CHA News Article

New Guidance Focuses on Cybersecurity Risks for Medical Device Manufacturers

The U.S. Food and Drug Administration (FDA) issued draft guidance Jan. 15 outlining important steps medical device manufacturers should take to continually address cybersecurity risks to keep patients safe and better protect the public health. The draft guidance, which recommends that manufacturers implement a structured and systematic comprehensive cybersecurity risk management program and respond in a timely fashion to identified vulnerabilities, is part of the FDA’s ongoing efforts to ensure the safety and effectiveness of medical devices in the face of potential cyber threats.

“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities — some we can proactively protect against, while others require vigilant monitoring and timely remediation,” said Suzanne Schwartz, M.D., M.B.A., associate director for science and strategic partnerships and acting director of emergency preparedness/operations and medical countermeasures in the FDA’s Center for Devices and Radiological Health. “Today’s draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

CHA is currently reviewing the guidance; members should contact Alyssa Keefe or Cheri Hummel with input.