Guidance for Industry and Food and Drug Administration Staff

Despite the enormous flurry of bad press about the FDA and CDC these agencies are constantly improivng their resistance to attacks on their networks.  The FDA has an extensive department dedicated to one thing...guarding device security for mobile devices.  Each application for mobile devices and remote monitoring must be cybersecure and assessed for resistance to unauthorized intrusion.

This document provides FDA’s recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations are intended to promote consistency, facilitate efficient premarket review, and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats. This document supersedes the final guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” issued October 2, 2014.

Rest easy, your medications may not be safe, or effective, but the FDA is secure.

Health IT vulnerability disclosed by HHS

THIS BULLETIN IS BEING BROUGHT TO YOU VIA DIGITAL HEALTH SPACE.

 

Citrix Bleed Vulnerability 

Executive Summary 

On October 10, 2023, Citrix released a security advisory for a vulnerability that impacts the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). This vulnerability is tracked as CVE-2023-4966 and has also been referred to as ‘Citrix Bleed’. The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health (HPH) sector. This alert contains information on attack detection and mitigation of the vulnerability. The following versions are currently capable of being exploited: 

• NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 

• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15 

• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19 

• NetScaler ADC and NetScaler Gateway version 12.1 (EOL) 

• NetScaler ADC 13.1FIPS before 13.1-37.163 

• NetScaler ADC 12.1-FIPS before 12.1-55.300 

• NetScaler ADC 12.1-NDcPP before 12.1-55.300 

It should also be noted that NetScaler ADC and NetScaler Gateway version 12.1 are now considered End-of-Life and will also be vulnerable to CVE-2023-4966. 

Patches, Mitigations, and Workarounds 

Citrix released a patch for this vulnerability in early October, but it has been reported that the vulnerability was being exploited as a zero-day since August 2023. The manufactor has also warned that these compromised sessions will still be active after a patch has been implemented. HC3 encourages all administrators to follow Citrix’s guidance to upgrade their devices and remove any active or persistent sessions with the following commands: 

• kill aaa session -all 

• kill icaconnection -all 

• kill rdp connection -all 

• kill pcoipConnection -all 

• clear lb persistentSessions 

Additional recommended actions for investigating any potential exploits of CVE-2023-4966 are provided by NetScaler here, and further technical details, threat actor activity, and indicators of compromise from CISA can be obtained here and here. HC3 strongly encourages users and administrators to review these recommended actions and upgrade their devices to prevent serious damage to the HPH sector. 

References 

CISA Guidance for Addressing Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix Bleed 

https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed 

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability 

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a 

CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway

https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

 

https://nvd.nist.gov/vuln/detail/CVE-2023-4966

 

Webinar Video: Decisions You Must Make About Healthcare Digital Experience | HealthcareWebSummit

Webinar Video: Decisions You Must Make About Healthcare Digital Experience | HealthcareWebSummit

The Role of Digital Healthcare Platforms in Innovation

It is challenging and Difficult to Navigate

Artificial Intelligence is rapidly evolving, but unproven. Tech is increasingly capable, and Efficiency, Decreases physician stress, and burnout

Amazon Iterates.  One Medical, Pharmacy

Underperforming Applications

Compete or Partner? Can you implement an already proven product using an API?

Core Features:  Functionality, Customer Services, Self Service, Personalization, Multichannel 

Digital Convenience---Death by Portal.

Telehealth works and is now reimbursable. 

ROI is elusive and difficult to measure

Neurotechnology and Noninvasive Neuromodulation: Case Study for Understanding and Anticipating Emerging Science and Technology - National Academy of Medicine

Case Study: Neurotechnology

Multiple national-level research projects are under way around the world with the goal of revolutionizing understanding of the human brain, in the same way that the Human Genome Project transformed the understanding of the genome (International Brain Initiative, 2020). Just as the Genome Project has enabled both the reading of genomes and the modification, synthesis, and writing of genomes, the growing and evolving understanding of the brain is now enabling both monitoring and modulation. Neural modulation technologies have the potential to offer significant benefits to individuals and society, including through life-changing treatments and therapies for patients and the potential to mitigate cognitive decline associated with aging among other benefits (e.g., Anderson et al., 2020; Lee et al., 2019; Reinhart and Nguyen, 2019). At the same time, these technologies also raise a new constellation of ethical and societal issues, including questions about personal identity and autonomy, data security, equity, fairness, and legality (NIH, n.d.).

Download the graphics below and share on social media! 

In particular, neural interfaces—frequently used to describe electronic devices that are placed on the outside or inside of the brain or other components of the central and peripheral nervous system to record or stimulate activity—both raise complex questions for society and are increasingly available both clinically and direct to consumer (DTC) in products designed to observe, interpret, and modify human brain function.

Neural interfaces with narrow applications are already in use in health and medicine. For example, deep brain stimulation, which requires surgical implantation, is approved by the FDA to treat patients with conditions such as Parkinson’s disease, essential tremor, epilepsy, and obsessive-compulsive disorder and is being studied in the treatment of other disorders of mood, behavior, and thought (Lee et al., 2019). Transcranial magnetic stimulation (TMS) is being used to treat patients with major depressive disorder and obsessive-compulsive disorder and is being studied in the treatment of pain, addiction, post-traumatic stress disorder, traumatic brain injury, and other conditions (Anderson et al., 2020). External, wearable interfaces are being studied and in some cases being used clinically in people with major depression, chronic pain, stroke and spinal cord injury rehabilitation, and epilepsy management (Avila et al., 2021; Brinkmann et al., 2021; Pedrelli et al., 2020; James et al., 2018).

Transcranial direct current stimulation (tDCS) is a noninvasive neuromodulation technology that is portable, relatively inexpensive, and relatively safe when used within safety guidelines (Elsner et al., 2020). Though the technology has been around for decades, interest in (see Figure 1) and availability of the technology have dramatically increased over the last decade. tDCS is being increasingly used in research on psychiatric disorders, cognitive and motor performance, epilepsy, and other health conditions; is being used clinically (primarily for major depression and chronic pain) in a number of countries (e.g., Singapore and Canada); and is available commercially, in modified forms, for consumers motivated by health, wellness, and enhancement applications. This availability persists despite the controversy that remains regarding the mechanism of action of tDCS and the fact that the evidence base to support clinical translation remains limited (Regner et al., 2018; Kekic et al., 2016). This case study’s focus on tDCS was driven primarily by two factors: first, there is both a history of use and governance that can be traced and learned from, and there is promise of continuing evolution of the technology going forward; and second, this technology has had a clear impact across at least three sectors, with significant footprints in research (academic sector), clinical care (health care sector), and DTC treatments (volunteer/consumer sector).

 

Neurotechnology and Noninvasive Neuromodulation: Case Study for Understanding and Anticipating Emerging Science and Technology - National Academy of Medicine