Please login to the form below

Not currently logged in
Email:
Password:

Digital intelligence blog

Pharma insight on digital marketing, social media, mobile apps, online video, websites and interactive healthcare tools

Threat of medical device hacking is 'growing concern'

FDA issues new cybersecurity guidance to help minimise risks

US Food and Drug Administration (FDA) 

The FDA has told medical device companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market.

The US regulator says the threat of medical devices being hacked is “a growing concern” and has issued new draft guidance on the steps firms should take.

As more and more devices that can connect to each other and other computer systems reach the market the FDA wants firms to continually evaluate their potential risks.

“The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices,” the FDA noted.

Suzanne Schwartz serves as acting director of emergency preparedness/operations and medical countermeasures in the FDA's Center for Devices and Radiological Health.

She said: “All medical devices that use software and are connected to hospital and health care organisations' networks have vulnerabilities - some we can proactively protect against, while others require vigilant monitoring and timely remediation. 

“[The] draft guidance will build on the FDA's existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The new guidance builds on the FDA's 2014 recommendations for medical device firms to address cybersecurity risks in the context of pre-market submissions.

Under the new draft guidance manufacturers should put in place “a structured and systematic comprehensive cybersecurity risk management programme” and ensure they respond in a timely manner to any vulnerabilities that are identified.

The FDA also said it was essential that companies consider improvements during the maintenance of their devices, as the “evolving nature of cyber threats means risks may arise throughout a device's entire lifecycle”.

The regulator said it would not need advance notification of actions by manufacturers to address any vulnerabilities, unless the threat could compromise a device's essential clinical performance and present a reasonable probability of serious adverse health consequences or death.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” Schwartz said. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”

• Read the FDA's Postmarket Management of Cybersecurity in Medical Devices draft guidance

25th January 2016

From: Regulatory

Share

Tags

COVID-19 Updates and Daily News

Featured jobs

PMHub

Add my company
Lucid Group Communications Limited

WE’RE ON A MISSION To transform lives through communication that changes behaviour and improves health outcomes....

Latest intelligence

Top 10 ways to leverage the Impetus InSite Platform® to (virtually) launch your brand
The Impetus InSite Platform® can be used to facilitate virtual and hybrid engagement at all stages of the product lifecycle. Here, we share 10 of the most popular ways to...
Employee wellbeing in creative agencies: three tips to get you started
Paul Hutchings, founder of fox&cat, and new friend, Welfy, a workplace wellbeing training firm, discuss the importance of collaboration...
Managing unhelpful pressure in your creative agency: the human approach
Paul Hutchings, founder of fox&cat, answers the questions: what does it mean to be human in 2021? Are we putting ourselves under too much pressure?...