The Food and Drug Administration (FDA) of the United States of America recently released the updated draft of premarket guidance for medical device cybersecurity. The draft comprises new recommendations for internet-connected medical device manufacturers on how to assess cybersecurity in the review of the medical devices to ensure protection against cyber threats. FDA also notified manufacturers to provide its customers with a list of software and hardware components that could be vulnerable to exploitation.
“The need for effective cybersecurity to ensure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network-connected devices, portable media (e.g. USB or CD), and the frequent electronic exchange of medical device-related health information. In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the US and globally. Such cyberattacks, and exploits can delay diagnoses and/or treatment and may lead to patient harm,” the guidance reads.
According to the FDA, the new recommendations enable device manufacturers in the premarket review process to ensure that medical devices are designed to tackle cyber-attacks.
“Cybersecurity threats and vulnerabilities in today’s modern medical devices are evolving to become more apparent and more sophisticated, posing new potential risks to patients and clinical operations,” FDA Commissioner Scott Gottlieb, M.D., said in a statement. “The FDA has been working to stay a step ahead of these changing cybersecurity vulnerabilities, including engaging with external stakeholders. In this way, we can help ensure the healthcare sector is well positioned to proactively respond when cyber vulnerabilities are identified in products that we regulate.”
As a part of the ongoing efforts to strengthen cybersecurity in the healthcare department, the FDA and the U.S. Department of Homeland Security (DHS) recently joined hands to address cybersecurity issues in medical devices.
“Our strengthened partnership with DHS will help our two agencies share information and better collaborate to stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities and assist the health care sector in being well positioned to proactively respond when cyber vulnerabilities are identified. This agreement demonstrates our commitment to confronting cybersecurity risks and the unscrupulous cybercriminals who may seek to put patient lives at risk,” Gottlieb said in a statement about the partnership,” Scott Gottlieb stated.