Step-By-Step Recommendations For Securing Medical Devices

Manufacturers should build in cybersecurity controls when they design and develop the device to assure proper device performance in the face of cyber threats.

Highlights

The US Food and Drug Administration issued a set of recommendations for securing medical devices.
Robust cybersecurity is an ongoing process that requires maintenance and regular software updates.

The U.S. Food and Drug Administration issued a final guidance addressing the cyber vulnerabilities in medical devices, outlining the guidelines for manufacturers on security of internet-connected devices such as pacemakers and insulin pumps.

With the guidelines, the FDA said manufacturers must build cybersecurity controls into medical devices during the development process. Further, they should establish, document and maintain the identification of hazards throughout the device life cycle as part of risk management.

New Effective Artificial Pancreas to Improve the Life of Type 1 Diabetics
A randomized controlled study was conducted for establishing the efficacy of artificial pancreas over conventional insulin therapy in type I diabetes adults, and control of nocturnal hypoglycemia

‘Unlike smartphones and consumer computers that regularly see over-the-air software updates, things like pacemakers and defibrillators are more likely to be left alone once they enter the market, making them an easy mark for would-be attackers.’

Some in the healthcare industry have long criticized the FDA for only giving suggestions to fix these major security flaws rather than offering official guidelines.

"Today's post-market guidance recognizes today's reality, Cybersecurity threats are real, ever-present and continuously changing," said Suzanne B. Schwartz, MD, the FDA's associate director for science and strategic partnerships, said in a statement. "As hackers become more sophisticated, these cybersecurity risks will evolve."

The FDA recommends manufacturers continually monitor cybersecurity vulnerabilities of devices and should create a program to mitigate these risks.

Insulin Pump Makes Life Easier for Patients By Reducing Heart Disease Risk by Half
Insulin pump can reduce the frequencies of severe hypoglycemic episodes which can be a risk factor for cardiovascular events among high risk individuals.

Additionally, they should assess vulnerabilities in their products and how they could affect patients, while working with researchers to better understand potential cyber risks. Manufacturers should also address issues early on before an exploit can occur, through deployed mitigations, such as software patches.

The FDA also stressed that it's important for developers to apply the core rules of National Institute of Standards and Technology to improve cybersecurity infrastructure.

FDA Approves Animas Vibe Insulin Pump and Continuous Glucose Monitoring System
Animas Corporation has announced Food and Drug Administration (FDA) approval of the Animas Vibe insulin pump and Continuous Glucose Monitoring (CGM) system.

The 30-page guidance was released as the FDA investigates claims that St. Jude Medical's heart devices are vulnerable to attacks that can endanger patient lives. FDA guidance released in 2014 addressed cybersecurity needs during new device development, but failed to include devices currently on the market.

"It's only through application of these guiding principles, executed alongside best practices such as coordinated vulnerability disclosure, that will allow us all to navigate this uncharted territory of evolving risks to device security," Schwartz said.

Biological Pacemakers With Stem Cells Can Replace Electronic Ones
The biological pacemaker is intended as an alternative to the artificial cardiac pacemaker that's been in human use since the late 1950s.

"This is clearly not the end of what FDA will do to address cybersecurity," she added. "We'll continue to work with all medical device cybersecurity stakeholders to monitor, identify and address threats and intend to adjust our guidance or issue new guidance, as needed."

Source-Medindia