On October 1 the US Food and Drug Administration (FDA) issued final guidance regarding cybersecurity for medical devices. The FDA guidelines urge device manufacturers to include safety controls on devices to prevent cyber threats and recommend manufacturers outline the necessary steps that will be taken if their devices are found to be vulnerable to breaches. This guidance finalizes the draft guidance published last year published in response to the U.S. Department of Homeland Security’s warning about cyber-attacks on medical devices.

The FDA’s concerns about cybersecurity vulnerabilities include malware infections on network-connected medical devices or computers, smartphones, and tablets used to access patient data; unsecured or uncontrolled distribution of passwords; failure to provide timely security software updates and patches to medical devices and networks; and security vulnerabilities in off-the-shelf software design to prevent unauthorized access to the device or network. While the FDA has not yet had any reports of specific medical devices being targeted, there is concern about what could happen in the future as medical devices are increasingly connected to computer networks.

At a minimum, this guidance outlines that medical device manufacturers should require secure authentication for access, use encryption, and ensure that security patches are added when necessary. The FDA is working closely with other agencies and stakeholders and is planning a public workshop this fall entitled “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” to discuss how to strengthen medical device cybersecurity.

Posted by Stephanie Cason

One Comment

  1. […] the FDA’s final guidance regarding mobile medical device cybersecurity which we discussed here.  It has also been reported that the Department of Homeland Security is currently investigating at […]

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s