Late last week, Senator Barbara Boxer (D-CA) wrote to the leaders of Johnson & Johnson, GE Healthcare, Siemens USA, Medtronic and Philips USA, to “express serious concerns” about potential cybersecurity vulnerabilities in their medical devices. From the letter, the rationale for selecting these companies is that together they “control more than one-quarter of the global medical device market” and it is her hope that they can send “a signal” to the broader medical device industry.
Senator Boxer’s letter notes that she is “pleased” with last month’s Food and Drug Administration draft guidance. However, it is clear that the Senator remains very concerned about the risks of medical device cyberattacks. She is concerned enough to ask for “the steps [the] companies are taking or plan to take, to address the growing threat.”
With the growing number of connected medical devices and increased focus on digital heath by Congress, the FDA and Federal Trade Commission, identifying and taking steps to mitigate cybersecurity vulnerabilities should be a key part of a med tech company’s business planning.