Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

FDA finalizes cyber risk advice for medical device manufacturers

Reprints

The U.S. Food and Drug Administration has finalized recommendations to medical device manufacturers for managing cybersecurity risks to protect patient health and information.

The final guidance was published in the Federal Register Thursday. The FDA said in a statement Wednesday that the guidance recommends manufacturers consider cybersecurity risks as part of the design and development of a medical device, and submit documentation to the FDA about the risks identified and controls in place to mitigate those risks. It also recommends manufacturers submit their plans for providing patches and updates.

“There is no such thing as a threat-proof medical device,” said Dr. Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the FDA’s Center for Devices and Radiological Health, in the statement. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”

The FDA said in the statement that its concerns about cybersecurity vulnerabilities include malware infections on network-connected medical devices or computers, smartphones, and tablets used to access patient data; unsecured or uncontrolled distribution of passwords; failure to provide timely security software updates and patches to medical devices and networks; and security vulnerabilities in off-the-shelf software designed to prevent unauthorized access to the device or network.

“The FDA has neither an indication that specific devices or systems have been purposely targeted, nor reports that any patients have been harmed as a result of cybersecurity breaches, but remains concerned about device-related cybersecurity vulnerabilities and their potential to adversely impact public health,’ said the statement.

Read Next

  • Hacking group wants to play nice with automakers

    (Reuters) — A group of well-known hackers and security professionals are trying to build better ties with the auto industry in an effort to enlist their help in improving vehicle security, one of the hottest areas of cyber research.