News
The Food and Drug Administration is calling on device manufacturers that have network-connected devices to consider cybersecurity risks as part of product design.
The agency finalized guidance recommending that manufacturers submit documentation to the FDA about identified risks and the controls in place to mitigate the risks, as well as about how manufacturers plan to update software as risks are discovered.
“There is no such thing as a threat-proof medical device,” Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the FDA’s Center for Devices and Radiological Health, said in a statement. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”
While directed at manufacturers, the guidance notes that medical device security “is a shared responsibility” across all stakeholders, including health care facilities, physicians, patients, and manufacturers.
FDA will host a 2-day workshop on Oct. 21-22, 2014, to discuss the guidance and collaborative approaches to medical device cybersecurity.