FDA Appoints Acting Director of Medical Device Security, Signaling Increased Commitment to Medical Device Cybersecurity

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP

FDA Appoints Acting Director of Medical Device Security, Signaling Increased Commitment to Medical Device Cybersecurity

The U.S. Food and Drug Administration (FDA) announced that the newly-created post of Acting Director of Medical Device Security has been filled by Kevin Fu, a University of Michigan associate professor and founder of the Archimedes Center for Medical Device Security.  Fu, who was appointed for a one-year term, is expected to “work to bridge the gap between medicine and computer science and help manufacturers protect medical devices from digital security threats.”1 The creation of the position reflects the FDA’s ongoing efforts to ensure the safety and effectiveness of Internet of Things and medical devices such as insulin pumps, pacemakers, and hospital imaging machines.  These devices, which increasingly rely on software and the cloud to operate, are particularly vulnerable to threat actors targeting hospitals and other medical providers with ransomware and other attacks.  Such attacks have been on the rise, particularly given the shift to telehealth and remote operation of medical devices in the wake of COVID-19.

Medical device manufacturers can anticipate updated draft guidance on best practices in 2021.  The FDA released previous guidance in October 2018.2 Fu has also outlined his anticipated primary activities as the Acting Director of Medical Device Security during 2021:

  • Envisioning a strategic roadmap for the future state of medical device cybersecurity;
  • Assessing opportunities to fully integrate cybersecurity principles through the lens of the center’s total product life cycle model;
  • Training and mentoring the FDA’s Center for Devices and Radiological Health staff for premarket and postmarket technical review of medical device cybersecurity;
  • Engaging multiple stakeholders across the medical device and cybersecurity ecosystems; and
  • Fostering medtech cybersecurity collaborations across the federal government, including the National Institute of Standards and Technology, National Science Foundation, National Security Agency, Department of Health and Human Services, National Telecommunications and Information Administration, Cybersecurity and Infrastructure Security Agency, Department of Veterans Affairs, Department of Defense, Federal Trade Commission and others.3

Fu has separately urged that entities should involve security experts from the beginning of the design process for a new device and has encouraged companies to bring legacy medtech devices up to speed with the latest cybersecurity protections, explaining that “whether for manufacturers of the Internet of Things or medical devices, we’re not providing the necessary level of security engineering training that companies need.”  Fu noted that the FDA will be working closely with the U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) on sector incident and emergency response.


2 https://www.fda.gov/regulatory-information/search-fda-guidance-documents/content-premarket-submissions-management-cybersecurity-medical-devices.

3 https://www.natlawreview.com/article/fda-names-first-acting-director-medical-device-cybersecurity.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.