Load the Game

Medical technology cybersecurity guidelines published by the FDA

• Egon Kilin
• October 7th, 2014

Medical technology and high-tech medical equipment is becoming increasingly popular, with companies like HTC and Philips releasing monitoring and treatment devices that can help patients monitor their health metrics as well as treat illnesses. All is well so far, but since medical technology has to be connected to the internet in order to integrate its readings with healthcare providers, there exists a risk that all that private information may become vulnerable to cyber-attacks.

Medical technology is evolving fast nowadays, with artificial kidneys being developed as well as advanced monitoring systems like the HTC Tricorder suite and treatment technology from Philips. These devices need to connect to your smartphone or other media device in order to provide you with readings and statistics, and send them on to healthcare providers and your doctors for professional analysis. During that process, the data that medical technology gathers may become exposed to hackers searching for personal user information. In this respect, the FDA has warned that those who manufacture medical technology that connects to various apps and online platforms should take cybersecurity into consideration. They detail these recommendations in a document entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”.

The Food and Drug Administration agency has released a set of guidelines for manufacturers so that they can build medical technology that is secure and protected from cyber-attacks. The announcement doesn’t come unexpected, since there have been many incidents of security breaches at companies who used to pride themselves with their abilities to protect user data, such as iCloud, Target, AT&T, Yahoo, JPMorgan Chase and more. People and government agencies are getting worried that data might not be safe on the internet any longer, and that’s one of the reasons why the FDA has proposed guidelines for medical technology manufacturing, because health information should be the most secure data.

The FDA now suggests that manufacturers of medical technology should submit documentation identifying risks and mitigation strategies to the FDA. The agency also says that manufacturers should submit plans for updates and patches for medical software and operating systems, as well. The approval process of a medical gadget and its time line will not suffer any changes, tough. The main idea behind the guidelines for the production of medical technology is that manufacturers should consider malware infections, unsecured or uncontrolled distribution of passwords, timely security updates and prevention of unauthorized access to medical devices when designing their gadgets.

We are a long way from secure medical technology, but the FDA is taking a step forward with these new guidelines and the medical industry is beginning to implement increased security measures so that they can protect patient and industry information as well. These guidelines are not yet regulations, so there’s no obligation for manufacturers to put the guidelines into practice, but we hope this will change in the future.