FDA Wants Better Cybersecurity in Medical DevicesFDA Wants Better Cybersecurity in Medical Devices

A safety communication released today by FDA calls for device manufacturers and healthcare facilities to take more steps to reduce the possibility of cyber attack within medical devices.

June 13, 2013

2 Min Read
MDDI logo in a gray background | MDDI

While no deaths have been reported due to medical device hacking as of yet, FDA says it has become aware of a rising number number of cybersecurity vulnerabilities including malware (malicious software) installed in networked medical devices, hospital computers, smartphones, and tablets. The agency also called out hospitals and device makers for having uncontrolled distribution of passwords and failing to provide security updates in a timely manner for networked devices.

FDA says it has been working with other federal agencies to identify security risks and urges device manufacturers to take appropriate security measures including implementing failsafes that will ensure proper device operation, even when compromised, and working to provide timely responses to cybersecurity breaches and attacks.

 

While some are likely to hyperbolize the issue – citing possibilities of hackers remotely disabling or altering medical devices – others view cybersecurity as not the biggest necessity when it comes to electronic and networked medical devices.

 

In a statement released today Janet Trunzo, senior executive vice president, technology and regulatory affairs, for the Advanced Medical Technology Association (AdvaMed) called the threat of malicious hacking a “low risk” to patient safety, particularly when balanced against the benefits offered by new digital technologies. “Patient safety is the number one priority of the medical technology industry, and manufacturers have in place numerous safeguards to ensure the security and integrity of their devices,” she says. “The ubiquity of digital technologies offers patients significant benefits, and the risk of a malicious cyber-attack is low when compared to these benefits. At the same time, manufacturers recognize the need for increased security with these devices.”

 

Trunzo goes on to state that manufacturers are already ahead of FDA on this issue and many have risk management systems in place to evaluate cybersecurity in products, “All manufacturers of electronic medical devices, as part of the work they do for product development and product approval, maintain a risk management system in which they evaluate potential events that could harm a patient and the probability of those events taking place.”

 

FDA recommends manufacturers consult its draft guidance on addressing cybersecurity in pre-market submissions and how manufacturers should address cybersecurity issues related to products that use off-the-shelf software.
 

-Chris Wiltz, Associate Editor, MD+DI

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like