Welcome to BioMarketing Insight's monthly newsletter.

There has been much discussion regarding medical device companies responsibility to ensure cybersecurity for their products. I will be discussing FDA guidelines and how devices must pass FDA's new cybersecurity lab test before being approved.

Read on to learn more about this topic and other current news. On the right are quick links to the topics covered in this month's newsletter. The next newsletter will be published on October 15th.

We encourage you to share this newsletter with your colleagues by using the social media icons at the top left, or by simply forwarding the newsletter via email.

Please email me, Regina Au, if you have any questions, comments, or suggestions.

Sincerely,

Regina Au

Principal, Strategic Marketing Consultant

BioMarketing Insight 

There's An App for That: How Mobile Apps Can Make Our Life Easier, Business More Profitable and Health Care Smarter.  

I will be speaking at The Boston Club's Knowledge Exchange meeting regarding mobile app trends in the medical device and healthcare industries along with a Barrie Mirman, Microsoft and Susu Wong, Tomo360m who will discuss mobile apps from a business and personal perspective. For more information and to register for this event, click here.

Modern technology, namely the internet and Wifi, was developed to make life easier and more efficient. This is one reason why Obamacare has mandated the use of electronic health records (EHR) or electronic medical records (EMR). I also mentioned that with this modern technology, Mobile Apps have crossed over to the medical device industry to provide real-time data for diagnostics and therapeutics.

Why so much fuse regarding security? The momentum started when the Wall Street Journal (WJS) reported that a Veteran's Administration catheterization laboratory in New Jersey was infected by malware and the lab had to shut down, causing inconvenience and possibly complicating patient care.  In addition, William H. Maisel, chief scientist at the FDA's Center for Devices and Radiological Health said "Over the last year, we've seen an uptick that has increased our concern. The type and breadth of incidents has increased." He said officials used to hear about problems only once or twice a year, but "now we're hearing about them weekly or monthly."  

While the FDA is "not aware of any patient injuries or deaths associated with" lapses in cybersecurity, or that any "specific devices or systems in clinical use have been purposely targeted at this time," the FDA is "aware of hundreds of medical devices that have been infected by malware.... it's not difficult to imagine how these types of events could lead to patient harm." said Maisel 

It was also reported by the WSJ that a VA hospital in Florida had 104 devices infected with the Conficker virus, including a GE Precision MPI X-ray machine, a Hologic mammography device, and a Siemens gamma camera for nuclear medicine studies.  

In August, the FDA had decided to develop a "cybersecurity laboratory" to test new medical products for bugs or vulnerabilities before they are approved. Medical device companies will have to implement a cyber strategy in preparation for software testing and review by the FDA. This cybersecurity laboratory will subject the devices to what is termed "fuzz testing," which bombards the system with malformed or unexpected inputs in search of weak points that could leave a system open to attack.

It can be as simple as 6 lines of coding. In just a few days, Security experts Billy Rios and Terry McCorkle discovered flaws in the Philips Xper hospital management system, and when exploited, it shut the system down. Rios and McCorkle "who usually test security in industrial control systems, divulged the hack earlier this year after discovering that they could crash the systems, manipulate them and possibly use them as a gateway to access and hack other networked devices."

"This is excellent news for the medical device industry," said Codenomicon's CEO David Chartier, one of the security companies that put in for a bid to build the cyber laboratory.  "Cybersecurity for medical devices has been lacking in standardized testing procedures, and the FDA introducing fuzz testing capabilities is a big step forward."

The agency selected Codenomicon's fuzzing program because it not only subjects the systems to a battery of tests, but it also generates output reports that define potential weaknesses and even solutions. The fuzzing program runs on a popular Java code application and can be easily deployed on the FDA's existing computers.

The FDA also requested Codenomicon's program to test Bluetooth connections, WiFi clients and HTTP servers, as well as a few radio and Bluetooth transmitters and some training and implementation services.

"When software is fuzz tested proactively, vulnerabilities can be found and fixed before deployment, resulting in more secure and robust, high quality software," the FDA said. "Fuzz tested product has less critical vulnerabilities that need to be patched. This means less cost from patch development and release, and product recalls."  

Questions, comments or suggestion?  Please feel free to email me.   

Top 

Today, most people who own a computer or any type of electronic device that has access to the internet hopefully has antivirus, antimalware, firewall, and security programs. Now that medical devices and hospital networks are all connected to the internet and the cloud, the same precautions should be taken. That is the price we have to pay for modern technology and conveniences.

We've been hearing in the news about software vulnerabilities with medical devices. The first incident was with pacemakers, particularly now that they are wireless. Software specialists found it very easy to hack into a device and one can only image what a dishonest person can do with these vulnerabilities when it comes to healthcare as mentioned above.

Cybersecurity is a huge issue. In listening and talking with a number of cybersecurity experts, I've learned that there is no fool-proof security, but you need to have as much security in place as possible. And you need to update your system on a regular basis. There are brilliant people out there who will find a way if they really want to hack into your system.

The FDA is taking a positive step in putting out guidance for cybersecurity and implementing a standardized testing program for devices and hospital networks to ensure patient safety. If a few lines of flawed coding can bring a hospital department down, or even an entire hospital system, this may compromise the care of patients and cost the hospitals thousands of dollars to fix the problem in addition to revenue lost due to the shut down. It could also lead to the recall of devices, or customers not using the device due to security breaches.

Implementing a cybersecurity strategy will add on cost to the development of a new device, but it is a small price to pay if the FDA denies approval of the new device should vulnerabilities be discovered, or customers
refusing to use a device should there be a breach.

As Brian Shoemaker, software validation expert told me and wrote in his blog, "Medical device cybersecurity is part of design safety......security threats don't require much imagination any more."   

Questions, comments or suggestion?  Please feel free to email me. 

Johns Hopkins physicians Giorgios Mantokoudis, left, and Ali Tehrani, photo by Adrian Lasker

A patient comes in with symptoms of dizziness, vertigo and nausea. Your first thought would probably be an ear infection right? Well these symptoms could also be a sign of a stroke. In an ER when time is critical in determining whether it's a stroke or an ear infection, most physicians will order a CT scan or an MRI. This can be quite expensive if it turns out to be an ear infection.

According to a John Hopkins study on the "Cost of Treating Dizziness in the Emergency Room Soars," the study found that the number of ER patients that came in for dizziness from 1995 to 2011 increased by 97% (from 2 million to nearly 4 million) and the number of CT and MRI scans ordered in that same time period increased from 10% to 40%. But only about 5 percent of those people whose major complaint of dizziness are actually having strokes.  "Nearly half of all patients with dizziness now get CT scans, according to the report, published in the July issue of the journal Academic Emergency Medicine."    

For hemorrhagic strokes that restrict blood flow to the back portions of the brain, CT scans are a useful diagnostic tool, according David Newman-Toker, an associate professor of neurology and otolaryngology at the Johns Hopkins University School of Medicine. However, the majority of strokes are ischemic stroke, which occur when blood flow is cut off from part of the brain and MRI scans are more accurate for diagnosis. "CT scans are so bad at detecting [ischemic strokes] that they miss about an estimated 85 percent of strokes in the first 24 hours after symptoms begin, and about 60 percent in the days that follow," said Newman-Toker.   

Now there is a pair of goggles with motion sensors that can track eye movement. "If you pay attention to a few specific eye movements, you can discriminate those who have strokes versus those who have inner-ear problems," Newman-Toker said.

If the eye does not react to a specific head motion with its usual reflex, this indicates that the vestibular nerve, a connection from the inner ear to the brain, may be inflamed and impaired by an infection.

If the eye reflex remains intact, the doctor should check for stroke, which affects brain tissue and generally not the vestibular nerve. An MRI is recommended if suspect an ischemic strokes and a CT scan if suspect a hemorrhagic strokes. 

For more details on this article from the Washington Post, click here.  

Top 

Eleven Medical Device and Thirteen Pharma/Biotech Funding Deals

To determine whether funding is picking up, I will be focusing on all types of funding that are $1 million or greater in seed investments and series A or B (or the valley of death) that are pre-IPO. Even though VCs are investing, they continue to invest in their existing portfolio companies and less in start-ups. Incubators, state funding, and business competitions are great for initial seed money but not enough to keep the company going long-term.  These are worldwide funding deals. 

Partnerships and licensing deals with upfront payments and milestones will not be included.

Funding deals are in chronological order by date.

$0 = No financial terms disclosed. For more information, read more ....

Funding deals are in chronological order by date.

$0 = No financial terms disclosed. For more information, read more...     

Mergers & Acquisitions continue to be made for both medical device (12) and pharma/biotech (13).  

Private equity firm Juniper acquired Theragenics for $68 million.  Major companies such as GE Healthcare, Medtronic, St. Jude, CR Bard, Amgen, MedImmune (Astra Zeneca) all made acquisitions this month.

The biggest acquisition was made by Amgen, who acquired Onyx Pharmaceuticals for $10.4 billion. To read more, click on the link below.      

Acquisitions are in chronological order by date with Medical Device/Diagnostics followed by Pharma/Biotech.

Top  

About BioMarketing Insight

We help companies de-risk their product development process by conducting the business due diligence to ensure that it is the right product for the right market and the market opportunity for the product meets the business goals of the company. We can then develop marketing strategies to drive adoption for the product.

Top