The Food and Drug Administration has finalized recommendations for how manufacturers should work to mitigate cybersecurity risks associated with medical tech, a move that seeks to avoid the compromise of patient information.

The FDA says it's concerned about vulnerabilities in devices and software that can be used to access patient data, including mobile devices and computers.

"As medical devices become more interconnected and interoperable, they can improve the care patients receive and create efficiencies in the health care system," says the FDA. "Some medical devices, like computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device."

The FDA wants manufacturers and developers to consider security in the design and lay out plans detailing how they would patch software if a device or a program falls vulnerable to malware and other security threats. The FDA says its new guidelines are an act of prudence, as it has no knowledge of any current threats targeting medical software or hardware.

"The FDA has neither an indication that specific devices or systems have been purposely targeted, nor reports that any patients have been harmed as a result of cybersecurity breaches, but remains concerned about device-related cybersecurity vulnerabilities and their potential to adversely impact public health," says the FDA.

The FDA hopes to take further steps in maintaining the digital security of medical devices by conducting an Oct. 21 workshop entitled, "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." Some of the topics the workshop will cover include overcoming shared and perceived barriers to networking hospitals, developing a shared risk framework, and pinpointing cybersecurity challenges for networking legacy equipment.

A threat-proof medical device doesn't exist, according to Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the FDA's Center for Devices and Radiological Health.

"It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks," says Schwartz.

As Apple and IBM prepare to move deep into the heart of the health care industry and health information systems cautiously continue to network with one another, patient information becomes a much larger and more attainable target for hackers.

The FDA's foresight is timely. In late June, hackers found a way into the servers of Montana's Department of Public Health and Human Services. The intrusion compromised the health records of approximately 1.3 billion people, exposing data that included Social Security numbers and information related to the health services the individuals requested form the department. 

ⓒ 2021 All rights reserved. Do not reproduce without permission.