AHA Comments on Security of Legacy Medical Devices

Jun 01, 2018 - 02:26 PM
AHA-comment

Legacy medical devices are “a key vulnerability for hospitals and health systems,” related to cybersecurity, and device “manufacturers must support end-users in providing a secure environment for safe patient care,” AHA today told leaders of the House Committee on Energy and Commerce. “This support should include wrapping security precautions around these devices, adding security tools and auditing capabilities where possible, conducting regular updates and patching all software, and communicating security vulnerabilities quickly through consistent channels,” AHA said in response to a committee request for information on how best to keep medical devices secure over their useful lifetimes. Among other comments, AHA said that the Food and Drug Administration must make clear that security measures to protect legacy devices are required, not optional. “As a regulator, the FDA has a leadership role in creating expectations that manufacturers proactively minimize risk by building security into products by design, providing security tools to their end-users, and updating and patching devices as new intelligence and threats emerge,” AHA said.

Related News Articles

Headline
Alert warns of cyber actors using Telegram messaging app to push malware 
The FBI released an alert March 20 warning of a technique used by cyber actors working on behalf of the Iranian government to conduct malicious cyber activity…
Headline
CISA urges organizations to harden endpoint management systems following Stryker cyberattack
The Cybersecurity and Infrastructure Security Agency March 18 released an alert urging U.S. organizations to harden their endpoint management systems following…
Headline
AHA launches new ad celebrating hospitals’ compassion and care
The AHA March 15 unveiled a new digital ad spotlighting hospitals and health systems as the place where compassion and medicine come together. “There’s …
Headline
Virtual event to focus on cyber incident response and recovery
The Health Sector Coordinating Council Cyber Working Group and Health-ISAC (Information Sharing and Analysis Center) will host a joint cybersecurity event July…
Headline
Medical technology company Stryker disrupted globally by cyberattack
Stryker, a medical technology company that provides services and products for hospitals, was disrupted globally by a cyberattack, the company announced March…
Headline
White House issues executive order addressing cybercrime by threat groups
The White House issued an executive order March 6 to combat cybercrimes by threat groups. The order highlights how such groups can receive willing or…