FDA offers insight on postmarket medical device cybersecurity management

by Christina Hwang, Contributing Reporter | January 16, 2017

Business Affairs Health IT Medical Devices

With more and more medical devices operating in the IT spectrum, the FDA is urging stakeholders in the health care industry to safeguard devices by assessing how it functions — and weighing the clinical risks associated with hacking.

In a webinar entitled Postmarket Management of Cybersecurity in Medical Devices – Final Guidance, FDA experts discussed how to establish and communicate vulnerability intake and handling, and how to engage in information sharing for cyber vulnerabilities and threats.

“Connected medical devices, like all other computer systems, incorporate software that is vulnerable to threats,” said Dr. Suzanne Schwartz, associate director for sciences and strategic partnerships in the FDA's Center for Devices and Radiological Health. “When medical device vulnerabilities are not addressed and remediated, they can serve as points of entry into a hospital and health care network.”

Of course, the recent uptick in health care cyber attacks have been well documented. From device vulnerabilities to patient data infiltration, the industry as a whole seems to have become an increasingly desirable target for hackers.

“This can lead to compromise of data confidentiality, integrity and availability. Worse yet, it can introduce basic concerns to the patients who rely on the effective use of these devices, whether in the hospital, at the bedside, at home, or implanted,” she said.

Some key principals of postmarket management include using a risk-based framework so that risks are addressed in a timely and orderly fashion. The FDA also stressed that stakeholders should continue collaborating in order to share information and risk assessments.

In the following image, provided by Dr. Seth Carmody, FDA cybersecurity project manager, postmarket cybersecurity risk is assessed in terms of exploiting a vulnerability and the severity of patient harm if the vulnerability is exploited.

Courtesy: FDA

“The manufacturer must assess whether the risk of patient harm is controlled or uncontrolled. With respect to the y-axis, exploitability, the suggested approach is to use the common vulnerability scoring system,” Carmody said.



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!