FDA settles guidelines for cybersecurity in medical devices

Image courtesy to Jack Moreh (Freerange Stock)

The global IoT healthcare market is forecast to reach USD 163 billion by 2020, at a CAGR of 38.1%, according to MarketsandResearch. However, following the increase of cyberattacks on internet connected devices in 2016, the US Food and Drug Administration has released final guidelines and recommendations to help manufacturers build a better cybersecurity strategy and action plan.

With a special focus on cybersecurity for medical devices in the postmarket, the guidelines add to an earlier document released in October 2014 and encourage manufacturers “to address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device.”

As IoT devices are generally not developed with security in mind, they have many vulnerabilities that make it easy for hackers to breach and exploit them to cause death or injuries. To keep this from happening in the future, the FDA recommends manufacturers detect the vulnerabilities early in the development process and implement a strategy to regularly release firmware updates.

“In today’s world of medical devices that are connected to a hospital’s network or even a patient’s own Internet service at home, we see significant technological advances in patient care and, at the same time, an increase in the risk of cybersecurity breaches that could affect a device’s performance and functionality,” wrote Suzanne B. Schwartz, M.D., M.B.A., FDA’s Associate Director for Science and Strategic Partnerships, at the Center for Devices and Radiological Health.

Leave a Reply