Taking the Pulse on Medical Device Security

Jul 22, 2020

Beau Woods, a Cyber Safety Innovation Fellow with deep expertise in cybersecurity, and Andy Coravos, co-founder of Elektra Labs and former FDA EIR, delve into the often-overlooked world of medical device security. They discuss the ethical dilemmas and safety concerns of devices like pacemakers and insulin pumps, emphasizing the need for robust regulatory frameworks. The conversation covers the challenges of integrating security into medical software and the vital collaboration needed among stakeholders to protect patient safety in an increasingly digital healthcare landscape.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Initial Resistance to Security

Medical device makers initially resisted security concerns, citing safety and efficacy as priorities.
Financial motives and FDA approval processes were also cited as obstacles.

ADVICE

FDA Guidelines on Security Patches

Ship security patches for medical devices if they don't change critical functions or advertised features.
Major changes require re-approval or re-clearance from the FDA.

INSIGHT

Device Classification by Claims

FDA device classification depends on the manufacturer's claims, not just hardware/software.
A Fitbit claiming to diagnose AFib becomes a medical device, changing its regulatory status.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Many don’t realize we even need to think about the possibility of security hacks when it comes to things like pacemakers, insulin pumps, and more. But when bits and bytes meet flesh and blood, security becomes literally a life or death concern. So what are the issues and risks we need to be aware of in exposing security vulnerabilities in connected biomedical devices?

This conversation—with Beau Woods, Cyber Safety Innovation Fellow with the Atlantic Council, part of the I Am The Cavalry grassroots security initiative, Founder/CEO of Stratigos Security; Andy Coravos, co-founder and CEO of Elektra Labs, advisor to the Biohacking Village at DEF CON (both of whom were formerly EIRs at the FDA); and a16z's Hanne Tidnam covers how we should begin to think about addressing these security issues in the biomedical device space. What are the frameworks that should guide our conversations, and how and when (and which!) stakeholders should be incentivized to address these challenges? How did the FDA begin to think about security as part of the safety of all medical devices, including software as a medical device, and how we should think about understanding, monitoring, and updating the security of these devices—from philosophical statements to on-the-ground practical fixes and updates?

Stay Updated:

Find a16z on YouTube: YouTube

Find a16z on X

Find a16z on LinkedIn

Listen to the a16z Show on Spotify

Listen to the a16z Show on Apple Podcasts

Follow our host: https://twitter.com/eriktorenberg

Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.