Please login to the form below

Not currently logged in
Email:
Password:

Digital intelligence blog

Pharma insight on digital marketing, social media, mobile apps, online video, websites and interactive healthcare tools

Threat of medical device hacking is 'growing concern'

FDA issues new cybersecurity guidance to help minimise risks

US Food and Drug Administration (FDA) 

The FDA has told medical device companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market.

The US regulator says the threat of medical devices being hacked is “a growing concern” and has issued new draft guidance on the steps firms should take.

As more and more devices that can connect to each other and other computer systems reach the market the FDA wants firms to continually evaluate their potential risks.

“The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices,” the FDA noted.

Suzanne Schwartz serves as acting director of emergency preparedness/operations and medical countermeasures in the FDA's Center for Devices and Radiological Health.

She said: “All medical devices that use software and are connected to hospital and health care organisations' networks have vulnerabilities - some we can proactively protect against, while others require vigilant monitoring and timely remediation. 

“[The] draft guidance will build on the FDA's existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The new guidance builds on the FDA's 2014 recommendations for medical device firms to address cybersecurity risks in the context of pre-market submissions.

Under the new draft guidance manufacturers should put in place “a structured and systematic comprehensive cybersecurity risk management programme” and ensure they respond in a timely manner to any vulnerabilities that are identified.

The FDA also said it was essential that companies consider improvements during the maintenance of their devices, as the “evolving nature of cyber threats means risks may arise throughout a device's entire lifecycle”.

The regulator said it would not need advance notification of actions by manufacturers to address any vulnerabilities, unless the threat could compromise a device's essential clinical performance and present a reasonable probability of serious adverse health consequences or death.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” Schwartz said. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”

• Read the FDA's Postmarket Management of Cybersecurity in Medical Devices draft guidance

25th January 2016

From: Regulatory

Share

Tags

PMEA Awards 2020

COVID-19 Updates and Daily News

Featured jobs

PMHub

Add my company
COUCH Health

We are a patient engagement agency committed to making clinical study experiences human. By guiding organisations in making everything they...

Latest intelligence

Mistrust in medical research: a patient perspective
The recent development of several COVID-19 vaccines has placed medical research firmly in the spotlight, highlighting public confusion and misinformation about clinical trials. Patient advocate, Trishna Bharadia reveals what the...
Real-world evidence: breaking boundaries in rare disease
Generating data for drug launches is a challenging process. In rare diseases, with small patient populations and high unmet need, evidence generation is even more complex. Consultant Sarah Poole and...
The heavy toll of COVID-19 on cancer patients
We all know that finding and treating cancer early saves lives. During the COVID-19 pandemic, oncology treatments paused while cancer continued to spread. So, what has been the impact of...

Infographics