Please login to the form below

Not currently logged in

Digital intelligence blog

Pharma insight on digital marketing, social media, mobile apps, online video, websites and interactive healthcare tools

Threat of medical device hacking is 'growing concern'

FDA issues new cybersecurity guidance to help minimise risks

US Food and Drug Administration (FDA) 

The FDA has told medical device companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market.

The US regulator says the threat of medical devices being hacked is “a growing concern” and has issued new draft guidance on the steps firms should take.

As more and more devices that can connect to each other and other computer systems reach the market the FDA wants firms to continually evaluate their potential risks.

“The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices,” the FDA noted.

Suzanne Schwartz serves as acting director of emergency preparedness/operations and medical countermeasures in the FDA's Center for Devices and Radiological Health.

She said: “All medical devices that use software and are connected to hospital and health care organisations' networks have vulnerabilities - some we can proactively protect against, while others require vigilant monitoring and timely remediation. 

“[The] draft guidance will build on the FDA's existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The new guidance builds on the FDA's 2014 recommendations for medical device firms to address cybersecurity risks in the context of pre-market submissions.

Under the new draft guidance manufacturers should put in place “a structured and systematic comprehensive cybersecurity risk management programme” and ensure they respond in a timely manner to any vulnerabilities that are identified.

The FDA also said it was essential that companies consider improvements during the maintenance of their devices, as the “evolving nature of cyber threats means risks may arise throughout a device's entire lifecycle”.

The regulator said it would not need advance notification of actions by manufacturers to address any vulnerabilities, unless the threat could compromise a device's essential clinical performance and present a reasonable probability of serious adverse health consequences or death.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” Schwartz said. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”

• Read the FDA's Postmarket Management of Cybersecurity in Medical Devices draft guidance

25th January 2016

From: Regulatory



Featured jobs

Subscribe to our email news alerts


Add my company

Transforming healthcare through effective collaboration. Making work to feel proud of.

Latest intelligence

figure 1
The valuable brand
Creating value beyond the pill is both possible and increasingly necessary...
The rise of real-world evidence
Demonstrating efficacy and value requires more than clinical trial data...
Digital health
The untapped potential to transform healthcare...