CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

FDA Publishes Cybersecurity Guidance for Medical Device Manufacturers

The U.S. Food and Drug Administration (FDA) released a set of recommendations for manufacturers for managing cyber-security risks and protecting patient health and information. 

The U.S. Food and Drug Administration (FDA) released a set of recommendations for manufacturers for managing cyber-security risks and protecting patient health and information. 

The guidance is titled ‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices’ and recommends that manufacturers consider cybersecurity risks as part of the design and development of medical devices and submit documentation to the FDA about those risks and the controls in place to mitigate them. The guidance also recommends manufacturers submit their plans for providing updates to operating systems and software.

“There is no such thing as a threat-proof medical device,” said Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the FDA’s Center for Devices and Radiological Health, in a statement. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”

The FDA said it has been working closely with other federal agencies as well as the medical device industry to identify and discuss vulnerabilities. This fall, the agency is planning a public workshop to discuss how government, medical device developers, hospitals, cybersecurity professionals and others can collaborate to improve the security of medical devices and protect the public.

“FDA recognizes that medical device security is a shared responsibility between stakeholders, including health care facilities, patients, providers, and manufacturers of medical devices,” according to the document. “Failure to maintain cybersecurity can result in compromised device functionality, loss of data (medical or personal) availability or integrity, or exposure of other connected devices or networks to security threats. This in turn may have the potential to result in patient illness, injury, or death.”

Advertisement. Scroll to continue reading.

In particular, medical devices that are capable of connecting to another device or the Internet are more vulnerable to security threats, the guidance notes. In its recommendations, the FDA stresses the importance of authentication controls and detection.

“The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network-connected devices, and the frequent electronic exchange of medical device – related health information,” according to the document. “This guidance has been developed by the FDA to assist industry by identifying issues related to cybersecurity that manufacturers should consider in the design and development of their medical devices as well as in preparing premarket submissions for those devices.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.