When Homeland Security Takes an Interest in Medtech
Why did medtech land on Homeland Security's radar in 2014?
October 8, 2024
As long as there are connected medical devices, there will be cybersecurity concerns. Ten years ago, such concerns seemed to hit a fever pitch, even garnering attention from the U.S. Department of Homeland Security.
In October 2014, the same month FDA released a much-anticipated medical device cybersecurity guidance document, Homeland Security was also taking a greater interest in medical device cybersecurity, according to a Reuters report.
Citing a "senior official at the agency," the news outlet reported that Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) was investigating about two dozen cases of suspected cybersecurity flaws in medical devices. There had been no reported hacking instances, but Homeland Security officials considered the threat great enough to be working with companies to fix security vulnerabilities.
Some of the devices involved, according to Reuters, included implantable heart devices manufactured by Medtronic and St. Jude Medical (later acquired by Abbott) and an infusion pump made by Hospira (later acquired by Pfizer).
Earlier that same month, FDA released guidance encouraging
medical device manufacturers to develop design inputs related to cybersecurity and establish a cybersecurity vulnerability and management approach as part of required software validation and risk analysis. It also provided a recommended cybersecurity framework for manufacturers to follow and laid out recommendations for how companies should document the steps they’ve taken to ensure the cybersecurity of their devices in premarket submissions.
About the Author
You May Also Like