INFRA
INFRA
INFRA
FDA issues advice to manufacturers on preventing medical device hacking
The Food and Drug Administration has released a set of recommendations for how device manufacturers should protect the security of Internet-connected medical devices.
One year in the making, the 30-page document encourages manufacturers to monitor their devices and software for vulnerabilities and to patch any issues as they are discovered.
“The best way to combat these threats is for manufacturers to consider cyber security throughout the total product life cycle of a device,” the FDA’s Suzanne B. Schwartz said in a blog post. “In other words, manufacturers should build in cyber security controls when they design and develop the device to assure proper device performance in the face of cyber threats, and then they should continuously monitor and address cybersecurity concerns once the device is on the market and being used by patients.”
Specifically, the FDA recommends that manufacturers continually address the cybersecurity risks of marketed medical devices in a structured way, in particular:
- monitoring and detecting cyber security vulnerabilities in their devices
- understanding the threat level posed to a patient
- establish best practice cyber security measures including working with researchers and other stakeholders, described as “coordinated vulnerability disclosure policy”
- mitigation deployment including rolling out patches before vulnerabilities can be exploited.
While it’s easy to make jokes about tricky tickers – that is, a hackable pacemaker – there is a substantive risk with medical devices in an age when everything is connected.
“The capabilities of modern medical devices continue to radically transform the treatment of acute conditions as well as the management of chronic long-term disease. As these technologies evolve, so also do the threats to the security and reliability of these devices,” the ACM warned in an October research paper.
It may sound somewhat farfetched, but as recently as August, pacemakers, defibrillators and other medical devices made by St. Jude Medical were found to be vulnerable to potentially “catastrophic” cyberattacks.
Image credit: Steven Fruitsmaak/Wikimedia Commons/CC 3.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
