FDA’s Tip on Communicating Cybersecurity Issues to Patients: Keep it Simple
(Thursday, October 7, 2021)
When FDA, industry, or any other stakeholder (collectively called the “messengers”) become aware of any cybersecurity vulnerabilities in a medical device connected to the internet, they must inform the patients and caregivers (collectively called the “users”) in an easy to find, read and understand communication on the internet, social media, or television. This is explained with examples and anecdotes in a White Paper released by the FDA earlier this week. Although the white paper does not contain any surprises, it contains commonsense measures to address communication with patients that may be useful as a sanity checklist for developers of such communications. It is not expected or deemed practical that the messengers will communicate with patients immediately upon becoming aware of cybersecurity vulnerabilities as such issues need to be assessed for their seriousness and impact, and mitigation strategies developed before general patient communications can be released. But when released, the message must be simplified so it could be understood clearly by diverse users, discuss the specific issues, and contain recommended actions to be taken by users. The communication must be easily findable by the intended users; the messengers may use email blasts and text messages and make the information available on platforms preferred by users. For example, the white paper emphasizes the importance of the message being optimized for reading on mobile phones. The white paper provides useful advice that may not be surprising and may not be in the more formal format of an FDA Guidance Document, but still provide a valuable document that would be used by communication teams at FDA and industry to help create SOPs for patient communication specific to cybersecurity information dissemination, and all communications, in general.
Dr. Mukesh Kumar
Founder & CEO, FDAMap
Linkedin: Mukesh Kumar, PhD, RAC