The FDA wants improved cybersecurity for medical devices

The Food and Drug Administration wants companies to be prepared against hackers and other cyber risks.

The Food and Drug Administration has released draft cybersecurity guidelines for medical device makers. It still remains only a guideline, but data leaks and security issues are typically never a good thing for a company -- especially when lives are literally on the line. The draft suggests that companies monitor and assess cybersecurity risks (like hacking or data leaks), as well as coordinate information sharing between companies and government to help fix or address vulnerabilities as quickly as possible.

The FDA says that it doesn't aim to enforce urgent reporting on vulnerabilities -- if certain conditions are met. These include the important point that no serious issues or deaths are associated with the vulnerability, and that the manufacturer notifies users and improves its product or security enough to reduce (or eliminate) the risk. The draft guidelines add that the company should be part of, and share information with, the Information Sharing Analysis Organization (ISAO), a collaborative group where members pool cybersecurity information and possible risks. "The FDA is encouraging medical device manufacturers to take a proactive approach to cybersecurity management of their medical devices," it said in the statement. Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats." The draft will be open to feedback for 90 days, then FDA will follow through with its final recommendations.

[Image credit: springm / Markus Spring/Flickr]