With technology advancing and medical devices increasingly being connected with hospital networks and other devices, the threat of cybersecurity is growing. To address the problem, the U.S. Food and Drug Administration will be teaming up with the U.S. Department of Homeland Security in a joint effort to ensure the devices receive adequate protection from security threats and patient privacy is not at risk.
Teaming Up to Address Cybersecurity Concerns
The agreement ushers in a new era of cooperation between the FDA’s Center for Devices and Radiological Health (CDRH) and the DHS’ Office of Cybersecurity and Communications (OCC) and will generate a quicker and better response to potential intrusions against patient safety. While the FDA has been working diligently to develop programs aimed at combatting medical device cybersecurity concerns, it doesn’t have the resources to address the full spectrum of concerns by itself. A partnership with the DHS allows the groups to share information and work together to proactively stay ahead of ever-evolving cybersecurity vulnerabilities in the health care industry.
“Securing medical devices from cybersecurity threats cannot be achieved by one government agency alone,” explains FDA Commissioner Scott Gottlieb, M.D. “Every stakeholder has a unique role to play in addressing these modern challenges.”
The intent of this partnership is to expand inter-agency collaboration in order to increase the knowledge that is shared regarding cybersecurity threats, real or possible, and coordinating to address vulnerabilities in a timely fashion. They will also share technical capabilities and coordinate device testing.
The agreement states that DHS will hold responsibility for assembling and sharing information on cybersecurity vulnerabilities with a group of stakeholders that includes medical device manufacturers, researchers, and the FDA. The latter agency, in turn, will provide regular planned and emergency coordination calls with DHS and inform them of risks to patient health and potentially harmful cybersecurity threats and vulnerabilities.
This is not the first time the two agencies have worked together to address medical device cybersecurity. They have already bolstered vulnerability disclosures, providing valuable technical information to medical device manufacturers that allows them to quickly respond to threats in areas where their products are vulnerable. They have also collaborated on reviews of DHS-sponsored simulation exercises based on cybersecurity attacks and their responses to these threats.