The US Food and Drug Administration (FDA) will convene a two-day public workshop in January to discuss ways that the agency can address what’s becoming a more imminent threat: the cybersecurity of medical devices.
The workshop comes five months since FDA issued its first safety communication on a device’s cybersecurity, raising concerns about the vulnerabilities of Hospira’s Symbiq infusion system, a computerized pump.
Suzanne Schwartz, who coordinates cybersecurity initiatives for the FDA’s Center for Devices and Radiological Health, told Bloomberg last month that that notice was “precedent-setting.”
In addition to that warning, last October, FDA released final guidance calling on device manufacturers to consider cybersecurity risks as part of the design and development of a medical device, and to submit documentation to the agency about the risks and controls that could mitigate those risks.
In collaboration with the National Health Information Sharing Analysis Center (NH-ISAC), the Department of Health and Human Services and the Department of Homeland Security, FDA will bring together stakeholders for the workshop, called “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity,” to discuss device cybersecurity challenges.
More specifically, FDA, which has previously gone so far as to encourage hackers to submit security bugs to the agency, says the workshop will discuss past collaborative efforts, existing frameworks used to benchmark a device company’s progress in securing devices, and other “unresolved gaps and challenges that have hampered progress” in the field.
The announcement of the workshop follows the Medical Imaging and Technology Alliance and National Electrical Manufacturers Association’s release a white paper on what companies should consider to “minimize the possibility that bugs, malware, viruses, or other exploits can be used to negatively impact product operation.”
The paper focuses on device security, communications security, responsible users and other resources.
Public Workshop – Moving Forward: Collaborative Approaches to Medical Device Cybersecurity, January 20-21, 2016