Risk

8/19/2013
11:00 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

FDA Issues Guidelines On Wireless Medical Devices

FDA outlines risks such as lost signals and recommends stringent security measures -- but document is not the last regulatory word.

The Food and Drug Administration (FDA) has released final guidelines on the design, testing and use of radio-frequency (RF) wireless medical devices. Although it doesn't promulgate legally enforceable responsibilities, the document is intended to guide both device manufacturers and healthcare providers toward the safe and secure use of wireless medical devices. Covered are devices "that are implanted, worn on the body or other external wireless medical devices intended for use in hospitals, homes, clinics, clinical laboratories, and blood establishments."

The FDA document has no relation to the impending guidance from the agency about how it will regulate apps that turn smartphones and tablets into medical devices. In fact, the draft guidance on RF wireless devices was issued in 2007, before smartphones and tablets became a factor in the industry. The FDA is focusing on the safety aspects of medical devices in hospitals, homes and other fixed-care settings.

For example, the guidance states, "Because there are risks associated with RF wireless systems, we recommend that you carefully consider which device functions should be made wireless and which device functions should employ wired connectivity."

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2638
PUBLISHED: 2018-07-16
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVE-2017-7468
PUBLISHED: 2018-07-16
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was...
CVE-2018-13387
PUBLISHED: 2018-07-16
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or ...
CVE-2018-14071
PUBLISHED: 2018-07-16
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVE-2018-5229
PUBLISHED: 2018-07-16
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.