The FDA said yesterday that it is partnering with the U.S. Department of Homeland Security seeking to jointly improve cybersecurity in medical devices.
The two agencies inked a memorandum of agreement looking to implement a new framework that will improve coordination and cooperation between the two bodies, according to the release.
Through the agreement, both agencies will look to share information and coordinate on potential or confirmed medical device cybersecurity vulnerabilities and threats in hopes that the they will be better equipped to handle such threats to patient safety in a timely manner, according to the release.
“As innovation in medical devices advances and more devices are connected to hospital networks or to other devices, ensuring that devices are adequately protected against cyber intrusions is paramount to protecting patients. The FDA has been proactive in developing a robust program to address medical device cybersecurity concerns. But we also know that securing medical devices from cybersecurity threats cannot be achieved by one government agency alone. Every stakeholder has a unique role to play in addressing these modern challenges. That’s why this announcement is so important. Our strengthened partnership with DHS will help our two agencies share information and better collaborate to stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities and assist the health care sector in being well positioned to proactively respond when cyber vulnerabilities are identified. This agreement demonstrates our commitment to confronting cybersecurity risks and the unscrupulous cybercriminals who may seek to put patient lives at risk,” FDA Commissioner Dr. Scott Gottlieb said in a press release.
Both agencies have previously worked together on cybersecurity in medical devices, specifically on the disclosure of vulnerabilities within devices, according to the release. The groups have also coordinated on planning, executing and conducting after-action reviews simulating real-world cybersecurity attacks intended to allow both industry groups and the government improve their responses to such threats.
Through the new deal, the DHS will continue to serve as the central medical device vulnerability coordination center, while the FDA will engage in regular, ad hoc and emergency coordination calls with the DHS and provide expertise regarding medical devices and patient safety risks.
“Ensuring our ability to identify, address and mitigate vulnerabilities in medical devices is a top priority, which is why DHS depends on our important partnership with the FDA to collaborate and provide actionable information. This agreement is another important step in our collaboration. DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country. DHS has enjoyed a great working relationship with the FDA for several years and look forward to this agreement making that working relationship even stronger and more effective,” Undersecretary for the National Protection and Programs Directorate at DHS Christopher Krebs said in an official release.
The agreement is a formalization of a long-standing relationship between both groups, and serves as a renewal of their commitment to identifying and addressing cybersecurity vulnerabilities.