Medindia LOGIN REGISTER
Medindia
Prevent Hacking of Medical Devices: FDA Sounds Alarm

Prevent Hacking of Medical Devices: FDA Sounds Alarm

Listen to this article
0:00/0:00

How to stop hacking of medical devices? US Food and Drug Administration hopes to tackle the medical cybersecurity issue through the manufacturers’ review process

Highlights:
  • The U.S. Food and Drug Administration released guidance regarding medical device cybersecurity
  • The guidance emphasizes the importance of safeguarding medical devices throughout a product's life cycle
  • This is enabled by the premarket review process to release medical devices that are sufficiently resilient to cybersecurity threats
The U.S. Food and Drug Administration (FDA) has issued a new cybersecurity guidance for medical device manufacturers to provide a life cycle approach to the issue.
This guidance would be put into action instead of old one issued by the agency in 2018. These recommendations promote an efficient premarket review process and ensure that marketed medical devices are strong enough to handle cybersecurity threats (1 Trusted Source
Cybersecurity

Go to source
).

Advertisement

Role of Cybersecurity in Medical Devices

Cybersecurity concerning medical devices has increased significantly as more patients benefit from connected care. Increased connectivity during the COVID-19 pandemic has resulted in individual devices operating as single elements of larger medical device systems.

These systems are also a part of healthcare facility networks, other devices, and software update servers, among other interconnected components.

Consequently, without adequate cybersecurity considerations across all aspects of these systems, the safety and/or effectiveness of any device in the system is compromised functionally (2 Trusted Source
Medical Device Cybersecurity: What You Need to Know

Go to source
).

Advertisement

Be Prepared for the Security Attack with New Guidance

Recognizing the increased potential and evolving nature of cybersecurity threats, the FDA’s draft guidance will expand further based on its 2014 recommendations.

The general principles put forth in the draft guidance highlight that cybersecurity is part of device safety and the Quality System Regulations (QSR), and the FDA plans to assess the adequacy of a device’s security using the design controls that include software validation and risk analysis procedures.

The manufacturers should satisfy the QSR by establishing a Secure Product Development Framework (“SPDF”), which includes processes made up to reduce the number and severity of threats faced by the product throughout all aspects of the product life cycle. It should consider the third-party software components.

While the SPDF recommendation is not more specific than FDA’s 2014 guidance, FDA allows manufacturers to satisfy the QSR using other approaches too, provided they meet the requirements.


Advertisement

Labeled Safety for Medical Devices

Cybersecurity threats evolve and, as a result, the effectiveness of cybersecurity controls may degrade as new risks, threats and attack methods emerge, and so the device's safety and effectiveness, should also consider the intended and actual use environment.

To make this decision more reliable, the guidance included labeling suggestions for devices with cybersecurity risks, including detailed diagrams and descriptions of backup-and-restore procedures.

The instructions to manage medical device cybersecurity threats or risks should be understandable to the intended audience, including patients or caregivers with limited technical knowledge (3 Trusted Source
Medical Devices in Harm’s Way: Medjacking

Go to source
).

Currently, the FDA requests comments on the guidance to be submitted either in electronic or written form by July 7, 2022. This draft guidance is one of the new beginnings in the health IT and medical technology industry over the past few years.

Past, Present and Future of Medical Devices Cybersecurity

Before this guidance draft, the FDA had released "guiding principles" for developing devices relying on artificial intelligence and machine learning last October, followed by a draft guidance on software functions.

This time FDA has responded more effectively to the evolving needs of medical innovation when compared to its global counterparts by drafting guidance that is more reasonable to the users and the healthcare industry.

Meanwhile, laws were also introduced earlier this month that would establish a series of cybersecurity requirements for manufacturers applying for premarket approval through the FDA, among other provisions (4 Trusted Source
Third time’s a charm: US FDA reissues cybersecurity draft guidance

Go to source
).

This is seen as a welcome move in the era where there is integrated wireless, internet- and network-connected capabilities, portable media along with the frequent electronic exchange of medical-device-related health information.

Never like before, the need for strong cybersecurity that ensures medical device safety and effectiveness has become more important.

In addition, cybersecurity threats have made the healthcare sector suffer severely and directly affect the clinical impact. Improved functioning of digital medical devices can improve health care quality and safety.

The health sector and medical devices should take care of both health and safety. Be aware of these regulations and make a difference in the technology world full of hackers.

References:
  1. Cybersecurity - (https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity)
  2. Medical Device Cybersecurity: What You Need to Know - (https://www.fda.gov/consumers/consumer-updates/medical-device-cybersecurity-what-you-need-know)
  3. Medical Devices in Harm’s Way: Medjacking - (https://jamanetwork.com/journals/jama-health-forum/fullarticle/2759776)
  4. Third time’s a charm: US FDA reissues cybersecurity draft guidance - (https://www.raps.org/news-and-articles/news-articles/2022/4/third-times-the-charm-us-fda-reissues-cybersecurit)


Source-Medindia


Advertisement