You are probably well aware of the need for cybersecurity when using your laptop, smartphone and other devices. What you may not consider is that medical devices inside or outside of your body are also at risk from hackers.
If a cybercriminal targeted the kind of medical device you use, that could mean you might receive the wrong medication or have to undergo unneeded testing. The Food and Drug Administration (FDA) is now proposing regulations for minimizing cybersecurity threats pertaining to medical devices.
Among the medical devices deemed most vulnerable to a cyberattack are insulin pumps, cardiac pacemakers, imaging devices, and any devices connected to the Internet of Things (IoT).
Additionally, in danger are products communicating with central servers. If hit by malware or ransomware, this could leave physicians without the dates necessary to make decisions regarding patient health and treatment.
Currently, the FDA regulates nearly 200,000 different medical devices, manufactured by over 18,000 firms in more than 21,000 medical device facilities around the globe. The FDA, though its Medical Device Safety Plan, intends to focus on establishing a strong medical device safety net in the United States, which includes spurring innovation toward safer devices and advancing medical device cybersecurity.
Before the device is marketed, the FDA requires cybersecurity needs included in the product’s design and development. That includes capabilities of timely device updating and patching. Once a device is marketed, risk-management planning is necessary to deal with any emerging issues and reducing future risk factors.
In 2016, the FDA issued guidance to manufacturers emphasizing that they must take a proactive approach to cybersecurity issues throughout the entire life cycle of a medical device. That includes regular maintenance, monitoring, possible issue identification, and taking the appropriate action to address vulnerabilities. The FDA notes that post-market cybersecurity depends on the sharing of cybersecurity risk information by all members of the medical device community.
The FDA itself works with the Department of Homeland Security (DHS) on potential cyber risks that could impact medical devices. The collaboration between the FDA and DHS should lead to improved response time to any possible patient safety threats. Cooperation between the two agencies is intended to lead to better and more timely responses to potential threats to patient safety.
For manufacturers, the benefits of this FDA policy include helping them stop the need for recalls due to compromised device components. The FDA is considering a similar “Software Bill of Materials,” which a manufacturer must submit to the agency as part of its early submission, so that it is known from the beginning which parts of their devices may be vulnerable to hacking.
In turn, this information permits better management of all networked assets. Such a “bill” would also prove useful if a device requires post-marketing mitigation of a cyber vulnerability.
If you or a loved one has been injured by a defective medical device, you need the services of the experienced Philadelphia defective medical product lawyers at Brookman, Rosenberg, Brown & Sandler. We fight hard to protect your rights and get you the compensation that you deserve. Call us today at 215-569-4000 or complete our online form. From our Philadelphia offices we assist clients in Philadelphia County, Delaware County, Chester County, Pennsylvania, and New Jersey.