Last week FDA pulled together experts in cybersecurity, global regulation, software and product design to openly discuss how the medical device industry can work with partners to develop best practices in assessing cybersecurity threats and ensuring that critical information is protected. The public workshop was the second agency meeting on the topic (the first occurred in 2014). Held in collaboration with HHS, the National Health Information Sharing Analysis Center, and the Department of Homeland Security, the event brought to light that the issue is not just of concern among device companies, but also government-wide.
Although progress has been made, it’s clear that industry has a long way to go in strengthening medical device cybersecurity. In his opening remarks, Acting FDA Commissioner Stephen Ostroff even admitted, “I’m probably the last person at FDA who should be giving remarks at a meeting regarding wireless and network technologies and the cybersecurity concerns that come along with these technologies.” Ostroff reflected on the wakeup call he had within the past year when he lost his personal cell phone, calling it a “great lesson” in cybersecurity.
“Medical device cybersecurity is a total lifecycle issue.” – Suzanne Schwartz, MD, CDRH
With medical networks and wireless and interoperable devices still quite vulnerable to security breaches and malicious intrusions, last week’s meeting stressed the importance of preparation and not learning this fact the hard way. “We know that it takes work and that it’s hard to build cybersecurity into medical devices and systems that are not self-contained at the time that they are actually developed,” said Ostroff. He added that the issue becomes far more complicated once a device hits the market, especially due to the fact that risks and vulnerability increase as time goes on.
Experts will discuss cybersecurity at next week’s mHealth for Medical Device Manufacturers conference | REGISTER to attend February 3-4 in-person or virtually“Success in this area requires the engagement of both the public and private sector, medical device manufacturers, healthcare facilities and personnel, professional and trade organizations, patient groups, insurance providers, cybersecurity researchers, and yes, even hackers, and officials from all levels of government,” said Ostroff. “To be effective, we have to take advantage of and leverage the knowledge and expertise of the entire cyber research community and many others.”
During the workshop, experts discussed the following key points related to cybersecurity: