MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » FDA to step-up cybersecurity scrutiny in med device clearances

FDA to step-up cybersecurity scrutiny in med device clearances

By Leave a Comment

FDA 3D printing

The FDA is taking steps to increase its scrutiny of efforts taken by medical device developers to limit cybersecurity vulnerabilities in their connected products, but may need to take extra steps, according to a newly released report from the US Dept. of Health and Human Services’ Office of Inspector General.

The report analyzed the FDA’s efforts to evaluate how secure devices are prior to approval, and found that the agency is taking a number of steps to do so, but could improve upon its current strategy.

The agency is currently following rules established in 2014 to assess the cybersecurity of devices it clears, according to the report, and consider known cybersecurity risks and threats when reviewing submissions. The federal watchdog said that it is also evaluating vulnerabilities identified from similar devices that have already been cleared during the process.

Despite the efforts, the report suggested that the agency could be asking questions earlier in the process and possibly adding cybersecurity to its “Refuse-To-Accept” checklist, alongside other steps to beef up its efforts to prevent outside agents from accessing medical devices.

“As the Federal agency responsible for assuring the safety and effectiveness of networked medical devices, FDA has taken steps to address emerging cybersecurity concerns. It has established an internal cybersecurity workgroup, issued guidance documents on medical device cybersecurity, conducted outreach activities to educate stakeholders, and has begun to request and review cybersecurity information in premarket submissions for networked medical devices. However, FDA could do more to integrate its assessment of cybersecurity for networked medical devices into its premarket review process. From our observations, FDA is making limited use of key tools that could support consistency, efficiency, and effectiveness in its premarket review of cybersecurity,” the OIG wrote in its report.

The OIG report suggests that the FDA could be using presubmission meetings to discuss networked devices and cybersecurity-related questions, which in turn would improve the cybersecurity information submitted to the FDA and cut down on review time.

The report also suggests that the agency include cybersecurity as a stand-alone element in its Smart template “to thoroughly consider cybersecurity in their review and provide a specific, dedicated section where they can explain the results of their review.”

The FDA agreed with all the recommendations, and said it has begun taking steps to implement them, according to the report.

Building Better Companies at DeviceTalks Minnesota

textadimage DeviceTalks Minnesota's leadership track is designed to provide attendees with insights on topics such as:
  • Navigating the path to market
  • Reimbursement
  • Winning regulatory approval
  • Corporate culture
  • Entering global markets
  • Leadership
Join industry leaders and medical device professionals at the most awaited medtech conference of the year, DeviceTalks Minnesota.

Use code SAVE15 to save 15%!

REGISTER NOW

In case you missed it

RSS From Medical Design & Outsourcing

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us
Add us on FacebookMassDevice Network
Follow us on Twitter@MassDevice
Connect with us on LinkedInLinkedIn
Follow us on YouTube YouTube