The FDA has released a series of health device security guidelines against potential cyber threats.
The FDA has released a series of health device security guidelines as the administration is trying to ensure patient safety.
Internet-connected devices have become a somewhat common occurrence. Such technology has led to the appearance of a new domain, IoT. IoT or the Internet of Things is seen by some as the technology of the future.
However, it also carries its risks. Internet-connected devices are more vulnerable to cyber threats. And unfortunately, not even medical such devices might be spared.
The FDA has come to recognize such threats. As such, it has released official health device security guidelines. The FDA is the United States Food and Drug Administration.
Earlier this week, on Tuesday, the administration released its guidance. It was published in an official FDA website blog post.
Suzanne Schwartz went to offer details. She is the Science and Strategic Partnership Associate Director. Current medical devices have helped advance patient care. Such technology can be used in the hospital, or at home.
They work by connecting to an Internet service. As such, they can be affected by cyber security breaches. These might lead to functionality and performance issues.
FDA device security guidelines are trying to address this potential problem. They could almost be considered a follow-up. In October 2014, the FDA released a similar guidance.
Back then, the administration set out ensure safer future products. It offered guidance as to the development of stronger cyber products.
The current guidelines have a different target. They are meant to ensure the current device security. As such, they address already released and used devices.
As it is, the FDA health device security guidelines are nonbinding recommendations. This means that the industry is not obligated to follow them.
Still, the guidelines emphasize the need for post-production measures. As such, manufacturers should keep track of their products. These should be monitored.
This way, potential cyber security vulnerabilities could be detected. Their identification could lead to a solution before the issue could even start being exploited.
Such practices should become a post-market management norm for such medical devices. The FDA guidance advises as follows.
Manufacturers should assess, detect, and understand the potential cybersecurity risk levels. More exactly, they should determine the patient’s potential vulnerability.
The device security guidelines advise for a “coordinated vulnerability disclosure policy”. Through it, manufacturers should establish a communication collaboration.
Cybersecurity researchers and stakeholder would be involved. They would receive potential risk and vulnerability information.
After detecting them, producers should also work on addressing the potential issues. Software patches or other deployed mitigations would have to be developed. Such tactics would best be taken before the issue could be exploited.
The device security guidelines will also offer risk assessment techniques. Producers can determine if the patient harm risk is sufficiently controlled, or not.
This assessment will be based on a number of facts. The likelihood of exploitation is a first such factor. Exploit impact will also be taken into account.
This will address the device’s essential performance and safety. Patient harm severity levels will also be analyzed.
FDA device security guidelines include the following products. All such devices have been marketed and distributed. They contain either a programmable logic or software. This latter also includes firmware. Medical devices software includes mobile medical apps.
The guidelines target medical devices that are part of a legacy device. Or they could be an interoperable system component.
The FDA also pointed out another fact. It outlined the circumstances in which it would not intervene. More exactly, it will not be enforcing reporting requirements.
Schwartz also pointed out that this will not be the last guidance. The FDA will continue to look into and address the potential cyber security issues.
As such, it will be adjusting or updating its device security guidelines according to need.
Image Source: Wikimedia
The post Device Security Guidelines Have Been Issued By The FDA appeared first on Trinity News Daily.