However, malware that’s aimed at medical devices can have a particularly egregious impact. A cyberattack on someone’s pacemaker, for example, can result in the victim’s death, not just some lost productivity. It’s for that reason that the Food and Drug Administration (FDA) has singled out medical devices as being worthy of special protection against cyberattack, as Engadget reports.
Specifically, the FDA announced on its blog that the agency has issued its final guidance on how medical device companies should ensure that their devices are protected against attack. The essence of the FDA’s guidance is that threats should be managed throughout a device’s entire lifespan, starting with its design and development and extending across its entire lifespan, through continuous monitoring and protection.
The FDA wants medical device manufacturers to create methods for monitoring and detecting vulnerabilities in devices; assess the level of risk and potential impact; establish processes for working with cybersecurity researchers and others to ensure the flow of information; and be able to deploy mitigations early and as necessary. More specifically, the FDA stresses that everyone involved with the manufacture and use of medical devices should apply the core cybersecurity principles outlined by the National Institute of Standards and Technology (NIST).
According to the FDA, these guidelines are only the beginning of its efforts to address the security of medical devices. Going forward, the agency intends to work closely with all “medical device cybersecurity stakeholders” to ensure that threats are monitored, identified, and addressed. In short, the FDA wants to make sure that even if your PC remains easy to hack, your pacemaker won’t be.
