- AustraliaNorth AmericaWorld
Investing News NetworkYour trusted source for investing success
- Lithium Outlook
- Oil and Gas Outlook
- Gold Outlook Report
- Uranium Outlook
- Rare Earths Outlook
- All Outlook Reports
- Top Generative AI Stocks
- Top EV Stocks
- Biggest AI Companies
- Biggest Blockchain Stocks
- Biggest Cryptocurrency-mining Stocks
- Biggest Cybersecurity Companies
- Biggest Robotics Companies
- Biggest Social Media Companies
- Biggest Technology ETFs
- Artificial Intellgience ETFs
- Robotics ETFs
- Canadian Cryptocurrency ETFs
- Artificial Intelligence Outlook
- EV Outlook
- Cleantech Outlook
- Crypto Outlook
- Tech Outlook
- All Market Outlook Reports
- Cannabis Weekly Round-Up
- Top Alzheimer's Treatment Stocks
- Top Biotech Stocks
- Top Plant-based Food Stocks
- Biggest Cannabis Stocks
- Biggest Pharma Stocks
- Longevity Stocks to Watch
- Psychedelics Stocks to Watch
- Top Cobalt Stocks
- Small Biotech ETFs to Watch
- Top Life Science ETFs
- Biggest Pharmaceutical ETFs
- Life Science Outlook
- Biotech Outlook
- Cannabis Outlook
- Pharma Outlook
- Psychedelics Outlook
- All Market Outlook Reports
FDA Issues Cybersecurity Recommendations for Medical Devices
In January, the US FDA issued draft guidance that outlines how medical device companies should address cybersecurity risks.
In today’s increasingly digital age, cybersecurity is a growing concern. Any system that stores a user’s data in cyberspace is vulnerable to cyberattacks, from nuclear power stations to online dating websites. And when it comes to the healthcare sector, the same holds true.
In January, the US Food and Drug Administration (FDA) issued draft guidance that outlines how medical device companies should address cybersecurity risks. The report provides recommendations for “managing postmarket cybersecurity vulnerabilities for marketed medical devices,” and is aimed at encouraging manufacturers to address cybersecurity issues throughout the lifecycles of their products — from design, development, production, deployment and maintenance.
The FDA notes that “proactively addressing cybersecurity risks in medical device reduces the patient safety impact and the overall risk to public health.” As such, manufacturers have a duty to monitor, identify and address any vulnerabilities in the postmarket management of their products.
Furthermore, the FDA suggests monitoring cybersecurity information sources for: identification and detection of vulnerabilities and risks; understanding, assessing and detecting presence and impact vulnerability; identifying clinical performance to develop mitigations that protect, respond and recover from the cybersecurity risk and among others; and deploying mitigations that address cybersecurity risk early and prior to exploitation.
Overall, the FDA recommends “routine updated and patches” to devices to increase security or remediate vulnerabilities associated with controlled risk. That includes regular updates to firmware, software, programmable logic, hardware and security of devices, which will in turn increase device security.
Independent research looks into cybersecurity and medical devices
Speaking to Information Security Media Group, independent researcher Billy Rios said he has been working with other organizations to get a better understanding of how to evaluate cybersecurity issues with medical devices. Specifically, Rios is looking to identify if there are indeed patient safety concerns associated with these devices.
Rios endeavors to present a “formal methodology” for assessing cybersecurity vulnerabilities within medical devices. That, he believes, will facilitate approaching companies and having them verify and address the issues.
“We have to systematically and objectively determine which security vulnerabilities present risks to patient harm and which present harm only to the IT infrastructure. Both are very important, but as a patient safety issue, we certainly have to treat them differently,” Rios said.
Rios highlighted that even though a hospital has purchased a medical device, “the work’s not done” and that even simple, solvable issues, like downloading a software patch, are often overlooked. Of the medical devices he has looked into, many have thousands of known vulnerabilities.
Adventium awarded cybersecurity contract
In an effort to thwart cyberattacks on medical devices, the Department of Homeland Security Science and Technology Directorate (DHA S&T) has awarded Minneapolis-based Adventium Enterprises a $2.2-million contract to develop technology geared at ensuring medical devices are protected against cybersecurity breaches. The project, ISOSCELES (Intrinsically Secure, Open, and Safe Control of Essential LayErS) is part of the DHS S&T’s broader Cyber Security Division’s Cyber Physical Systems Security Program (CPSSEC).
As DHS Under Secretary for Science and Technology Dr. Reginald Brothers highlighted, “[m]any medical devices are networked into hospital or other healthcare systems” leaving with security vulnerabilities. The CPSSEC is working towards improving security on medical devices in order to manage the threat.
Securities Disclosure: I, Vivien Diniz, hold no investment interest in any of the companies mentioned.
Related reading:
Privacy Concerns Clash with Financial Incentives in Connected Healthcare Market
FDA Warning Highlights Cybersecurity Threats in Medical Device Industry
Investing News Network websites or approved third-party tools use cookies. Please refer to the cookie policy for collected data, privacy and GDPR compliance. By continuing to browse the site, you agree to our use of cookies.