Pharma insight on digital marketing, social media, mobile apps, online video, websites and interactive healthcare tools
by Dominic Tyer
US regulators have issued new cybersecurity guidance for medical device manufacturers that they say will provide an 'all-out, life cycle approach' to the issue.
The FDA says there is an increased and ever-present risk of security breaches and, updating the draft guidance it issued last year, confirms manufacturers should consider cybersecurity through the total product life cycle of their devices.
Last Autumn Johnson & Johnson is thought to have become the first firm to sound the alarm about a cyber vulnerability.
In October the manufacturer was forced to issue a warning to patients using one of its insulin pumps that the device could be attacked, potentially allowing a hacker to overdose patients with insulin.
Suzanne Schwartz, FDA's associate director for science and strategic partnerships at the Center for Devices and Radiological Health, writes: “In today's world of medical devices that are connected to a hospital's network or even a patient's own internet service at home, we see significant technological advances in patient care and, at the same time, an increase in the risk of cybersecurity breaches that could affect a device's performance and functionality.”
The regulator wants manufacturers to build in cybersecurity controls right from when they design and develop a device and to then 'continuously monitor and address' cybersecurity concerns once a device starts being used by patients.
“With this guidance, we now have an outline of steps the FDA recommends manufacturers take to remain vigilant and continually address the cybersecurity risks of marketed medical devices,” Schwartz added.