FDA announces security recommendations for medical device industry

The FDA issued a draft guidance on Jan. 15 outlining cybersecurity measures that medical device industry manufacturers should take to secure the safety of patients.

The draft guidance provides steps for identifying, monitoring and addressing specific cybersecurity risks in products that have entered the free market. Without taking steps to eliminate easy access to medical devices, manufacturers could be putting the well being of it’s patients at risk.

“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities — some we can proactively protect against, while others require vigilant monitoring and timely remediation,” Suzanne Schwartz, associate director for science and strategic partnerships and acting director of emergency preparedness/operations and medical countermeasures at the FDA’s Center for Devices and Radiological Health, said. “Today’s draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The draft guidance also emphasizes the need for companies to proactively plan for and assess vulnerabilities in a post-market setting.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” Schwartz said. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”