Medical-Device Makers Urged by FDA to Boost Cybersecurity
Hospitals and medical-device makers are being urged by the U.S. government to boost safeguards against computer hackers and malware that can disrupt the use of life-saving technology.
There has been a rise in incidents including breaches of hospital networks and computer-embedded medical devices that could expose patient data or privileged passwords, The Food and Drug Administration said today on its website. The FDA said it’s not aware of any patient injuries from the intrusions, and didn’t name specific devices or facilities targeted.
Spies, criminals and activists have stepped up assaults on government and corporate systems, spurring efforts by Congress and President Barack Obama to shield U.S. infrastructure. The frequency of data breaches at hospitals has grown as doctors become more reliant on electronic recordkeeping and digital equipment such as Apple Inc. (AAPL) iPads to monitor patients.
“We recommend that manufacturers review their cybersecurity practices and policies to assure that appropriate safeguards are in place,” the agency said. “The extent to which security controls are needed will depend on the medical device, its environment of use, the type and probability of the risks to which it is exposed, and the probable risks to patients from a security breach.”
The FDA’s draft guidance today outlines what cybersecurity measures companies must include when applying for approval of new devices and urges hospitals to restrict unauthorized access to their networks and update computer firewalls. Device makers are responsible for identifying potential risks and creating safety measures to mitigate any damage, the agency said.
The FDA is working with other government agencies to identify potential vulnerabilities, communicate the risk and help mitigate any damage that may result.
To contact the reporter on this story: Michelle Fay Cortez in Minneapolis at email@example.com
To contact the editor responsible for this story: Reg Gale at firstname.lastname@example.org