FDA to Hike Medical Device Security

Monday, April 23, 2018 @ 02:04 PM gHale

Security issues regarding medical devices are becoming more visible and the Food and Drug Administration (FDA) wants to eradicate them.

That is why the federal agency released a plan of action to help head off the emerging issue.

Abbott Updates Defibrillator
Biosense Fixes System Vulnerabilities
Philips Remediates iSite, IntelliSpace Holes
GE Working on Medical Device Vulnerability

In the plan, the agency means to:
• Establish a robust medical device patient safety net in the U.S.
• Explore regulatory options to streamline and modernize timely implementation of postmarket mitigations
• Spur innovation toward safer medical devices
• Advance medical device cybersecurity
• Integrate CDRH’s premarket and postmarket offices and activities to advance the use of a Total Product Life Cycle (TPLC) approach to device safety

Among the more specific actions when if comes to pushing for greater medical device cybersecurity, the FDA plan looks to require companies to:
• Make their devices capable of being updated and patched
• Provide to the FDA and medical device customers and users with a “Software Bill of Materials,” which will include details about the software running on the device so that users can “better manage their networked assets and be aware of which devices in their inventory or use may be subject to vulnerabilities”

Fixing vulnerabilities in a timely manner and propagating the fixes to the customers and users is also important, and to that end the FDA aims to push companies to adopt policies and procedures for coordinated disclosure of vulnerabilities.

It is also looking into creating a new public-private partnership that would complement its current device vulnerability coordination and response mechanisms.

“The CyberMed Safety (Expert) Analysis Board (CYMSAB) would encompass a broad range of expertise (including hardware, software, networking, biomedical engineering, and clinical) to integrate critical patient safety and clinical environment dimensions into the assessment and validation of high-risk/high-impact device vulnerabilities and incidents,” the FDA said.

“Although medical devices provide great benefits to patients, they also present risks. FDA’s public health responsibilities span the life cycle of medical devices and, at every stage, FDA must make well-supported regulatory decisions, taking into account the totality of the evidence, to determine whether the benefits outweigh the risks,” the FDA said.

“Ensuring the safety of medical devices on an ongoing basis is far more complex than having a vigilant postmarket surveillance system for quick identification of new or increased safety concerns, timely public communication about them, and effective interventions,” the FDA said. “The FDA also must foster innovation that spurs the development of safer, more effective technologies and assures timely patient access. Doing so will more effectively improve the health and quality of life of patients and enable decision-making based on the best available evidence about medical devices. Innovation and safety are not polar opposites but rather two sides of the same coin. Spurring innovation to develop safer, more effective devices and devices that address unmet needs, so that patients are not harmed by or experience fewer adverse health effects from their underlying disease, is also about improving patient safety.”

Leave a Reply

You must be logged in to post a comment.