FDA seeks greater cybersecurity for current, future medical devices

The FDA has warned medical device manufacturers and health care facilities to ensure that their medical devices are hardened against cyber attack.

Although the agency said it is unaware of any injuries or deaths, it has tracked “incidents that could directly impact medical devices or hospital network operations.”

As medical devices are increasingly linked together via the Internet, internal software is more vulnerable to unauthorized access that could affect how the devices operate.

In addition to warning about existing devices, the FDA released draft guidance on how manufacturers should approach pre-market submissions.

The steps outlined for hospitals and health care facilities include:

restrict unauthorized access
update antivirus software and firewalls
monitor networks for unauthorized use
protect and periodically evaluate network components, update security patches and disable unnecessary ports and services
contact device manufacturer if a cybersecurity problem is suspected
develop a plan to maintain critical functions during “adverse conditions”

The FDA also encouraged health care professionals and patients to report cybersecurity events or side effects through its established online reporting program.