Upcoming Webinars Archived Webinars Training Vitals Host A Webinar About Get Updates Contact

FDA Highlights Cybersecurity Measures For Medical Device Manufacturers


Medical Device

The FDA issued their cybersecurity recommendations in order to help medical device manufacturers better manage the growing issue of potential threats to device security.

Share this!

January 20, 2016 | by Sarah Massey, M.Sc.

Earlier this week, the US Food and Drug Administration (FDA) released a draft guidance document detailing measures to be taken by medical device manufacturers, in order to ensure the postmarket cybersecurity of their devices. The document contains guidelines for monitoring, identifying and addressing concerns for cybersecurity, in order to protect patient and public health.

The FDA issued their cybersecurity recommendations in order to help medical device manufacturers better manage the growing issue of potential threats to device security. Though manufacturers can – and do – design their products to be protected from potential cybersecurity threats, it is important that upgrades are made throughout the lifespan of the device in order to meet evolving techniques used by hackers.

“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities—some we can proactively protect against, while others require vigilant monitoring and timely remediation,” said Dr. Suzanne Schwartz, associate director for science and strategic partnerships and acting director of emergency preparedness/operations and medical countermeasures in the FDA’s Center for Devices and Radiological Health. “Today’s draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The draft guidance is consistent with the agency’s Quality System Regulation, and focuses on the need for medical device manufacturers to plan for future cybersecurity vulnerabilities. The FDA also stresses the importance of information sharing – among the private-sector and the public – via an Information Sharing Analysis Organization (ISAO).

Medical device manufacturers are also strongly encouraged to perform cybersecurity risk assessment and promptly respond to any identified vulnerabilities. The FDA identified seven components necessary for proper implementation of a cybersecurity risk management program:

  • Applying the Framework for Improving Critical Infrastructure Cybersecurity – written by the National Institute of Standards and Technology (NIST) in 2014 – which outlines the fundamental principles of “Identify, Protect, Detect, Respond and Recover.”
  • Monitoring reporting sources for potential cybersecurity vulnerabilities.
  • Determining the implications for an identified vulnerability.
  • Setting up procedures for handling vulnerability concerns.
  • Identifying necessary actions for protecting, responding and eventually recovering from the cybersecurity risk.
  • Putting a vulnerability disclosure policy into practice.
  • Launching a proactive plan designed to prevent medical devices from exploitation.

The agency said that in most cases, they will not require advance notification or reporting of actions taken by medical device manufacturers that are considered, “cybersecurity routine updates or patches.” In situations where the identified vulnerability is met in a timely fashion, the FDA does not plan to enforce urgent reporting, provided that the incident meets certain conditions, including the stipulation that the vulnerability did not cause any serious adverse events.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” said Schwartz. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”



The Three Sins of GMP Executives

Cancer Immunotherapy: Advancing and Accelerating Discovery Programs

Keywords: FDA, Medical Device, Cybersecurity


Share this with your colleagues!

Diabetes Drug Metformin Could Inhibit Progression of Pancreatic Cancer

January 19, 2016 - Researchers at Massachusetts General Hospital believe they have identified the mechanism behind diabetes drug metformin’s ability to stop the progression of pancreatic cancer.

Politics Of Cancer Prevents Development Of A Cure, Says VP Joe Biden

January 18, 2016 - US Vice President Joe Biden announced his cancer moonshot program – an initiative backed by an infusion of funding into cancer research – following the death of his son to brain cancer last year.

Bayer Opens Manufacturing Facility In China For OTC Drugs

January 18, 2016 - Last week, German pharmaceutical giant, Bayer, opened a manufacturing plant in China, where both traditional Chinese medicines and Western over-the-counter (OTC) drugs, will be made.

Copyright © 2016-2017 Honeycomb Worldwide Inc.