The US Food and Drug Administration (FDA; Silver Spring, MD, USA) has issued a draft guidance outlining important steps medical device manufacturers should take to address cybersecurity risks.
According to the FDA, cybersecurity threats to medical devices are a growing concern, and exploitation of cybersecurity vulnerabilities presents a potential risk to the safety and effectiveness of such devices. While manufacturers can incorporate controls in the design of a product to help prevent these risks, they must also consider improvements during maintenance of devices, since the evolving nature of cyber threats means risks may arise throughout a device’s entire lifecycle. A structured and systematic comprehensive approach that responds in a timely fashion to identified vulnerabilities is thus recommended.
For the majority of cases, actions taken by manufacturers to address cybersecurity vulnerabilities and exploits should include routine updates or patches, for which no advanced notification, additional premarket review, or reporting under FDA regulations is required. For a small subset of cybersecurity vulnerabilities and exploits that may compromise essential clinical performance of a device and present a reasonable probability of serious adverse health consequences or death, the FDA would require medical device manufacturers to notify the agency. For the full article click here
from health IT caucus http://ift.tt/1X3vBx8
via IFTTT
No comments:
Post a Comment