Dive Brief:
- The FDA has released its final guidelines on how medical device manufacturers can do a better job of protecting patient information against cyberattacks.
- The agency said that issuing such guidance has become more important as providers increasingly use wireless, Internet- and network-connected devices and conduct frequent electronic exchange of device-related health information.
- The guidance recommends that when developing a medical device, manufacturers should assess device risks and vulnerabilities, determine criteria for risk acceptance, evaluate how risks could affect device functioning and measure the risk levels and create strategies to mitigate risk.
Dive Insight:
The FDA's guidance comes at a critical time, when attacks on medical devices are mounting along with cyber attacks on healthcare data networks. The threat is so severe that earlier this year, the FBI issued an official warning that such attacks are on the rise, noting that the healthcare industry "is not technically prepared combat against cyber criminals' basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats."
What's unfortunate is that even if the medical device manufacturers do a magnificent job of following the FDA's guidance in issuing new devices, it's still not clear what will happen to the existing devices, millions of which are under use in hospitals today. Medical device vendors must find ways to patch the vulnerabilities that exist in today's existing devices, which can wreak terrible damage under cyber attack, before anyone in healthcare can breathe a sigh of relief.