FDA Urges Medical Device Manufacturers To Tighten Cybersecurity

The U.S. Food and Drug Administration (FDA) urged medical manufacturers to tighten their cybersecurity. Manufacturers were instructed to regularly supervise medical devices as well as act on the cybersecurity threats as part of their company's post-market product investigation.

The health agency also required the manufacturers to send a corresponding report about their findings. The FDA urged the manufacturers to create in-house teams and programs that would analyze cybersecurity risks and threats related to their products.

Medical devices such as heart pacemakers and pumps are linked to hospital networks and the Internet. They can easily be hacked, compromising their effectivity and safety. The threat also puts stored sensitive and private data at risk.

"Proactively addressing cybersecurity risks in medical devices reduces the patient safety impact and the overall risk to public health," wrote the FDA in the issued guidance.

In July 2015, health providers received an FDA warning about Hospira's Symbiq Infusion System. Due to cybersecurity issues, health providers were advised to stop using the medical product.

Several medical devices manufacturers raised concerns that FDA keeps them from rendering small modifications or "patches" in the software and other product applications as these could affect the use of previously FDA-approved products. However, the recent FDA guidance noted that these patches can be done without obliging manufacturers to notify to the agency. Manufactures, however, are required to inform the FDA if the cybersecurity threat can potentially lead to serious health effects or death.

According to the FDA guidance, manufacturers will not be required to report issues to the federal agency if they notify the consumers and fix the issue within 30 days after identifying the threat. The same goes for manufacturers that extend the information to other companies in order to prevent any cybersecurity threats that could arise.

The FDA guidance will be further discussed during a cybersecurity workshop called "Moving Forward: Collaborative Approaches to Medical Device Cybersecurity," set on Jan. 20 to 21 at the health agency's Silver Spring, Maryland headquarters. The document is open to the public for comments for 90 days.

Dr. Suzanne Schwartz from FDA's Center for Devices and Radiological Health added that by working openly and collaboratively in a trusted environment, patient safety will be best protected and the community can prevent cybersecurity threats from causing harm. Schwartz is the Center's acting director of emergency preparedness /operations and medical countermeasures.

Photo: Ervins Strauhmanis | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics