MD+DI Online is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Researcher: FDA Cyber Security Guidance Will Help ‘Stop the Bleeding’

Researcher: FDA Cyber Security Guidance Will Help ‘Stop the Bleeding’
University of Michigan associate professor Kevin Fu says FDA’s guidance on medical device cyber security will help improve the security of devices but warns that it doesn’t go far enough.  

Kevin Fu has long been an advocate of tightening up the cyber security of medical devices. An associate professor in the electrical engineering and computer sciences department at the University of Michigan, he taught the first college-level course on medical device security in January 2013.


So what does he think about FDA’s newly released guidance on medical device cyber security?

“The guidance codifies much of the technical consensus drawn from cyber security experts, medical device engineers, and health care providers,” he told MD+DI via e-mail. “I think the guidance strikes a good balance in being actionable without being overly prescriptive.”

Fu says FDA’s recommendations will bring much-needed consistency on the issue of cyber security and will help the industry make its devices more secure. But he also says it doesn’t go as far as it should.

“The guidance will help stop the bleeding,” he writes. “However, the guidance falls short on system engineering. Historically, medical devices were simple, standalone components. Now they are complex interacting systems. Security problems tend to come from unexpected emergent properties when different devices interact, and this context begins to fall outside of FDA's Congressional remit.”

Fu also has concerns about some of the content of the guidance.

“Some of the guidance on passwords may lead to a false sense of security,” he warns. “It's a constantly evolving science, and I think passwords are fundamentally flawed.”

For more on medical device cyber security, attend the keynote presentation by Zimmer's chief information security officer Olayinka James at MD&M Minneapolis on October 29, 2014.

Jamie Hartford, managing editor, MD+DI
[email protected]


TAGS: News
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.