Subject: Internet of Things

The Omnibus Appropriations Act Grants FDA Formal Authority to Require Cybersecurity Action by Medical Device Manufacturers

Share

Cyberattacks affecting internet-connected medical devices like insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps have increased in recent years. And such attacks show no sign of slowing, as the number and type of medical device products that are connected to the cloud increase (thereby increasing the attack surface for hackers), and as hackers become more sophisticated. Indeed, in a September 2022 FBI Private Industry Notification, the FBI noted that around 53% of connected medical devices and other internet of things (IoT) devices in hospitals had known critical vulnerabilities. These vulnerabilities could allow hackers to direct medical devices to give inaccurate readings, administer drug overdoses, or otherwise endanger patient health.

In the past, the U.S. Food & Drug Administration (FDA) has urged manufacturers to take measures to ensure the cybersecurity of their products through non-binding guidance. On December 29, 2022, President Biden signed into law the $1.7 trillion Omnibus Appropriations Act, which provided the FDA with authority to require manufacturers to take cybersecurity protection measures as to medical devices that are brought to market through future pre-market submissions. See H.R. 2617 (117th Congress, 2021-2022), text available here.

Continue reading “The Omnibus Appropriations Act Grants FDA Formal Authority to Require Cybersecurity Action by Medical Device Manufacturers”

Smart Contracts — A Few Tips to Avoid Being Outsmarted

Share

Proponents of digital innovations such as blockchain, the Internet of Things (IoT) and smart devices have hailed the introduction of such technology as the Fourth Industrial Revolution. When used together, they may create self-executing “smart contracts” for a variety of transactions. Smart contracts do not need to rely on IoT devices, but when they do, these devices are critical to the system, most importantly because they collect and transfer the transaction-related data that triggers the execution of the contracts. But how is that data verified, and what happens if the IoT devices are wrong?

Continue reading “Smart Contracts — A Few Tips to Avoid Being Outsmarted”

Smart Medical Devices Open New Treatment and Litigation Doors While Confirming Age-Old Balancing Acts

Share

Telemedicine and telehealth have significantly reshaped how consumers access health care services. Even before the COVID-19 pandemic, online portals were jockeying to replace visits to primary care providers and urgent care clinics for minor illnesses or simple-to-prescribe medications. The last two years shifted that race into high gear, particularly with new products and platforms being introduced that range from virtual clinic platforms that allow patients—and their programmable implanted medical devices—to connect with their providers from the comfort of their own homes, to passive smart devices that remotely monitor patient vital signs, analyze that data using proprietary algorithms, and evaluate whether a patient is having a medical emergency or needs to schedule an appointment with their provider. These technologies are now so ubiquitous that they are being showcased at the 2022 Consumer Electronics Show.

To be sure, regulatory changes in response to the COVID-19 pandemic made telemedicine more permissible—and reimbursable—than in the past. But that alone is not driving medical device companies forward. Instead, medical device manufacturers are rapidly developing smart or algorithm-driven medical devices that take advantage of the ever-increasing power of those technologies and leveraging telemedicine to make the remote treatment and management of medical conditions less complicated. A recent article in Nature’s npj Digital Medicine confirmed the growth in this area, counting 64 separate smart- or algorithm-driven medical devices currently on the market as of 2020. See Stan Benjamens, et al., The State of Artificial Intelligence-Based FDA-Approved Medical Devices and Algorithms: An Online Database, 3 npj Digital Medicine Article No. 118 (2020). Each of these new devices endeavor to enable physicians to practice more effectively and efficiently than they could before. The future for smart or algorithm-driven medical devices looks promising.

Continue reading “Smart Medical Devices Open New Treatment and Litigation Doors While Confirming Age-Old Balancing Acts”

The CPSC Releases Framework of Safety for the Internet of Things

Share

The rapidly developing technology of interconnected software allows consumers to reach new heights of convenience and efficiency. We can start our dinner remotely, listen to our music in every room in the house, track and log our heart rate and step count, and program our coffeepot to be ready for us in the morning. This technology sometimes is called the Internet of Things (IoT), which describes the interconnectedness of devices via the internet. These devices can exchange data between themselves to coordinate a variety of helpful functions. While this technology is exciting and signifies many positive new directions for consumer products, manufacturers should be aware of the potential risks that come with creating such products.

To that end, the U.S. Consumer Product Safety Commission (CPSC) released a Framework of Safety for the IoT (the CPSC Framework) in January 2019. The CPSC Framework provides “technology-neutral best practices to ensure consumer product safety” and to prevent “death, physical injury or illness” resulting from the use of IoT products. It is not intended to address privacy or confidentiality. While general in tone, the CPSC Framework is intended to assist with an “active approach” to safety rather than a reactive one in this quickly growing industry.

Continue reading “The CPSC Releases Framework of Safety for the Internet of Things”

Regulating the Internet of Things: CPSC Holds Public Hearing To Address The Risk of Hazardization in Smart Products

Share

The Consumer Product Safety Commission (CPSC) recently held a public hearing to discuss its potential role in overseeing the safety of smart devices collectively referred to as the Internet of Things (IoT). As Wi-Fi- and Bluetooth-enabled devices ranging from coffeemakers to thermostats to medical devices flood the marketplace, regulators and consumer safety advocates alike have raised concerns about whether the current framework of government regulations adequately protects consumers. While the hearing was only one step towards increased regulation, it did highlight possible steps the CPSC may take, as well as possible pitfalls raised by industry members and the legal community.

Continue reading “Regulating the Internet of Things: CPSC Holds Public Hearing To Address The Risk of Hazardization in Smart Products”