Please login to the form below

Not currently logged in
Email:
Password:

Digital intelligence blog

Pharma insight on digital marketing, social media, mobile apps, online video, websites and interactive healthcare tools

Threat of medical device hacking is 'growing concern'

FDA issues new cybersecurity guidance to help minimise risks

US Food and Drug Administration (FDA) 

The FDA has told medical device companies to take a proactive approach to planning for, and assessing, the cybersecurity of products once they reach the market.

The US regulator says the threat of medical devices being hacked is “a growing concern” and has issued new draft guidance on the steps firms should take.

As more and more devices that can connect to each other and other computer systems reach the market the FDA wants firms to continually evaluate their potential risks.

“The exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of medical devices,” the FDA noted.

Suzanne Schwartz serves as acting director of emergency preparedness/operations and medical countermeasures in the FDA's Center for Devices and Radiological Health.

She said: “All medical devices that use software and are connected to hospital and health care organisations' networks have vulnerabilities - some we can proactively protect against, while others require vigilant monitoring and timely remediation. 

“[The] draft guidance will build on the FDA's existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

The new guidance builds on the FDA's 2014 recommendations for medical device firms to address cybersecurity risks in the context of pre-market submissions.

Under the new draft guidance manufacturers should put in place “a structured and systematic comprehensive cybersecurity risk management programme” and ensure they respond in a timely manner to any vulnerabilities that are identified.

The FDA also said it was essential that companies consider improvements during the maintenance of their devices, as the “evolving nature of cyber threats means risks may arise throughout a device's entire lifecycle”.

The regulator said it would not need advance notification of actions by manufacturers to address any vulnerabilities, unless the threat could compromise a device's essential clinical performance and present a reasonable probability of serious adverse health consequences or death.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices,” Schwartz said. “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”

• Read the FDA's Postmarket Management of Cybersecurity in Medical Devices draft guidance

25th January 2016

From: Regulatory

Share

Tags

Featured jobs

Subscribe to our email news alerts

PMHub

Add my company
Cuttsy + Cuttsy

How do you understand what patients really need, without actually living their lives? How do you walk in someone else’s...

Latest intelligence

A uniquely English genomic medicine service
The UK National Health Service is developing one standardised approach to embedding precision medicine across the whole of England. Blue Latitude Health speaks to Dr Tom Fowler, Deputy Chief Scientist...
Blended Intelligence
Data is the most valued commodity of the modern world. For P&P it's all about the application....
The relevance of patient perspectives to value
Exploring the evolution of patient involvement in health technology assessment, and the role of the patient voice in market access....

Infographics