FDA’s Center for Devices and Radiological Health (CDRH) issued the discussion paper Strengthening Cybersecurity Practices Associated with Servicing of Medical Devices: Challenges and Opportunities, seeking early input from groups and individuals outside of FDA.
According to FDA, cybersecurity is a widespread issue affecting medical devices connected to the internet, networks, and other devices. Cybersecurity is in the process of preventing unauthorized access, modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient.
FDA has taken numerous steps to strengthen medical device cybersecurity, including issuance of final guidances on FDA’s premarket and post market medical device cybersecurity recommendations.
Effective cybersecurity is a shared stakeholder responsibility and device manufacturers should incorporate the concept of threats, vulnerabilities, and exploits into their risk management design controls, maintenance, surveillance, and response processes. Also, manufacturer’s need to include security controls for privileged access and improved data protection using encryption to perform effective servicing for a device.
FDA is seeking input on four questions:
- What are the cybersecurity challenges and opportunities associated with the servicing of medical devices?
- Are the four areas identified in the discussion paper the correct cybersecurity priority issues to address in the servicing of medical devices?
- How can entities that service medical devices contribute to strengthening the cybersecurity of medical devices?
Go to https://www.fda.gov/media/150144/download for the discussion paper. FDA encourages stakeholders to provide comments in the Federal Register under docket number FDA-2021-N-0561. Submit comments to https://www.regulations.gov/docket/FDA-2021-N-0561 Comments are due August 17, 2021.
Go to https://www.fda.gov/about-fda/fda/-organization/center-devices-and-radiological-health, for more information on FDA CDRH.