The US Food and Drug Administration published a preliminary guide last week regarding the cybersecurity of medical devices.
The importance of protecting medical devices
The eraser of the guide, “Cyber Security in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” It seeks to emphasize the importance of protecting medical devices throughout the life cycle of a product.
The guidance would replace one issued by the agency in 2018.
“These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats,” the FDA said in the Federal Register notice on the guidance.
BECAUSE IT IS IMPORTANT?
The cyber securityparticularly with regard to the medical deviceshas taken on greater importance as more patients benefit from connected care.
“Increased connectivity has resulted in individual devices functioning as single elements of larger medical device systems.” The FDA noted in its draft guidance. “These systems may include healthcare facility networks, other devices and software update servers, among other interconnected components.
Consequently, without consideration of cyber security adequate in all aspects of these systems. A cybersecurity threat can compromise the security and/or effectiveness of a device by compromising the functionality of any asset in the systemthe guide continued.
The general principles presented in the draft guide
The general principles presented in the draft guide include an acknowledgment that the cyber security it is part of the Device Safety and Quality System Regulations. FDA’s plan to assess the adequacy of the security of a device based on the goals listed and the importance of transparency to users of the device.
KEY POINTS
- Manufacturers must take into account the largest system in which the device can be used. The agency said, noting the difference in the risk profile between an unconnected thermometer. And one that is used in a safety-critical control circuit.
- Cybersecurity risks evolve over time and, as a result, the effectiveness of cybersecurity controls may degrade as new risks emergethreats and methods of attack, said the guide. “Because cybersecurity is part of device security and effectiveness, cybersecurity controls must take into account the intended and actual environment of use.”
- The guide also included device labeling tips with cyber security risks. Including detailed diagrams and descriptions of backup and restore procedures.
- Instructions for managing cybersecurity risks should be cunderstandable to the intended audience. Which may include patients or caregivers with limited technical knowledge, the agency said.
FDA requests that comments be submitted electronically or in writing by July 7, 2022.
“In addition, cybersecurity threats to the healthcare sector have become more frequent and more severe, leading to greater potential for clinical impact,” he concluded.
Related Notes:
Personal finances: 10 keys for the entrepreneurial doctor
This is how health professionals gaslight their patients
Mexican company breaks record for home health care during pandemic