FDA Drafts Cybersecurity Guidlines for Medical Devices
The U.S. Food and Drug Administration on Friday issued draft guidelines to medical device makers on how to protect patients from cybersecurity vulnerabilities in their devices.
“Cybersecurity threats to medical devices are a growing concern,” the agency said in a statement. “The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices.”
The draft guidance, which is not legally binding, recommends companies take a number of actions, including monitoring and assessing risk, coordinating efforts by companies, government and other groups do disclose vulnerabilities, and taking measures to address cybersecurity risk early.
Most cybersecurity vulnerabilities are considered routine and can be remedied by updates or patches which would not need to be reported under the proposed guidance, the agency said. Companies would be required to report vulnerabilities that could compromise clinical performance of the device and risk a patient’s health.
The guidance covers how companies should monitor devices once they have been cleared for marketing. The agency previously issued guidance for companies still in the development stage to help inform design choices.
Joshua Corman, founder of I Am The Cavalry, a cybersafety advocacy group who worked with the FDA on the guidance, said he was extremely encouraged by the agency’s action.
“I have found the FDA has been very forward thinking to get out in front of this and not wait for proof of harm before acting,” he said.
The proposed guidance will be open for public comment for 90 days, after which the FDA will issue final guidance. The agency is holding a public cybersecurity workshop at its headquarter in Silver Spring, Maryland on Jan. 20-21. The workshop will focus on “unresolved gaps and challenges that have hampered progress in advancing medical device cybersecurity.”
(Reporting by Toni Clarke in Washington; editing by Paul Simao and David Gregorio)
- Florida’s Home Insurance Industry May Be Worse Than Anyone Realizes
- DraftKings Sued Over ‘Risk-Free’ Bets That Were Anything But
- EVs Head for Junkyard as Mechanic Shortage Inflates Repair Costs
- California Sees Two More Property Insurers Withdraw From Market
- Mother of 8-Year-Old ‘Violently Sucked’ into Houston Hotel Pool Files Wrongful Death Suit
- CoreLogic Report Probes Evolving Severe Convective Storm Risk Landscape
- Report: Vehicle Complexity, Labor ‘Reshaping’ Auto Insurance and Collision Repair
- Property Restoration Industry: A Culture in Need of Repair?