FDA issues final guidance on cybersecurity of medical devices
- The FDA has issued final guidance on the cybersecurity of medical devices, recommending that cybersecurity be taken into consideration during design and development.
- Medical device manufacturers must submit documentation to the FDA about potential cyber risks, as well as the controls in place to mitigate those risks.
- The underlying concern is that medical devices can be vulnerable to security breaches, which could compromise both the safety and effectiveness of the device.
Some of the specific concerns that the FDA has surrounding cybersecurity include malware infections on network-connected devices, or on the computers and devices used to access patient data. There is also concern about unsecured passwords, as well as failure to update security software in a timely manner.
Although the FDA does not have specific information about cases in which cybersecurity breaches have occurred and resulted in compromised safety or efficacy, public health could be seriously and adversely impacted were such breaches to occur.