FDA to weigh in on cybersecurity concerns

Amid growing concern over the cybersecurity of medical devices, the FDA is weighing in on the issue and addressing product safety at an upcoming conference.

As The Washington Post reports, the agency will hold a workshop on Oct. 21-22 in collaboration with the Department of Homeland Security to discuss potential threats and ways to beef up cybersecurity. The meeting will include medical device manufacturers, cybersecurity researchers and government officials, and will touch on themes such as the interconnectivity of medical devices, developing a shared risk-assessment framework, and developing tools and shared standards to build a comprehensive cybersecurity program, the FDA said in a statement. The agency will take comments on issues raised at the workshop until Nov. 24.

The conference builds on the agency's previous efforts to strengthen its oversight of medical devices, as last year the FDA proposed tighter regulations for manufacturers. In draft guidance issued last June, the agency asked device makers to demonstrate how they would keep their products safe from hackers and update software to ensure safety standards. The FDA said it would weigh the information alongside clinical trials during the PMA process and potentially reject a device if its cybersecurity was not up to par.

Regulatory action also comes on the heels of change within the industry, as device makers face an influx of threats from external hackers. In June, Medtronic ($MDT) revealed that it was the target of a cyberattack in 2013 and that it lost patient records on a separate occasion. Rumors had circulated in February that the med tech giant, along with rivals Boston Scientific ($BSX) and St. Jude Medical ($STJ), were hit with a "very thorough" cyberattack that possibly originated in China, the San Francisco Chronicle reported.

Jay Radcliffe

Meanwhile, companies are heeding consumers' concerns and instituting new security measures to protect their devices from cybersecurity breaches. In 2011, Jay Radcliffe created buzz when he demonstrated that he could rig his Medtronic insulin pump with radio waves to deliver fatal doses. After initially dismissing his claims, the company then invited Radcliffe to speak with its head of privacy and security in a public forum.

Radcliffe, who currently works at cybersecurity firm Rapid7, told the Washington Post that cybersecurity will become increasingly important as patients begin to monitor their health information from smartphones.

"The problem right now is in its infancy stage, the real concern comes with the next generation of devices--they're going to have Bluetooth, and that opens up a larger amount of risk," Radcliffe said.

- read the Washington Post article
- here's the FDA announcement

Suggested Articles

Johnson & Johnson Vision announced that the worldwide president of its surgical business, Tom Frinzi, plans to retire at the end of this year.

Philips looked back on 15 years of data from one of its telehealth-equipped intensive care units, where centralizing operations reduced mortality.

Sanofi will look to pull back from its three-year-old relationship with Verily and their virtual diabetes clinic, Onduo.