The Food and Drug Administration has issued a final set of guidelines meant to help manufacturers secure medical devices from postmarket cyber vulnerabilities.
Suzanne Schwartz, associate director for science and strategic partnerships at the FDA’s Center for Devices and Radiological Health, wrote in a blog post published Tuesday that the guidance complements a guide on medical device premarket cybersecurity issued in October 2014.
With the new final guidance, the FDA also recommends several steps for manufacturers to address the cybersecurity risks facing medical devices in the market.
The agency calls on medical device manufacturers to implement a structured program to respond to cybersecurity risks and put in place a method for detecting vulnerabilities in their devices.
Manufacturers should also assess cyber risk level to patient safety, coordinate with cybersecurity researchers and other stakeholders for cyber threat intelligence and mitigate cyber attacks before they occur.
“This approach enables manufacturers to focus on continuous quality improvement, which is essential to ensuring the safety and effectiveness of medical devices at all stages in the device’s lifecycle,” Schwartz writes.