Legacy medical devices are “a key vulnerability for hospitals and health systems,” related to cybersecurity, and device “manufacturers must support end-users in providing a secure environment for safe patient care,” AHA today told leaders of the House Committee on Energy and Commerce. “This support should include wrapping security precautions around these devices, adding security tools and auditing capabilities where possible, conducting regular updates and patching all software, and communicating security vulnerabilities quickly through consistent channels,” AHA said in response to a committee request for information on how best to keep medical devices secure over their useful lifetimes. Among other comments, AHA said that the Food and Drug Administration must make clear that security measures to protect legacy devices are required, not optional. “As a regulator, the FDA has a leadership role in creating expectations that manufacturers proactively minimize risk by building security into products by design, providing security tools to their end-users, and updating and patching devices as new intelligence and threats emerge,” AHA said.

Related News Articles

Headline
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…
Headline
The American Society for Health Care Engineering July 28 announced the recipients of its annual member awards during the 2025 Health Care Facilities Innovation…
Headline
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…