The U.S. Food and Drug Administration announced it is working with the U.S. Department of Homeland Security for better coordination and cooperation involving possible threats of medical devices. |
By Allen Cone, UPI
The U.S. Food and Drug Administration, in an attempt to improve cybersecurity of medical devices, announced Wednesday is working with the U.S. Department of Homeland Security for better coordination and cooperation involving possible threats.
The FDA's Center for Devices and Radiological Health and DHS' Office of Cybersecurity and Communications hope to share information about potential or confirmed medical device cybersecurity vulnerabilities and threats, according to an FDA press release.
Medical devices, like other computer systems, can be vulnerable to security breaches, the FDA noted in tips posted on its website for October National Cybersecurity Awareness Month Medical devices. These devices are increasingly connected to the Internet, hospital networks and to other medical devices.
"As innovation in medical devices advances and more devices are connected to hospital networks or to other devices, ensuring that devices are adequately protected against cyber intrusions is paramount to protecting patients," Dr. Scott Gottlieb, the FDA commissioner, said in a statement Wednesday. "This agreement demonstrates our commitment to confronting cybersecurity risks and the unscrupulous cybercriminals who may seek to put patient lives at risk."
HHS wants to utilize its resources to assist the FDA.
"DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country," said Christopher Krebs, DHS undersecretary for the National Protection and Programs Directorate. "DHS has enjoyed a great working relationship with the FDA for several years and look forward to this agreement making that working relationship even stronger and more effective."
The two agencies have worked together on medical device cybersecurity, including the coordination of vulnerability disclosures. Medical device manufacturers can receive technical information from cybersecurity researchers regarding identified vulnerabilities.
In addition, the agencies "have collaborated on planning, executing and conducting after-action reviews of DHS-led exercises that simulate real-world cybersecurity attacks and enable the government and stakeholders to practice and improve their responses to these threats," according to a press release.
Part of the plan is to coordinate testing of devices as warranted.
The FDA said it has "taken significant steps to create an environment of shared responsibility between government agencies, industry, healthcare delivery organizations and cybersecurity researchers."
Since 2015, the FDA has issued five product-specific safety communications on cybersecurity vulnerabilities. The include confirmed cybersecurity vulnerabilities in Abbott's implantable cardiac devices and implantable cardiac pacemakers, Merlin's home transmitter of implanted cardiac devices, and Hospira's and Symbiq's infusion systems of medication or anesthetic.