Kevin Fu Apppointed as FDA’s First Director of Medical Device Security

The U.S. Food and Drug Administration (FDA) has reported that University of Michigan associate professor Kevin Fu was appointed as the first medical device security director.

Kevin Fu will work for a term of one year as acting director of the FDA’s Center for Devices and Radiological Health (CDRH) medical device security as well as the recently established Digital Health Center of Excellence, beginning on January 1, 2021. Fu is going to assist in bridging the gap between medicine and computer science in addition to helping companies keep their medical devices secure from digital threats.

Fu is going to help in developing the CDRH cybersecurity strategies, public-private partnerships, and pre-sell vulnerability examination to make sure of the security of medical devices such as insulin pumps, imaging machines, pacemakers, and healthcare IoT devices and keep them secure from digital threats.

Fu has significant expertise in the discipline of medical device cybersecurity. Fu is presently the University of Michigan’s Archimedes Center for Medical Device Security’s chief scientist. He founded and co-founded the healthcare cybersecurity startup company Virtua Labs together with his doctoral students and was formerly a part of the National Institute of Standards and Technology’s (NIST) Information Security and Privacy Advisory Board. Fu has additionally carried out research on software radio attacks impacting implantable medical devices like cardiac defibrillators and pacemakers and showed how easily available radio software programs can be employed to get access to the devices and grab communications. Fu is at present an associate professor of electrical engineering and computer science and a lecturer at Dwight E. Harken Memorial. He will keep the roles in the University of Michigan.

Protecting medical devices is a difficult task. Large quantities of medical devices are currently utilized by hospitals in complicated interconnected systems. Numerous hospitals don’t have comprehensive inventories of their gadgets, and because many operate on legacy programs, vulnerabilities could very easily go unchecked. Cyber threat actors could exploit those vulnerabilities and result in harm to patients or acquire a footing in healthcare computer systems.

As Fu discussed in an interview lately publicized on Michigan News, the risk landscape has evolved considerably in the last 10 years. There are much more adversaries that are starting attacks. Ten years ago, it was quite hypothetical. These days you know about numerous hospitals practically closing down due to ransomware attacks. New security vulnerabilities are discovered in medical device software program practically on a daily basis. We must be heedful in ensuring that all medical devices are equipped with a basic level of security. Medical devices should stay safe and efficient in spite of cybersecurity risks.

Medical devices should possess privacy and security options by design, instead of being added afterward. By then, security problems would be a lot harder to deal with.

Sadly, commonly, medical device companies fail to’ seek feedback from security professionals when designing medical devices and so the devices are only created according to well-known computer security engineering concepts. That should change.

At this time, Fu is concentrated on medical device safety. He is looking forward to his work at the FDA to help build up public confidence in the security and efficiency of medical devices in spite of the built-in cybersecurity threats.