The Food and Drug Administration (FDA) issued guidelines this month recommending that manufacturers develop a set of cybersecurity controls in the design of medical devices capable of connecting to the Internet, a network, or portable media. Manufacturers should not only identify the cybersecurity risks associated with the device, but also develop a way for the appropriate stakeholders to detect and respond to security compromises.
The purpose of the guidelines is to ensure the functionality and safety of medical devices from intentional or unintentional cybersecurity risks. While interconnected devices can improve patient care and create healthcare efficiencies, they are vulnerable to security breaches. The FDA’s cybersecurity concerns include malware infections that can spread over networks to medical devices, unsecured distribution of passwords, untimely software updates and patches, and security vulnerabilities in off-the-shelf software.
Please see full publication below for more information.