FDA calls for increased health IT cybersecurity efforts

With hackers and cyberattacks increasing as threats to medical devices, the U.S. Food and Drug Administration this week published new guidance calling for developers and healthcare facilities to beef up security efforts while creating and using those devices.

In its guidelines, the FDA recommended that all device manufacturers work to:

  • Limit unauthorized device access to only trusted users
  • Protect individual components from exploitation
  • Craft strategies for active security protections appropriate for a device's use environment
  • Provide methods for retention and recovery following security breakdowns

For healthcare facilities, the FDA's recommendations included:

  • Restricting unauthorized access to networks and medical devices, and tracking network activity, just in case
  • Updating antivirus and firewall efforts, as well as security patches
  • Creating and evaluating strategies for maintaining functionality during adverse events

"We are aware of hundreds of medical devices that have been infected by malware," Bill Maisel, deputy director for science at FDA's Center for Device and Radiological Health, told the Wall Street Journal. "It's not difficult to imagine how these types of events could lead to patient harm."

A Government Accountability Office report published last summer called on FDA to pay more attention to the information security risks for implantable electronic medical devices such as heart defibrillators and insulin pumps. At that time, FDA officials said they already had started taking steps toward fulfilling GAO's recommendations of creating a formal plan to expand its focus on IS risks.

In an interview with FierceEMR in April 2012, Dale Nordenberg--co-founder and executive director of the Medical Device Innovation, Safety and Security Consortium--called medical device cybersecurity an "emerging problem."

To learn more:
- here's the FDA's guidance
- read the Wall Street Journal article

Suggested Articles

Nearly 10,000 patients involved in research studies were impacted by a third-party privacy breach that may have exposed their medical diagnoses.

Veterans Health Administration medical facilities currently have a paper medical record backlog that if stacked up would be 5.15 miles high, according to the…

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.