FDA Issues Final Guidance For Medical Device Cybersecurity

Medical device manufacturers should be thinking more about cybersecurity when designing new products, according to federal regulators, and should also put out patches and updates to fill in any electronic security holes in existing devices. 

On October 1, the FDA posted a final guidance on the cybersecurity of medical devices in the Federal Register, providing non-binding industry guide to how it should be handling security concerns surrounding new technology used in medical treatment.

The agency is calling for manufacturers to consider cybersecurity risks as part of the initial design of medical devices and to promptly inform the FDA what such risks might be and how they intend to control or mitigate those risks.

Did You Know?

Ticketmaster Data Breach Impacts Millions of Customers

A massive Ticketmaster data breach exposed the names, addresses, phone numbers, credit card numbers and other personal information of more than 560 million customers, which have now been released on the dark web. Lawsuits are being pursued to obtain financial compensation.

Learn More

“There is no such thing as a threat-proof medical device,” FDA’s Director of Emergency Preparedness/Operations and Medical Countermeasures, Dr. Suzanne Schwartz, said in a press release. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”

The agency says it is concerned about malware infections on networked medical devices, smartphones and tablets that may give hackers access to patient information. Agency officials are also worried about cybersecurity breaches that could make such devices inoperable and thus adversely impact public health.

The FDA notes that it knows of no such incidents to date, but wants to get ahead of the problem before it becomes one.

A cybersecurity safety warning was first issued by the FDA in June 2013, calling for health care facilities and manufacturers to harden medical devices against attack.

The FDA recommends all medical facilities implement methods for retention and recovery of sensitive data in the event an incident should occur where security has been compromised.

Recently, cybersecurity became an issue involving the protection of insulin pumps. In a demonstration conducted in 2012 by McAffee, Inc., researcher Barnaby Jack revealed insulin pumps were more susceptible to hacking attempts than originally suspected.

According to the demonstration, hackers were able to remotely access the pumps from up to 300 feet away. After hacking the devices they are able to change the dosage and cause the pumps to deliver fatal doses of insulin. The security issues are known to also occur in a number of other medical devices that rely on wireless communication.

While it does not carry enforcement risks for non-compliance, the FDA guidance does put the industry on notice for how they should be operating, which can have legal ramifications when the guidance are not followed. In many cases, the existence of such a guidance makes it very difficult for a company to deny that it knew or should have known of a proper way to address a potential problem.

0 Comments

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Angiodynamics LifePort Lawsuit Filed Over Risk of the Port Catheters Failing, Causing Severe Injury
Angiodynamics LifePort Lawsuit Filed Over Risk of the Port Catheters Failing, Causing Severe Injury (Posted today)

Complaint comes as a panel of federal judges are scheduled to hear oral arguments later this month, to determine whether all AngioDynamics port catheter lawsuits filed in U.S. District Courts nationwide should be centralized before one judge.

Depo-Provera Meningioma Brain Tumors Risks May Have Been Ignored by Pfizer for Decades
Depo-Provera Meningioma Brain Tumors Risks May Have Been Ignored by Pfizer for Decades (Posted 4 days ago)

After decades of medical research and reported Depo-Provera side effects, Pfizer should have known that its birth control shot increases the risks of meningioma brain tumors, yet failed to warn women or the medical community.