FDA to med device makers: We must work together on security


The U.S. Food and Drug Administration and manufacturers must work together to fix security flaws in medical devices, Seth Carmody, cybersecurity project manager with the FDA, told healthcare executives at a Minneapolis convention Monday.

“This isn't about the FDA being your adversary," Carmody told an audience at the medical device industry conference AdvaMed 2016, the Star Tribune reports. "This is not about you being compliant. This is about the other adversaries that we know exist out there, and working together so we can protect this critical infrastructure."

Carmody said he had fielded calls from device makers’ security pros who wanted to have an “informal chat” with the FDA, but others within their organizations had warned them against sharing information with the federal agency. That, he said, indicates the need for cultural change in that mindset.

“Cybersecurity is going to be a group effort, a whole community approach," Carmody said.

He pointed out that device makers soon might have more security investigators knocking on their doors as changes to the Digital Millennium Copyright Act, due to go into effect next month, allow the public to legally search for and report security vulnerabilities.

In just the past few months, cybersecurity vulnerabilities have made headlines, with Johnson & Johnson self-reporting risks associated with its Animas One Touch Ping insulin pump, and investment firm Muddy Waters reporting issues with implantable heart devices made by St. Jude Medical. However, St. Jude calls those allegations false and has sued for defamation.

Still, St. Jude just announced this week the formation of a medical advisory board focused on cybersecurity issues. It said its own security pros, as well as outside experts, will work together on the new panel, Reuters reports.

Suggested Articles

Major legislation to tackle surprise medical bills has a win for providers in an arbitration backstop for out-of-network charges.

Banner Health has agreed to pay up to $6 million to victims of a 2016 data breach as part of a proposed settlement, according to court documents.

Fitness tracker company Fitbit is teaming up with a Medicaid plan in Georgia to encourage beneficiaries to better manage their chronic conditions.