LegalReader.com  ·  Legal News, Analysis, & Commentary

Drugs & Medical Devices

Cybersecurity Threats to Medical Devices are a Growing Concern


— February 8, 2016

According to a statement from the FDA, “Cybersecurity threats to medical devices are a growing concern. The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices.” The agency has issued draft guideline to medical device makers as to how they can protect consumers from these cybersecurity issues.


According to a statement from the FDA, “Cybersecurity threats to medical devices are a growing concern. The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices.” The agency has issued draft guideline to medical device makers as to how they can protect consumers from these cybersecurity issues.

The guidance is not legally binding on medical device makers. However, it recommends various steps the companies can take to ensure the safety of their products from unscrupulous hackers. These steps include such things as early measures to address risks, monitoring and assessing risks and coordinating efforts with other companies, the government and other groups to disclose cybersecurity issues.

The good news for consumers is that most of the issues with medical device cybersecurity are minor. They’re actually considered routine and can be fixed with software updates, called patches. Cybersecurity issues of this low level don’t require reporting according to the FDA’s new guidelines.

The headquarters of the U.S. Food and Drug Administration (FDA) is shown in Silver Spring, Maryland, November 4, 2009. U.S. health officials unveiled plans to fight avoidable injuries from medication errors or misuse, a problem that harms hundreds of thousands of people each year and can be deadly. REUTERS/Jason Reed (UNITED STATES HEALTH) - RTXQCTU
The headquarters of the U.S. Food and Drug Administration (FDA) is shown in Silver Spring, Maryland, November 4, 2009. U.S. health officials unveiled plans to fight avoidable injuries from medication errors or misuse, a problem that harms hundreds of thousands of people each year and can be deadly. REUTERS/Jason Reed (UNITED STATES HEALTH) – RTXQCTU

The new guidance would require companies to report risks that involve the devices’ clinical performance and patient safety.

The FDA already had guidance in place to help medical device makers during the product development stage with better design choices. The new guidance is for monitoring medical devices after they’ve been released to the market.

New FDA guidance on the subject was met with approval by at least on cybersafety advocacy group. The group, I Am The Cavalry, worked with the agency in developing the guidance. The group’s founder, Joshua Corman, was pleased with the FDA’s statement.

He said, “I have found the FDA has been very forward thinking to get out in front of this and not wait for proof of harm before acting.”

The FDA held a cybersecurity workshop in Silver Spring, Maryland from January 20-21, the focus of which was “unresolved gaps and challenges that have hampered progress in advancing medical device cybersecurity.”

The new guidance is open for public comment for 90 days. After that, the agency will issue its final version.

Source:

FDA proposes cybersecurity guidance for medical devices

Join the conversation!