FDA recommends guidelines to safeguard medical device from cyber threats


The US Food and Drug Administration (FDA) has recommended guidelines on the postmarket management of medical devices in a bid to secure the equipment from cyberattacks.

The newly released guidance follows an earlier final guidance on medical device premarket cybersecurity which was issued in 2014.

A significant progress in the technological field of medical device technology makes the devices vulnerable to increased risk of cybersecurity breaches which can hamper the device’s performance and functionality, FDA stated in its blog.

"The recently released guidance by FDA stresses on creating a structured and comprehensive programme by the manufacturers to address cybersecurity threats."

In order to contain the threats, manufacturers are required to include cybersecurity controls in the design of the device to ensure seamless product performance and should also continuously monitor and combat cybersecurity concerns after the product is launched and used by patients.

The recently released guidance by FDA stresses on creating a structured and comprehensive programme by the manufacturers to address cybersecurity threats.

The programme should explore ways to continuously identify and monitor cybersecurity threats, understand the gravity of the threats and its effect on patient’s safety.

FDA stresses on cooperation with cybersecurity researchers and other stakeholders to be informed on potential vulnerabilities as well as implement mitigations such as software patches for an early addressing of cybersecurity issues.

Execution of the guiding principles along with the National Institute of Standards and Technology’s (NIST) core principles for improving critical infrastructure cybersecurity is safeguard medical equipment from cyber threats.

FDA intends to cooperate with medical device cybersecurity stakeholders in order to address potential cyber threats and subsequently make adjustments in its guidelines.