Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award

 

The Food and Drug Administration (FDA) recently issued new requirements mandating that medical devices be secured against cyberattacks. This move comes after a long-standing concern about the potential for these devices to be hacked and used to harm patients.  This new requirement is a significant step towards securing medical devices, which have been increasingly more connected and vulnerable to cyberattacks. Medical devices such as insulin pumps, pacemakers, and other implantable devices can be hacked to cause significant harm to patients. 

Connectivity Is a Double-Edged Sword

The ability to connect wirelessly to implanted medical devices makes them significantly easier to monitor and control. Unfortunately—as with every technology—if it makes life easier for you, it also makes it easier for attackers and exposes you to risk.  A group of researchers led by Barnaby Jack demonstrated more than a decade ago that they could remotely control an insulin pump, causing it to deliver fatal doses of insulin. Using software and a special antenna, Barnaby could locate and hijack control of insulin pump devices within a 300-foot radius. This demonstration underscored the seriousness of the problem and the potential harm that can be caused.

Securing Medical Devices

Securing medical devices against cyberattacks is essential. These devices impact human lives. Any vulnerability in a medical device can have serious consequences for patients. For example, a hacker could potentially deliver a fatal dose from an insulin pump as described above, or change the settings on a pacemaker causing it to malfunction and harm the patient. This underscores the importance of ensuring that these devices are secure and free from vulnerabilities that could be exploited.

Of course being connected means that medical devices are more vulnerable to cyberattacks. In the past, medical devices were standalone devices that were not connected to any network. However, with the rise of the internet of things (IoT), medical devices are now connected to the internet or other networks. This makes them more vulnerable to cyberattacks.   The trust of patients and consumers is also essential and requires that medical devices be protected against cyberattacks. Patients must have confidence that the medical devices they use are secure and free from vulnerabilities that could be exploited by attackers. Any vulnerability in a medical device can erode patient trust and lead to negative outcomes. 

FDA Guidance

The FDA’s new requirement emphasizes the importance of AppSec in medical devices. This means that manufacturers must take steps to ensure that the software used in their devices is secure and free from vulnerabilities that could be exploited by attackers. This is an important step towards ensuring that medical devices are safe for patients to use.

The new requirements apply to medical devices that have software that is connected to the internet or other networks—including devices that have wireless connectivity, such as Bluetooth or Wi-Fi. Moving  forward, medical device manufacturers must submit documentation that shows a software bill of materials (SBOM) and how they have implemented cybersecurity measures in their devices. The FDA will review this documentation and ensure that the devices meet the required standards.

AppSec Is Crucial

The FDA’s new requirements are a significant step towards securing medical devices against cyberattacks. They underscore the importance of AppSec in the development of medical devices and highlight the potential harm that can be caused by a cyberattack on a medical device. Manufacturers must now take steps to ensure that their devices are secure and free from vulnerabilities that could be exploited by attackers—which is essential for patient safety, trust, and confidence in the medical devices they use.  

With any IoT device patching vulnerabilities can be a painstaking process, this becomes even more problematic with medical devices that are often implanted in a human being.  This is why it is even more important to have a strong AppSec program that finds vulnerabilities in code before they are even released to market.  An ounce of prevention is worth a pound of cure. 

About Qwiet AI

Qwiet AI empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, Qwiet AI scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, Qwiet AI then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use Qwiet AI ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in Santa Clara, California. For information, visit: https://qwiet.ai

Share

Read Next

Cybersecurity
January 16, 2025 4 min to read

Unpacking the New White House Cybersecurity Executive Ord...

by Chris Hatter

The latest executive order on cybersecurity issued today, Jan 16 2024, covers a lot of ground across multiple cybersecurity domains, from software security to post-quantum cryptography. The White House is sending a clear message to both the public and private sectors that the threats from foreign adversaries are more dire than ever. It comes at […]

READ MORE
Cybersecurity
May 29, 2024 3 min to read

GitHub Copilot & Advanced Security : The Fox Guardin...

by Team Qwiet

GitHub Copilot, the AI-powered coding assistant, has emerged as a game-changer in the software development landscape. By harnessing the power of generative AI, Copilot promises to accelerate coding tasks, boost developer productivity, and even democratize coding by making it more accessible to newcomers. However, as with any transformative technology, there are caveats. In Copilot’s case, […]

READ MORE
AI Announcements Cybersecurity
April 29, 2024 4 min to read

The Qwiet AI Code Doctor Will See You Now – Introdu...

by Stuart McClure

Qwiet AI and the ancient Greek physicians like the father of medicine Hippocrates have much in common. Hippocrates highlighted the significance of a healthy diet and lifestyle in preventing diseases and acknowledged the root cause of physical and psychological ailments as diet and lifestyle choices (Διαιτήμασί in Greek), and now Qwiet AI is delivering his […]

READ MORE

Read Next

Cybersecurity
October 16, 2023 3 min to read

Business Logic Flaws – the Software Underbelly Hack...

by Brian Lee

It started as a well-intentioned plan to help businesses access real-time tracking data to provide better service to their customers.  The “Informed Visibility System” by the USPS started off with great intentions, but unfortunately rolled out the red carpet for cyberciminals, exposing sensitive data on 60 million users. The business team found a need and […]

READ MORE
Cybersecurity
June 29, 2023 5 min to read

Eliminate the FUD in AI/ML – Use it to your advantage

by Chris Hatter

Artificial intelligence (AI) and machine learning (ML) have been in our daily lives for years. Simple examples of their pervasiveness include financial fraud detection, product search optimization, and ad targeting. In cybersecurity, we’ve been applying machine learning to endpoint detection for at least a decade. Other examples include k-means clustering in spam detection and intrusion […]

READ MORE
AppSec Cybersecurity Cybersecurity for Developers
November 14, 2023 5 min to read

Keeping Secrets: A Deep Dive into Robust and Secure Envir...

Introduction Diving into the depths of application development often reveals the lurking dangers of sensitive information exposure. Secure management of environment variables, often used to store secrets like API keys and credentials, becomes a pivotal practice in navigating these treacherous waters. In this deep dive, we will explore the intricacies, best practices, and common pitfalls […]

READ MORE
Subscribe to newsletter
Privacy Policy Terms of Service © 2024 Qwiet. All rights reserved
Services
Company
Platform
Resources
Log In