FDA Issues Final Guidance For Medical Device Cybersecurity

Medical device manufacturers should be thinking more about cybersecurity when designing new products, according to federal regulators, and should also put out patches and updates to fill in any electronic security holes in existing devices. 

On October 1, the FDA posted a final guidance on the cybersecurity of medical devices in the Federal Register, providing non-binding industry guide to how it should be handling security concerns surrounding new technology used in medical treatment.

The agency is calling for manufacturers to consider cybersecurity risks as part of the initial design of medical devices and to promptly inform the FDA what such risks might be and how they intend to control or mitigate those risks.

Hair-Dye-Cancer-Lawsuits
Hair-Dye-Cancer-Lawsuits

“There is no such thing as a threat-proof medical device,” FDA’s Director of Emergency Preparedness/Operations and Medical Countermeasures, Dr. Suzanne Schwartz, said in a press release. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”

The agency says it is concerned about malware infections on networked medical devices, smartphones and tablets that may give hackers access to patient information. Agency officials are also worried about cybersecurity breaches that could make such devices inoperable and thus adversely impact public health.

The FDA notes that it knows of no such incidents to date, but wants to get ahead of the problem before it becomes one.

A cybersecurity safety warning was first issued by the FDA in June 2013, calling for health care facilities and manufacturers to harden medical devices against attack.

The FDA recommends all medical facilities implement methods for retention and recovery of sensitive data in the event an incident should occur where security has been compromised.

Recently, cybersecurity became an issue involving the protection of insulin pumps. In a demonstration conducted in 2012 by McAffee, Inc., researcher Barnaby Jack revealed insulin pumps were more susceptible to hacking attempts than originally suspected.

According to the demonstration, hackers were able to remotely access the pumps from up to 300 feet away. After hacking the devices they are able to change the dosage and cause the pumps to deliver fatal doses of insulin. The security issues are known to also occur in a number of other medical devices that rely on wireless communication.

While it does not carry enforcement risks for non-compliance, the FDA guidance does put the industry on notice for how they should be operating, which can have legal ramifications when the guidance are not followed. In many cases, the existence of such a guidance makes it very difficult for a company to deny that it knew or should have known of a proper way to address a potential problem.


0 Comments


Share Your Comments

This field is hidden when viewing the form
I authorize the above comments be posted on this page
Post Comment
Weekly Digest Opt-In

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

MORE TOP STORIES

As new BioZorb lawsuits continue to be filed over complications with the recalled breast tissue markers, lawyers indicate they are on track for the first of four test cases to go before a jury in September 2025.
Women pursuing Depo-Provera meningioma lawsuits will have to provide documentary proof of their diagnosis and the versions of the birth control shot they received within 120 days of filing their case.
An Indiana woman has filed a Cartiva SCI implant lawsuit, indicating that the toe implant failed due to a defective design, resulting in the need for revision surgery and recommendations to permanently fuse her big toe.