The medical revolution that has arisen at the intersection of health care and technology has doctors and patients alike celebrating, but this age of increased connectivity carries with it a few risks. To address the potential dangers of connected medical devices, the Food and Drug Administration has recently released a draft guidance aimed at helping medical device manufacturers keep their patients safe and the public health protected. According to the press release about the new guidelines, the document “details the agency’s recommendations for monitoring, identifying, and addressing cybersecurity vulnerabilities in medical devices once they have entered the market.”
The guidance marks the latest in the FDA’s continued attempts to guard against cybersecurity risks, which have become all the more prevalent in recent years. And given the huge amount of sensitive information these devices could contain, it’s imperative that users are kept safe.
“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities — some we can proactively protect against, while others require vigilant monitoring and timely remediation,” said the FDA’s Suzanne Schwartz, who serves as the associate director for science and strategic partnerships and acting director of emergency preparedness/operations and medical countermeasures. “Today’s draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”
While there are no legal implications involved with the new guidelines, the FDA is urging manufacturers everywhere to remain vigilant about their products — companies should take steps to monitor and assess risk, disclose vulnerabilities, and do everything they can to be proactive about fighting cybersecurity issues.
Said Schwartz, “Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats.”