Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Awards
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
    • Women in Healthcare
    • - Luminaries
    • - Top 25 Diversity Leaders
    • - Leaders to Watch
    • - Luminaries
    • - Top 25 Women Leaders
    • - Women to Watch
  • Events
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Custom Media Event: ESG Summit
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Social Determinants of Health Symposium
    • Leadership Symposium
    • Health Care Hall of Fame Gala
    • Top 25 Women Leaders Gala
    • Best Places to Work Awards Gala
    • Top 25 Diversity Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Strategic Marketing
    • - Virtual Health
  • Listen
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Cybersecurity
April 07, 2022 02:26 PM

FDA seeks input on new medical device cybersecurity guidance

Jessica Kim Cohen
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Copy of 012521-Regionals-cybersecurity-data-hacking_2_i_i.jpg
    MH Illustration/Getty images

    The Food and Drug Administration on Thursday released draft guidance on cybersecurity considerations for medical devicemakers submitting materials for premarket review, a step toward updating guidance released seven years ago.

    The proposal, which replaces an earlier draft the FDA released in 2018, would add expectations related to software development and transparency for medical devices that incorporate software. The FDA is seeking feedback from the public on the proposal.

    Once finalized, the new guidance would replace premarket guidance for medical device cybersecurity last updated in 2014.

    "Given the rapidly evolving device cybersecurity landscape, FDA is issuing this draft guidance … to further emphasize the importance of ensuring that devices are designed securely, are designed to be capable of mitigating emerging cybersecurity risks throughout the total product life cycle, and to clearly outline FDA's recommendations for premarket submission content to address cybersecurity concerns, including device labeling," the FDA said in its notice in the Federal Register.

    The FDA's premarket guidances set expectations for how device manufacturers should design and label products—as well as what documentation they should provide on their design and development work—when submitting information to the agency for premarket review to ensure they meet the agency's standards.

    The FDA last released postmarket guidance for managing medical device cybersecurity in 2016.

    The latest draft guidance recommends devicemakers adopt a "secure product framework"—a set of software development practices that prioritize security—to identify and reduce vulnerabilities throughout the product development lifecycle. That includes assessing risks as new cybersecurity threats are discovered after a product's been released.

    The guidance also would set recommendations on what cybersecurity documentation devicemakers should submit with applications for investigational device exemptions in clinical trials.

    It also recommends creating a "software bill of materials" for each medical device, building on its 2018 predecessor's recommendation for a "cybersecurity bill of materials." A software bill of materials would document all software components in a device, including proprietary software developed by the manufacturer and third-party commercial and open-source software.

    The federal government has published 110 advisories on medical device vulnerabilities disclosed by medical device manufacturers since the FDA released its 2016 post-market guidance, according to data compiled by cybersecurity company MedCrypt and released last month.

    Such vulnerabilities can be dangerous for hospitals and patients, since medical devices connected to the internet or internal hospital networks can be hacked, be disrupted during the course of a ransomware attack or provide a window for cybercriminals to enter a hospital's broader network and steal data, according to cybersecurity experts. Cyberattacks can disrupt medical care by delaying procedures or forcing patient diversions.

    The FDA's new proposal on premarket submissions highlighted the 2017 WannaCry ransomware attack that infected computers and devices worldwide—including some radiology equipment—as an example of a cyberattack that affected hospitals and medical devices.

    "Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the U.S. and globally," the draft guidance stated. "Such cyber attacks and exploits may lead to patient harm as a result of clinical hazards, such as delay in diagnoses and/or treatment."

    The FDA is accepting feedback on the draft guidance through July 7, after which the agency said it will begin work on a final version.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    cybersecurity_i.jpg
    700K patients involved in Arizona hospital cybersecurity incident
    cybersecurity-data-hacking_2_i.png
    2 million affected in Shields Health Care Group cyberattack
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Nominate/Eligibility
      • 100 Most Influential People
      • 50 Most Influential Clinical Executives
      • Best Places to Work in Healthcare
      • Excellence in Governance
      • Health Care Hall of Fame
      • Healthcare Marketing Impact Awards
      • Top 25 Emerging Leaders
      • Top 25 Innovators
      • Diversity in Healthcare
        • - Luminaries
        • - Top 25 Diversity Leaders
        • - Leaders to Watch
      • Women in Healthcare
        • - Luminaries
        • - Top 25 Women Leaders
        • - Women to Watch
    • Events
      • Conferences
        • Transformation Summit
        • Women Leaders in Healthcare Conference
        • Social Determinants of Health Symposium
        • Leadership Symposium
      • Galas
        • Health Care Hall of Fame Gala
        • Top 25 Women Leaders Gala
        • Best Places to Work Awards Gala
        • Top 25 Diversity Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Strategic Marketing
        • - Virtual Health
      • Webinars
      • Custom Media Event: ESG Summit
    • Listen
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing