FDA issues new cybersecurity rules for medical devices: 4 key takeaways

Written by Eric Oliver | December 30, 2016 | Print  |

The FDA created guidelines for the postmarket management of cybersecurity vulnerabilities in medical devices.

Here is what you need to know about them.


1. The guidelines are primarily aimed towards networked medical devices which are susceptible to cybersecurity threats. By addressing the risks, centers can mitigate cybersecurity risks.


2. The FDA recommends manufacturers monitor, identify and address any potential vulnerability.


3. If a security upgrade from a device maker would pose a risk to public health, the device maker must notify the FDA in advance of the update. However, device makers do not need to notify the FDA for routine upgrades or patches.


The FDA also advises device makers to:

  • Adopt a vulnerability disclosure policy and practice including notifying the vulnerability.
  • Practice good cyber hygiene, reassess risks regularly and seek opportunities to reduce cybersecurity risk.
  • Appropriately validate software to mitigate any potential vulnerability without creating new vulnerabilities.
  • Document the methods and controls used throughout the manufacturing process.
  • Recognize some changes to strengthen security also could affect device functionality and assess the scope of change needed to determine if regulatory actions are appropriate.


4. The FDA also recommends that manufacturers implement features in the devices that mitigate any risk of patient harm if a cybersecurity breach occurs.


More articles on improving health:
Physicians rate top 5 patient privacy threats from EHRs
Trump floats ideas to transform VA, focusing on a private option
5 key takeaways on the global infection control market

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies here.

Top 40 Articles from the Past 6 Months