Oct 18 2018

New FDA Draft Guidance Aims to Improve Medical Device Security

The new guidance updates previous guidelines for manufacturers with the aim to help them stay proactive in the face of a "rapidly evolving" threat landscape.

It's no secret that medical devices present major security concerns for providers everywhere as healthcare facilities become ever-more connected. In an attempt to address this, the Food and Drug Administration has released a draft guidance that seeks to ensure that medical device manufacturers are prepared to take on security issues.

“Cybersecurity threats and vulnerabilities in today’s modern medical devices are evolving to become more apparent and more sophisticated, posing new potential risks to patients and clinical operations,” FDA Commissioner Scott Gottlieb said in a statement. In response, the FDA has been working with stakeholders in the medical sector to stay ahead of evolving threats, Gottlieb notes.

The result is the draft premarket guidance released by the FDA on Oct. 17, which "provides updated recommendations for device manufacturers on how they can better protect their products against different types of cybersecurity risks, from ransomware to a catastrophic attack on a health system," Gottlieb notes in the statement.

The new guidance builds on previous guidance for manufacturers released by the FDA in 2014. Gottlieb noted that the current updates were to help manufacturers stay proactive in the face of the "rapidly evolving nature of cyber threats."