FDA Seeks Cybersecurity Assessments from Medical-device Makers
Friday, December 12, 2014
Source: Modern Healthcare
The Food and Drug Administration has issued final guidance asking medical-device manufacturers to address cybersecurity threats before and after their products are approved for sale. Cybersecurity is critical as medical devices increasingly connect with each other, the agency said.
The FDA said manufacturers should identify what information or other assets hackers might target and how they might get to it. The companies are asked to consider the tradeoffs between greater security and usability and determine the risk level associated with a particular threat. The agency recommends strategies that include limiting access through electronic authentication (such as passwords or biometric scans) and physical locks to prevent tampering, as well as different levels of access based on a user's role. For example, a technician might have more limited access to a program than a system administrator.