FDA to weigh in on cybersecurity concerns

Amid growing concern over the cybersecurity of medical devices, the FDA is weighing in on the issue and addressing product safety at an upcoming conference.

As The Washington Post reports, the agency will hold a workshop on Oct. 21-22 in collaboration with the Department of Homeland Security to discuss potential threats and ways to beef up cybersecurity. The meeting will include medical device manufacturers, cybersecurity researchers and government officials, and will touch on themes such as the interconnectivity of medical devices, developing a shared risk-assessment framework, and developing tools and shared standards to build a comprehensive cybersecurity program, the FDA said in a statement. The agency will take comments on issues raised at the workshop until Nov. 24.

The conference builds on the agency's previous efforts to strengthen its oversight of medical devices, as last year the FDA proposed tighter regulations for manufacturers. In draft guidance issued last June, the agency asked device makers to demonstrate how they would keep their products safe from hackers and update software to ensure safety standards. The FDA said it would weigh the information alongside clinical trials during the PMA process and potentially reject a device if its cybersecurity was not up to par.

Regulatory action also comes on the heels of change within the industry, as device makers face an influx of threats from external hackers. In June, Medtronic ($MDT) revealed that it was the target of a cyberattack in 2013 and that it lost patient records on a separate occasion. Rumors had circulated in February that the med tech giant, along with rivals Boston Scientific ($BSX) and St. Jude Medical ($STJ), were hit with a "very thorough" cyberattack that possibly originated in China, the San Francisco Chronicle reported.

Jay Radcliffe

Meanwhile, companies are heeding consumers' concerns and instituting new security measures to protect their devices from cybersecurity breaches. In 2011, Jay Radcliffe created buzz when he demonstrated that he could rig his Medtronic insulin pump with radio waves to deliver fatal doses. After initially dismissing his claims, the company then invited Radcliffe to speak with its head of privacy and security in a public forum.

Radcliffe, who currently works at cybersecurity firm Rapid7, told the Washington Post that cybersecurity will become increasingly important as patients begin to monitor their health information from smartphones.

"The problem right now is in its infancy stage, the real concern comes with the next generation of devices--they're going to have Bluetooth, and that opens up a larger amount of risk," Radcliffe said.

- read the Washington Post article
- here's the FDA announcement

Suggested Articles

InterVene secured $15 million to validate its catheter-based treatment for correcting failed one-way valves in the veins of the legs.

LabCorp, Philips and Mount Sinai are coming together to develop an AI-driven pathology center of excellence, aimed initially at cancer diagnosis.

The FDA followed through with plans to end its Alternative Summary Reporting program, making 20 years’ worth of device safety data publicly available.