The Food and Drug Administration has released draft guidance to help manufacturers protect medical devices against cyber threats throughout the product lifecycle.The guide outlines postmarket strategies for the medical device industry to monitor, identify and address cybersecurity risks that could affect the performance and safety of their technology offerings, the FDA said Friday.
“Medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities,” said Suzanne Schwartz, acting director of emergency preparedness/operations and medical countermeasures at FDA’s Center for Devices and Radiological Health.
“Only when we work collaboratively and openly in a trusted environment, will we be able to best protect patient safety and stay ahead of cybersecurity threats,” Schwartz added.
The agency recommended that manufacturers integrate a National Institute of Standards and Technology-provided cybersecurity framework into their risk management efforts.
FDA will hold a public workshop on Wednesday and Thursday at the agency headquarters in Silver Spring, Maryland, to discuss medical device protection issues with industry.
