The FDA on cybersecurity: Agency releases med device cybersecurity guidelines

Cybersecurity is becoming a recurring theme amongst the medical device industry as 2016 gets underway.

The FDA today posted draft guidance covering steps it believes medical device manufacturers should take to address cybersecurity risks. The guidance details the agency’s suggestions for monitoring, identifying and addressing cyber vulnerabilities for devices entering the market.

“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities—some we can proactively protect against, while others require vigilant monitoring and timely remediation. Today’s draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market,” CDRH science and strategic partnerships associate director Dr. Suzanne Schwartz said in a press release.

The FDA recommended proactively planning for and assessing cybersecurity vulnerabilities, participation in Information Sharing Analysis Organizations, and implementation of structured, systematic cybersecurity risk management programs to respond to vulnerabilities in a timely manner.

The federal watchdog outlined 7 points for developing an appropriate risk management program. Included in the list were recommendations for improved monitoring of cybersecurity information sources, understanding, analyzing and detecting the presence and impact of vulnerabilities, establishing appropriate communication processes around vulnerabilities, defining essential clinical performances to mitigate risk and improve protection, adopting coordinated vulnerability disclosure policies and deploying mitigations that are preventative to cybersecurity vulnerabilities.

The Agency said that most risks won’t require any oversight from the group, but for a select number of vulnerabilities and exploits, such as ones that could result in possible serious adverse health consequences or death, it will require notification from manufacturers.

“The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices. Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats,” Schwartz said in a prepared statement.

The FDA said it will discuss the guidance more at its workshop, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity,” January 20-21 at its headquarters in Silver Spring, Md.

The post The FDA on cybersecurity: Agency releases med device cybersecurity guidelines appeared first on MassDevice.

from MassDevice http://ift.tt/1PgKJ3S