35.9 F
Washington D.C.
Wednesday, February 1, 2023

FDA Looks to Mitigate Cybersecurity Threats to Connected Medical Devices

The Food and Drug Administration wants to stop cybersecurity threats to connected medical devices through regular patching.

As part of its Medical Device Safety Action Plan, the agency wants software and firmware connected to such devices to be able to be patched on an ongoing basis.

“To avert potential risk, cybersecurity needs to be included in product design and development, including capabilities that enable device patching and updating in a timely way,” the plan states. “Appropriate threat modeling and premarket testing needs to be conducted to assess the adequacy of security for the device’s use environment.”

The plan also highlights the importance of sharing information to mitigate cybersecurity, saying that it frequently collaborates with DHS about cybersecurity vulnerabilities. It also states that the FDA has been “taking steps towards creation of a collaborative, multi-stakeholder environment that fosters communication about cybersecurity vulnerabilities that may affect the safety, effectiveness, and security of medical devices, or the integrity and security of the surrounding healthcare IT infrastructure.”

The agency says it has been working with external partners to improve the cybersecurity of connected devices, through several initiatives including the establishment of Information Sharing Analysis Organizations.

The plan also proposes setting up a CyberMed Safety (Expert) Analysis Board (CYMSAB), a public-private partnership that would complement existing device vulnerability coordination and response mechanisms and serve as a resource for device makers and FDA. Its functions would include assessing vulnerabilities, evaluating patient safety risks, adjudicating disputes, assessing proposed mitigations, serving in a consultative role to organizations navigating the coordinated disclosure process, and serving as a “go-team” that could be deployed in the field to investigate a suspected or confirmed device compromise at a manufacturer’s or FDA’s request.

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles