Please login to the form below

Not currently logged in
Email:
Password:

Digital intelligence blog

Pharma insight on digital marketing, social media, mobile apps, online video, websites and interactive healthcare tools

Threat of medical device hacking is 'growing concern'

FDA issues new cybersecurity guidance to help minimise risks

US Food and Drug Administration (FDA) 

The FDA has told medical device companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market.

The US regulator says the threat of medical devices being hacked is “a growing concern” and has issued new draft guidance on the steps firms should take.

As more and more devices that can connect to each other and other computer systems reach the market the FDA wants firms to continually evaluate their potential risks.

“The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices,” the FDA noted.

Suzanne Schwartz serves as acting director of emergency preparedness/operations and medical countermeasures in the FDA's Center for Devices and Radiological Health.

She said: “All medical devices that use software and are connected to hospital and health care organisations' networks have vulnerabilities - some we can proactively protect against, while others require vigilant monitoring and timely remediation. 

“[The] draft guidance will build on the FDA's existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The new guidance builds on the FDA's 2014 recommendations for medical device firms to address cybersecurity risks in the context of pre-market submissions.

Under the new draft guidance manufacturers should put in place “a structured and systematic comprehensive cybersecurity risk management programme” and ensure they respond in a timely manner to any vulnerabilities that are identified.

The FDA also said it was essential that companies consider improvements during the maintenance of their devices, as the “evolving nature of cyber threats means risks may arise throughout a device's entire lifecycle”.

The regulator said it would not need advance notification of actions by manufacturers to address any vulnerabilities, unless the threat could compromise a device's essential clinical performance and present a reasonable probability of serious adverse health consequences or death.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” Schwartz said. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”

• Read the FDA's Postmarket Management of Cybersecurity in Medical Devices draft guidance

25th January 2016

From: Regulatory

Share

Tags

Featured jobs

Subscribe to our email news alerts

PMHub

Add my company
Creative Medical Research

Specialising in medical device market research and participant recruitment human factors research, our approach is people-centric. We thrive on making...

Latest intelligence

A reflection of ESMO
Client Relationship Director Fabienne Wild from Ashfield Meetings & Events reflects on the recent conference season and on her experience at the European Society for Medical Oncology (ESMO)....
OUTiCO win Best in UK Pharmaceutical Outsourcing award
The Corporate LiveWire Healthcare and Life Sciences Awards celebrate global companies and individuals who have excelled over the past 12 months....
artificial-intelligence-in-healthcare.jpg
Artificial Intelligence in Healthcare
Artificial intelligence is already out-diagnosing experts, but would you put a computer in charge of your healthcare? The good, the bad; we take a look....

Infographics