UPDATED 04:03 EST / DECEMBER 30 2016

INFRA

FDA issues advice to manufacturers on preventing medical device hacking

The Food and Drug Administration has released a set of recommendations for how device manufacturers should protect the security of Internet-connected medical devices.

One year in the making, the 30-page document encourages manufacturers to monitor their devices and software for vulnerabilities and to patch any issues as they are discovered.

“The best way to combat these threats is for manufacturers to consider cyber security throughout the total product life cycle of a device,” the FDA’s Suzanne B. Schwartz said in a blog post.In other words, manufacturers should build in cyber security controls when they design and develop the device to assure proper device performance in the face of cyber threats, and then they should continuously monitor and address cybersecurity concerns once the device is on the market and being used by patients.”

Specifically, the FDA recommends that manufacturers continually address the cybersecurity risks of marketed medical devices in a structured way, in particular:

  • monitoring and detecting cyber security vulnerabilities in their devices
  • understanding the threat level posed to a patient
  • establish best practice cyber security measures including working with researchers and other stakeholders, described as “coordinated vulnerability disclosure policy”
  • mitigation deployment including rolling out patches before vulnerabilities can be exploited.

While it’s easy to make jokes about tricky tickers – that is, a hackable pacemaker – there is a substantive risk with medical devices in an age when everything is connected.

“The capabilities of modern medical devices continue to radically transform the treatment of acute conditions as well as the management of chronic long-term disease. As these technologies evolve, so also do the threats to the security and reliability of these devices,” the ACM warned in an October research paper.

It may sound somewhat farfetched, but as recently as August, pacemakers, defibrillators and other medical devices made by St. Jude Medical were found to be vulnerable to potentially “catastrophic” cyberattacks.

Image credit: Steven Fruitsmaak/Wikimedia Commons/CC 3.0

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.