OIG: FDA should address postmarket cybersecurity risk to medical devices

Nov 05, 2018 - 02:50 PM
cybersecurity-hand-lock-graphic_900x400

The Food and Drug Administration’s policies and procedures were insufficient for handling postmarket medical device cybersecurity events, and the agency has not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices, according to a Department of Health and Human Services Office of Inspector General report released Nov. 2.
 
OIG recommends that FDA: continually assess the cybersecurity risks to medical devices and update, as appropriate, its plans and strategies; establish written procedures and practices for securely sharing sensitive information about cybersecurity events with key stakeholders who have a need to know; enter into a formal agreement with federal agency partners to establish roles and responsibilities; and ensure the establishment and maintenance of procedures for handling recalls of medical devices vulnerable to cybersecurity threats.
 
FDA agreed with most recommendations and said it had already implemented many of them during the audit and would continue working to implement others. For example, FDA recently released updated pre-market guidance for medical device manufacturers on cybersecurity device design, labeling and documentation.

Related News Articles

Headline
Alert warns of cyber campaign by Chinese military intelligence to obtain classified or privileged information
The FBI and international agencies have released an alert on Chinese military intelligence services using professional networking sites and online job…
Headline
White House issues executive order on cybersecurity for AI
The White House issued an executive order June 2 on cybersecurity efforts regarding artificial intelligence. The order instructs federal…
Headline
Guide issued for healthcare organizations on cyber governance frameworks for secure AI implementation 
The Health Sector Coordinating Council’s Cybersecurity Working Group has released a guide to help healthcare organizations establish cyber governance…
Headline
FBI issues alert on cyber actors impersonating IT personnel 
The FBI has released an alert on a cyber threat group called the Silent Ransom Group, which has targeted healthcare and other industries in recent years using…
Headline
CISA issues revised virtual town hall schedule for input on proposed cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 26 announced a revised schedule for its series of virtual town hall meetings for public input on…
Headline
FDA issues alert for Abiomed heart pump controllers 
The Food and Drug Administration has issued an early alert for all heart pump controllers by Abiomed, which sent a correction notice to all customers with…