Medical devices can be vulnerable to security breaches in the same way as any other networked computing device. This may potentially affect its safety and effectiveness. The FDA (Food and Drug Administration) has issued final guidelines for manufacturers to consider cybersecurity risks as part of their medical device design and development. Its guidance contains voluntary recommendations and does not establish any legally enforceable responsibilities.
These security guidelines are significant in conveying to device manufacturers and stakeholders the current state of evolving key best practices in the medical device security. They are similar to the guidance issued by FDA in June 2013 and is part of the FDA’s efforts to improve the cybersecurity of medical devices.
FDA recommendations to mitigate and manage cybersecurity threats
The vulnerability of medical devices to threats has grown, as these products are increasingly connected to hospital networks, the internet, and other medical devices. There is therefore a need for effective cybersecurity to assure the functionality and safety of the medical device.
In response, the FDA has developed the guidance document to assist manufacturers in identifying issues related to cybersecurity which should be considered when designing and developing medical devices and preparing for their pre-market submissions.
FDA recommends that manufacturers consider cybersecurity risk as a part of the medical device design and development and that they submit documentation to FDA about the identified risks. These manufacturers also should consider putting controls in place that will help mitigate those risks. The documents provides recommendations to the manufacturers on plans to provide updates as well as patches for the operating systems and the medical software.
Security measures to be considered by device manufactures
The Food and Drug Administration suggests following security measures which should be considered by medical device manufacturers to protect them from instances of unauthorized access:
- Authentications (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/medical-device-security-standards/