The FDA has submitted to Congress a Medical Device Safety Plan for increasing cybersecurity , including requirements that device manufacturers will have to adhere to. This action has been prompted by the risks to patients of vulnerabilities in current devices that could be exploited by hackers and cause injury, or even death.
In addition to adding requirements that manufacturers put focus on cybersecurity in the making of the devices and build the capability to update and patch device security into the design of the products, the Plan also proposes to:
- Establish a robust medical device patient safety net;
- Explore regulatory options to streamline and modernize timely implementation of post-market mitigations;
- Spur innovation toward safer medical devices;
- Integrate the FDA’s Center for Devices and Radiological Health’s pre-market and post-market offices and activities to advance the use of a “total product life cycle” approach to device safety.
In addition, the FDA says it’s also considering new post-market authority to require that firms adopt policies and procedures for coordinated disclosure of vulnerabilities as they are identified. A software bill of materials would also have to be provided to the agency as part of the device maker’s pre-market submission.
If this Plan is put into place, it will not only make patients safer, it will also greatly aid the struggle to maintain patching of vulnerabilities in the healthcare sector where many of these devices exist on their networks.