices from digital security threats. This is so needed and has been needed for so long. I'm gonna keep going through the article. Medical device security is a massive challenge for the, a majority of healthcare organizations, troves of connected medical devices in complete inventories and heavy.

Reliance on legacy platforms have left many entities vulnerable to attacks. In fact, I mean, my story on this is we went to our manufacturer and said, look, we, we can't be running on Windows XP anymore. We need this to be updated. And they said, you don't understand the process. We would have to go back to the FDA, get this entire device recertified, and you're talking literally months, if not years, to get that device recertified.

And they essentially said, we know that Windows XP is end of life, but we're not ready to turn it over, and it might be a year or two before we're ready to do that. So we had to come up with workarounds around utilizing Windows XP as one of those devices, or replace all of those devices across our health systems.

And when you're talking about a 16 hospital system, that's. Millions of dollars. That's a lot of coordination. Clearly you want to get ahead of this stuff, but that is a significant project. Alright, back to the article, what's worse? Nation state actors and other cyber criminals have launched multiple campaigns that target these weaknesses, which has become a serious risk to patient safety.

Alright, let's see if we can find some stuff that Dr. Fu is talking about. The FDA has recognized these challenges. Providing medical device playbook in 2018 meant to support manufacturers, developers, and provide better secure, connected devices. It resulted in an increase in reported vulnerabilities.

Which is much needed to tackle these risks As first acting director of medical device security, the needed collaboration and shift into stronger medical device infrastructure could be within reach to FU Manufacturers need to better understand the need to build cybersecurity into the design of devices to get there, engineers, patients, clinicians, and legal experts.

Need to be brought to the table during the design process. The other challenge is that medical devices rely on complicated software systems, which don't always follow much needed privacy and security standards through stress that there needs to be stricter requirements for medical device design. You can't simply sprinkle magic, security pixie dust.

After designing a device, FU explained to the University of Michigan, whether for manufacturers or the internet of things or medical devices, we're not providing the necessary level of security engineering training that companies need right now. Though I'm focused on medical device safety, FU concluded.

I'm really looking forward to working at FDA to help build public trust in the safety and effectiveness of medical devices despite the inherent cybersecurity risks. Alright, as you know, we end all these stories with so what? Why does this matter? Well, cybersecurity is a national emergency. This appointment is a little obvious and it is amazing that it is just now happening in 2021.

Regardless, we welcome it and we welcome Dr. Fu into . This role. If I were a health system today, if I were in ACIO role, I might dust off my biomed device cybersecurity plan. I, I wouldn't imagine there's too much dust on it, to be honest with you. Make sure you're ready. I. For what is bound to be coming from the FDA, by the time it comes down as a regulatory mandate at the federal level, you are behind.

Uh, I, I'm really getting tired of, uh, you know, federal mandates coming down and then health systems rallying around the American Hospital Association and others to try to combat against this, oh, it's moving too fast, and those kind of things. We should be ahead of these things. We should know that they're coming.

We should have plans around these things, and I realize that some health systems are understaffed in this area, but if you're listening to the show, you now know that . Kevin Fu has been identified and appointed to this role. Therefore, he is going to be pushing things down that are going to impact your health system.

Try to stay ahead, know what's coming, and be ready to strengthen this much needed area. That's all today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week,, or wherever you listen to podcast Apple, Google. Overcast, Spotify, Stitcher, you get the picture.

We're everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.

Thank You to Our Show Sponsors

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 268
Transform Healthcare - One Connection at a Time

© Copyright 2024 Health Lyrics All rights reserved