The U.S. Food and Drug Administration (FDA) has issued a reminder to medical device manufacturers and their customers that cybersecurity for medical devices and their associated communication networks is a shared responsibility. Further, proper maintenance of cybersecurity for medical devices and hospital networks is vitally important to ensure the integrity of the computer networks that support devices.
In its November 4 announcement, the FDA emphasized that medical device manufacturers and user facilities should work together to guarantee that cybersecurity threats are addressed in a timely manner. The announcement stated that software changes addressing cybersecurity threats should be validated before installation to ensure they do not affect the safety and effectiveness of the medical device.
The agency emphasized that it typically does not need to review or approve medical device software changes made for cybersecurity reasons, because most of these patches do not address a risk to health posed by the device. It also stated that it is aware of misinterpretation of the regulations for the cybersecurity of medical devices that are connected to computer networks, but that the need to be alert and responsive to cybersecurity issues is part of the device manufacturer's obligation.
The FDA's current guidance document on cybersecurity for medical device manufacturers, published in January 2005, may be accessed here.
Related Reading
UNC research server hit by hacker attack, September 29, 2009
Conficker worm highlights PACS cybersecurity issues, June 2, 2009
Intrusion-detection testing finds network vulnerabilities, August 11, 2008
Copyright © 2009 AuntMinnie.com
