FDA device guidance: Start with NIST cyber framework

Organizations should Implement a proactive, comprehensive risk management program, the FDA said in a webinar yesterday.

The FDA dug into some of the details of its final guidance on medical device security in a webinar yesterday, explaining the organization’s approach to cybersecurity and risk assessment.

The agency published its final guidance on the postmarket management of cybersecurity threats in medical devices late last month. The recommendations apply to medical devices that use software, including programmable logic and software that is regulated as a medical device, including mobile medical apps.

RELATED: FDA lays out postmarket medical device cybersecurity recs in final guidance


Key Realities Pushing Healthcare Into a Digital Future

Paper forms, contracts, and documents are the quicksand that bogs down both patient care and provider business. However, that does not have to be the case. Download this whitepaper to learn the three key realities that are pushing healthcare past paper-based processes and into a digital, more streamlined future.

Organizations should implement a proactive, comprehensive risk management program, starting with applying the National Institute of Standards and Technology (NIST) Framework to Strengthen Critical Infrastructure Cybersecurity, according to the presentation (PDF).

The updated draft guidelines the NIST released this week include specific updates about cybersecurity metrics, considerations for supply chain risk management and common terminology used to communicate with outside partners and vendors.

RELATED: NIST updates outline first-ever cybersecurity measurements

According to the FDA, organizations should:

  • Establish and communicate processes for vulnerability intake and handling
  • Adopt a coordinated disclosure policy and practice
  • Deploy mitigations that address cybersecurity risk early and prior to exploitation
  • Engage in collaborative information sharing for cyber vulnerabilities and threats

RELATED: FDA to prioritize role of med device big data, cybersecurity in 2017

Suggested Articles

Payers and providers have made significant investments in digitizing the healthcare system but have yet to see a return on that investment.

The Trump administration is appealing a judge’s decision to block its plan to force drug companies to include list prices in television advertisements. 

Fewer than 4 in 10 health systems can successfully share data with other health systems, which presents a number of challenges.