FDA stresses importance of cybersecurity for networked medical devices
The FDA has issued a reminder that protecting medical devices and associated communication networks from cybersecurity risks is a shared responsibility between medical device manufacturers and users.
The FDA emphasized that all software changes made with the intention of protecting against cybersecurity threats should be authorized prior to installation to avoid affecting the safety or effectiveness of the medical device.
The agency also highlighted the importance of medical device manufacturers and user facilities working together to eliminate threats in a timely fashion.
Taking action is the first step in eliminating cybersecurity threats, stated the FDA.
Suggested actions in safeguarding medical devices include making sure all anti-virus software and firewalls are up-to-date and equipment is virus-free before installation into any medical devices.
In addition, all updates and patches, including operating systems, should be validated before installation. Medical device users should also contact the device manufacturer in the case of suspected cybersecurity issues, as it is part of the obligation of the manufacturer.
The FDA emphasized that all software changes made with the intention of protecting against cybersecurity threats should be authorized prior to installation to avoid affecting the safety or effectiveness of the medical device.
The agency also highlighted the importance of medical device manufacturers and user facilities working together to eliminate threats in a timely fashion.
Taking action is the first step in eliminating cybersecurity threats, stated the FDA.
Suggested actions in safeguarding medical devices include making sure all anti-virus software and firewalls are up-to-date and equipment is virus-free before installation into any medical devices.
In addition, all updates and patches, including operating systems, should be validated before installation. Medical device users should also contact the device manufacturer in the case of suspected cybersecurity issues, as it is part of the obligation of the manufacturer.