Health Information

FDA Discusses Cybersecurity for Medical Devices, Hospitals

FDA Discusses Cybersecurity for Medical Devices, Hospitals

Medical device manufacturers and health care facilities should take appropriate preventive action

MONDAY, June 17 (HealthDay News) -- Medical device manufacturers and health care facilities should ensure appropriate safeguards are in place to reduce the potential harms that may result from cyberattacks, according to a safety communication issued by the U.S. Food and Drug Administration.

Noting that many medical devices contain configurable embedded computer systems and that medical devices are increasingly interconnected via the Internet, the FDA has addressed their vulnerability to cyberattacks.

The FDA notes that cybersecurity vulnerabilities and incidents that could directly affect medical devices or hospital networks include malware infection; malware targeting of mobile devices using wireless technology to access patient data and monitoring systems; uncontrolled distribution of passwords; failure to provide timely security software updates and patches to medical devices and networks; and security vulnerabilities in off-the-shelf software. Accordingly, the FDA recommends that manufacturers evaluate their devices and take steps to limit unauthorized access; ensure appropriate security controls are in place; protect individual components from exploitation; maintain a device's critical function ("fail-safe modes"); and provide methods for recovery and retention after a security breach. Hospitals and health care facilities should also monitor network activity for unauthorized use, routinely evaluate individual network components, and develop strategies to maintain critical functionality during adverse conditions.

According to the FDA: "We recommend that manufacturers review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device."

More Information (http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm )