FDA Updates Cybersecurity Guidance

By Matthew Ruth

(May 30, 2023) Going forward, medical device approval will require the device maker to provide cybersecurity information to the FDA.  Congress made this change by adding Section 524B to the Federal Food, Drug, and Cosmetic Act (FD&C Act) at the end of 2022, addressing concerns over the cybersecurity of medical devices. Risks from cybersecurity incidents involving medical devices may include “Health Insurance Portability and Accountability Act (HIPAA) violations, improper patient health assessments, miscalculated medication dosages, and other potentially fatal outcomes,” according to Lifesciences Intelligence.

The Food and Drug Administration (FDA) summarizes the rationale for this change as follows:

Medical devices are increasingly connected to the Internet, hospital networks, and other medical devices to provide features that improve health care and increase the ability of health care providers to treat patients. These same features also increase potential cybersecurity risks. Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device.

The FDA provides further information on cybersecurity at this website.

To implement the new law, the FDA on March 29, 2023 issued new guidance about a transition period: until October 1, 2023, omission of cybersecurity details (now required by Section 524B) will not result in an immediate “refusal to accept” a new FDA submission.  The FDA instead intends to work collaboratively with applicants as part of the interactive and/or deficiency review process.  The FDA’s new guidance applies to “a person who submits a premarket application or submission – including 510(k), premarket approval application (PMA), Product Development Protocol (PDP), De Novo, or Humanitarian Device Exemption (HDE) — for a . . . cyber device.”

The statute essentially defines “cyber device” as a device that: (1) includes pre-installed or official software; (2) can connect to the internet; and (3) includes pre-installed or official technological characteristics that could be vulnerable to cybersecurity threats.

Guidance for health care providers is available in updated answers to Frequently Asked Questions.




Brain Computer Interface Developer Announces $33M Series A, Granted FDA “Breakthrough” Designation

Brain computer interface developer Paradromics on May 18, 2023, announced a $33 million Series A funding round as well as a “Breakthrough Device Designation” from the FDA.

The funding is reportedly for the company’s first-in-human clinical trial of the brain computer interface technology, named the Connexus® Direct Data Interface (DDI).  The company states that “[t]he first application of the Connexus DDI is an assistive communication device that translates brain signals into speech and movement in real time, restoring social connection and enabling independent engagement with technology.”

The company reports that the funding round is being led by Prime Movers Lab, with the other investors including Westcott Investment Group, Dolby Family Ventures, and Green Sands Equity.

The FDA describes the Breakthrough Device Designation program as a “voluntary program for certain medical devices and device-led combination products that provide for more effective treatment or diagnosis of life-threatening or irreversibly debilitating diseases or conditions.”  The program is intended “to provide patients and health care providers with timely access to these medical devices by speeding up their development, assessment, and review, while preserving the statutory standards for premarket approval, 510(k) clearance, and De Novo marketing authorization, consistent with the Agency’s mission to protect and promote public health.”

The company’s press release is available here, and more information on the Breakthrough Device Designation program from the FDA is available here.

DuPont to Acquire Spectrum Plastics Group

DuPont announced on May 2, 2023 its acquisition of Spectrum Plastics Group (“Spectrum”), a specialty plastics manufacturer, from the private equity firm AEA Investors for $1.75 billion.

Headquartered in Atlanta, GA, Spectrum was formed in 2017 via a merger of Pexco LLC and PPC Industries (including its Kelpac Medical subsidiary) as a portfolio company of the private equity firm Kohlberg & Company LLC. In 2018, AEA Investors’ Middle Market Private Equity team bought Spectrum from Kohlberg & Company, LLC. According to DuPont’s press release, Spectrum’s clients include 22 of the world’s 26 top medical device original equipment manufacturers (“OEM”). The industry served by these OEMs includes thriving medical sectors such as structural heart, electrophysiology, surgical robotics, and cardiovascular.

DuPont has a robust portfolio that already includes a medical device and biopharma consumables business and a healthcare packaging business, such as its Liveo silicone solutions business and Tyvek® Medical Packaging. Ed Breen, Executive Chairman and Chief Executive Officer of DuPont stated, when announcing the acquisition of Spectrum:

We have been focused on Spectrum for a long time and our team is extremely excited for this opportunity. Spectrum is a compelling strategic complement to our existing healthcare portfolio, which already includes businesses with best-in-class innovation, deep customer relationships and with strong growth and profitability. with this combination, we’ll be able to offer customers additional innovation and manufacturing capabilities with a broader and more integrated solution set.

According to DuPont’s press release, the deal is expected to close by Q3 2023 and DuPont plans to pay the purchase price from existing cash balances. DuPont expects the acquisition to bring a double-digit multiple on its 2023 forecast EBITDA and to be immediately accretive to its adjusted earnings per share.



Security Defense Systems Sues Athenahealth and ConnectiveRx

On April 26, 2023, Security Defense Systems, LLC sued Athenahealth, Inc. in the Western District of Texas.  The lawsuit alleges that Athenahealth’s Epocrates application and epocrates.com website infringe U.S. Patent No. 8,155,887, titled “Computer Visualized Drug Interaction Information Retrieval,” which issued in 2012.

Athenahealth is a Delaware corporation. Security Defense Systems is based in Wyoming and is currently the sole and exclusive owner of the ’887 Patent, according to the complaint.  The sole inventor of the ’887 Patent is Leigh M. Rothschild, who is also listed as the inventor for many other patents according to JUSTIA Patents.   The docket for the Security Defense Systems v. Athenahealth case is available here.

The same patent was also asserted in two other district court cases.  Six days prior to filing the case against Athenahealth, Security Defense Systems sued PSKW, LLC, d/b/a ConnectiveRx, for infringing the ’887 Patent in the District of New Jersey.  The docket for the Security Defense Systems v. PSKW case is available here.  In a case filed on June 4, 2020 in the District of Massachusetts, the ’887 Patent was asserted against Irody, Inc. by Drug Information Retrieval System, LLC (“DIRS”).  DIRS voluntarily dismissed the Massachusetts complaint before Irody answered or filed motion for summary judgment.  The docket for the Drug Information Retrieval System v. Irody case is available here.

AI & the FDA

The use of artificial intelligence (AI) in healthcare has been growing rapidly in recent years, and AI-enabled medical devices are playing a larger role in patient care. Such devices may use machine learning algorithms to analyze vast amounts of patient data and provide diagnoses as well as personalized treatment recommendations. In recent years, the FDA has approved various AI-enabled medical devices, some of which are discussed below.

IDx-DR is an AI-powered diagnostic system for detecting diabetic retinopathy (a complication of diabetes that can lead to blindness) through the analysis of retinal images. The system reportedly uses machine learning algorithms to analyze images and make a diagnosis, without the need for a specialist to interpret results. IDx-DR was the first FDA-approved autonomous AI diagnostic system for use in any field of medicine.

Viz.ai LVO Stroke Platform is an AI-powered platform for analyzing CT scans of the brain to identify large vessel occlusions that can indicate a potential stroke. The system reportedly uses machine learning algorithms to analyze CT scan images and alert healthcare providers when a potential stroke is detected and that rapid treatment may be required, allowing for improved patient outcomes. Viz.ai LVO is the first FDA-approved AI platform for stroke detection and triage.

ProFound AI for Digital Breast Tomosynthesis (DBT) is an AI-based software from iCAD, Inc. for analyzing tomosynthesis images to assist radiologists in detecting breast cancer. The system reportedly uses machine learning algorithms to analyze mammograms and identify potential areas of concern (e.g., malignant soft tissue densities and calcifications), providing radiologists with a second opinion and improving diagnostic accuracy. ProFound AI was the first 3D tomosynthesis software using artificial intelligence (AI) to be cleared by the FDA, and the software’s current third generation has also received FDA clearance.

Eko DUO is an AI-enabled stethoscope for analyzing heart sounds and detecting potential cardiac abnormalities. The Eko DUO stethoscope, when used with the Eko App, reportedly uses machine learning algorithms to identify specific heart sounds and detect cardiac abnormalities including atrial fibrillation (AFib), murmurs, tachycardia, and bradycardia. Eko DUO is the first FDA-approved AI-enabled stethoscope for use in a clinical setting.

Caption Guidance is an AI-based software from Caption Health that assists in the acquisition of cardiac ultrasound (echocardiogram) images. The software reportedly uses AI to assess the diagnostic quality of such images in real-time, which helps guide healthcare providers in capturing echocardiogram images that are of sufficient diagnostic quality. The FDA authorized the marketing of Caption Guidance in February 2020, making Caption Guidance the first FDA-authorized software for guiding users through cardiac ultrasound image acquisition.

Cranial Technologies Sues Ottobock for Infringement of Cranial Remodeling Patents

Cranial Technologies, Inc. sued Ottobock SE & Co. KGaA and Active Life LLC in the U.S. District Court for the Central District of California on March 29, 2023.  The lawsuit alleges that Ottobock’s MyCRO Band and iFab system infringe U.S. Patent No. 7,242,798, titled “Automatic Selection of Cranial Remodeling Device Configuration,” which issued in 2007; and U.S. Patent No. 7,227,979, titled “Automatic Selection of Cranial Remodeling Device Trim Lines,” which issued in 2007.  Below is an example figure from U.S. Patent No. 7,242,798:


Cranial Technologies also alleges that Ottobock’s MyCRO Band and iFab system infringe U.S. Patent No. 10,603,203, titled “Custom Cranial Remodeling Devices Manufactured By Additive Manufacture,” which issued in 2020; U.S. Patent No. 10,846,925 titled “Method of Manufacture of Custom Cranial Remodeling Devices By Additive Manufacture,” which issued in 2020; and U.S. Patent No. 10,726,617, titled “Method of Manufacture of Custom Headwear by Additive Manufacturing,” which issued in 2020.  Below is an example figure from U.S. Patent No. 10,603,203:


Cranial Technologies is an Arizona corporation, Ottobock is a German corporation, and Active Life is a Delaware company.  The lawsuit asserts that Ottobock sold the infringing products to Active Life, and that Active Life operates under Ottobock’s direction and control and for Ottobock’s direct benefit.  Cranial Technologies has not previously filed any lawsuits against either Ottobock or Active Life.  The case docket is available here.

FDA Issues Final Guidance on Transitioning from COVID-19 EUAs

The FDA recently announced release of final transition guidance documents for medical diagnostic devices targeting COVID-19. The transition guidance documents are intended to guide COVID-19 diagnostic device manufactures as their devices transition from Emergency Use Authorizations (EUAs). Just over three hundred EUAs were issued for diagnostic devices during the COVID-19 pandemic.   In the announcement, the FDA characterized the issuance of EUAs as “proactive steps to help facilitate the availability of critical medical devices, including in vitro diagnostic tests.” Draft versions of the guidance documents were made available for public comment in December 2021.

The FDA’s announcement follows the recent White House announcement that the COVID-19 Public Health Emergency is set to expire on May 11, 2023. Though the initial public health emergency announcement authorized use of EUAs for various COVID-related products, the end of the public health emergency does not automatically terminate the pending EUAs. Instead, the Department of Health & Human Services (HHS) will publish notice of termination of each EUA declaration 180 days in advance. Notice will publish in the Federal Register.

The final transition guidance documents clarify recommendations for labeling, post-EUA disposal of diagnostic devices, and use of real-world evidence in FDA marketing submissions.  Additionally, the transition guidance documents clarify the relationship between the transition period guidance and the previous COVID-19 guidance from the FDA  (i.e., those found in List 1 of the Transition Plan, including guidance on digital pathology, imaging systems, non-invasive fetal and maternal monitoring, and other technologies).

Industry groups, for example AdvaMed and MITA, had previously expressed approval via public comment of the 180-day transition period proposed by the draft guidelines.

The FDA has encouraged device manufacturers that plan to seek marketing authorization to begin working on a marketing submission soon.

The FDA will be holding a webinar to answer questions about the transition on April 18, 2023.

NVIDIA Collaborates with Medtronic to Build AI Platform for Endoscopy Devices

NVIDIA announced in a press release a collaboration with Medtronic to integrate NVIDIA’s artificial intelligence (AI) technology into certain of Medtronic’s products.  NVIDIA is a graphics processing unit (GPU) company, and Medtronic is a medical device company.

In particular, the press release states that Medtronic will integrate both NVIDIA’s Holoscan AI computing software platform for building medical devices and NVIDIA IGX, an edge AI hardware platform, into Medtronic’s GI GeniusTM Endoscopy Module.  Holoscan is described in the press release as providing an infrastructure for scalable, software-defined, real-time processing of data at the edge.

“Artificial intelligence is a powerful tool that can increase the speed, efficiency and effectiveness of global health systems,” said Kimberly Powell, vice president of healthcare at NVIDIA. “We’re collaborating with Medtronic to accelerate AI innovation by enabling a software-defined business model, with the goal of improving clinical decision making, reducing medical variability and driving better patient outcomes.”

In NVIDIA’s technical blog titled “How Edge Computing is Transforming Healthcare, edge computing is described as being intended to overcome issues and drawbacks associated with bandwidth congestion, network reliability, latency, and other issues associated with remote data analysis by analyzing and developing treatment solutions on the data at the point of collection.  As NVIDIA describes it, edge computing refers to computing that takes place at the point of collection – in this case, at the device, and is intended to provide faster, more reliable computing.  NVIDIA also indicates that improvements with edge devices can lead to significant benefits in the healthcare industry, where it has been estimated that there are 10-15 edge devices connected to each hospital bed.  NVIDIA states in this blog that it expects that the global market for connected medical devices will grow to $158 billion in 2022, up from $41 billion in 2017.

The reported developer and manufacturer of the GI GeniusTM Intelligent Endoscopy Module – Cosmo Pharmaceuticals NV – states in a press release that the GI GeniusTM Intelligent Endoscopy Module is an FDA cleared AI-assisted colonoscopy tool designed to help physicians detect lesions that can lead to colorectal cancer by improving diagnostic imaging used during colonoscopy procedures.  Cosmo states that the GI GeniusTM Intelligent Endoscopy Module can help reduce the number of undetected precancerous lesions.  According to this press release, Medtronic is the exclusive worldwide distributor of the GI GeniusTM Intelligent Endoscopy Module.

Medtronic states in its education and training materials that the GI GeniusTM Intelligent Endoscopy Module is designed to assist colonoscopy procedures in real-time by using visual markers to alert physicians of potential colorectal lesions.  As stated by Medtronic in the education and training materials, the GI GeniusTM Intelligent Endoscopy Module may be useful for detecting small, flat lesions that may otherwise not be detected by the doctor.

NVIDIA announced in the press release that the first GI GeniusTM systems built with the NVIDIA technology will be available later in 2023.

FDA Seeks $7.2 Billion Budget for 2024

The FDA recently announced that it is seeking a budget of $7.2 Billion for 2024, part of which is intended for “Advancing Medical Product Availability.”  The portion of the requested budget directed to advancing access to safe and effective medical products would be used toward various initiatives, three of which are highlighted in the FDA’s announcement.

First, the requested budget includes $23 million in additional funds to advance the goal of ending the opioid crisis.  According to the announcement, funding related to ending the opioid crisis will be used to focus on “advancing the development, evaluation and market authorizations of related digital health medical devices.”

Second, the requested budget includes $11.6 million of additional funding for improving the FDA’s medical device supply chain and shortage programs.  The announcement states this supply chain-related funding “will allow the FDA to expand efforts to work proactively with medical device companies, health care providers, device distributors, and patients to enhance resiliency in the supply chain of critical medical devices and prevent shortages of critical devices that most often impact vulnerable populations.”

Third, the requested budget includes $2.5 million to implement the ACT for ALS Act.  The announcement states this funding will help the FDA “to foster development of treatments for ALS and other rare neurodegenerative diseases” in various ways, including by improving access to investigational therapies and medical devices.

Regarding the requested budget, FDA Commissioner Robert M. Califf, M.D. stated:

This year’s funding request builds on our accomplishments and lessons learned over the past year and adds new funding to continue modernizing the FDA and its capabilities for the future. We continue to deliver on a wide range of priorities and have strategically focused our request to ensure our program areas have the funding they need to operate with the highest success for the good of public health.

According to the announcement, the budget request also includes legislative proposals to support the agency’s authority, such as by requiring medical device manufacturers to report manufacturing interruptions or discontinuations regardless of whether such issues are related to a public health emergency.

Health Tracker Systems Alleges Garmin’s Smartwatch Infringes Patents

Health Tracker Systems LLC (“Health Tracker”) sued Garmin International, Inc. (“Garmin”) for patent infringement in the Central District of California on March 6, 2023.  The lawsuit alleges that Garmin’s Forerunner 45/45S smartwatch infringes U.S. Patent No. 6,582,380, entitled “System and Method of Monitoring and Modifying Human Activity-Based Behavior,” which issued in 2003, and expired in June 2021.

Health Tracker is organized under Delaware law.  Garmin is based in Kansas.  No other claims are asserted in Health Tracker’s complaint.

The asserted patent mentions a user wearing an activity monitor that can vibrate when the user’s intensity of physical movement exceeds a threshold.  The patent contemplates modifying the behavior of children with Attention Deficit Hyperactivity Disorder (ADHD), with Figure 1 (shown below), showing “a classroom with many students 110, some of whom have ADHD 115 and whose behavior is being modified.”

Since July 2022, Health Tracker has also sued six other companies, asserting those companies each sell smartwatches that infringe this same patent, including Fossil Group (over their Fossil Hybrid Smartwatch HR Collider), Samsung (over their Galaxy Fit 2 smartwatch), Michael Kors (over their Access Gen5E MKGO), and Lenovo (over their Moto 360 smartwatch).  The Garmin case docket is available here.

By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.