FDA Celebrates Cybersecurity Month with New Clarifications on Policy
(Thursday, October 8, 2020] October is the national cybersecurity awareness month and to celebrate it, FDA updated its cybersecurity webpage and created a new Factsheet to dispel several misperceptions about FDA’s role in assuring cybersecurity measure in medical devices. Over the last decade, as networked devices play a significantly larger role in overall health management, and in medical devices, cybersecurity concerns have permeated both in policy discussions and in real world events. Over the years FDA has released 4 major guidance documents describing regulatory expectations regarding cybersecurity measures in medical devices, the earliest of these being in 2005. FDA also works with other agencies in the government, mostly Department of Homeland Security (DHS) and Department of Justice (DOJ) along with medical device manufacturers, informational technology companies, and other parties to create polices and practices to assure that the medical devices available to consumers are safe from malicious players who could use an unauthorized access to a device for nefarious purposes. There is not much new in the Fact-Sheet or the updated FDA webpage for cybersecurity but it is an excellent summary of common concerns and questions from developers. With the establishment of the new Center for Excellence for Digital Health we should expect FDA to get even more involved in addressing cybersecurity issues in medical devices and create rapid-action policies to address vulnerabilities in medical devices. Cybersecurity is a prominent concern for all developers; it should be assuring that it is for FDA as well. |
|