US Food and Drug Administration releases Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff
June 11, 2022
Privacy and cyber security in the health industry is both critical and critically inadequate in the main. Health organisations are notoriously vulnerable to cyber attack and poor privacy privacy practices on a day to day in person basis.
The US Food and Drug Administration (“FDA”) is in the process of revising its guidance to deal with cyber threats. To that end it is released the draft Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions and will be reviewing it in June and July.
The abstract provides:
The need for effective cybersecurity to ensure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, portable media (e.g. USB or CD), and the frequent electronic exchange of medical device-related health information. In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the US and globally. Such cyberattacks and exploits can delay diagnoses and/or treatment and may lead to patient harm.
This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.
It is a very useful detailed and dense 49 page resource. Impossible to summarise in a post. For those interested in privacy law it is a great resource.
Some useful comments Read the rest of this entry »