FDA News: New Security Guidelines For Pacemakers
Jomst C.The U.S. Food and Drug Authority has released a set of guidelines for keeping medical devices secure from jeopardy and to ensure safety and privacy of the users. The "Postmarket Management of Cybersecurity in Medical Devices" report discusses the importance of device security and reiterating that cyber security is a continuous effort of maintenance and periodical software updates.
Notably, the steps contained in the report are identified as "nonbinding recommendations," implying that the recommendation is just advisory, the maintenance of the devices is still up to the user.
Dr. Suzanne Schwartz, Associate Director for Science and Strategic Partnerships at the FDA's Center for Devices and Radiologic Health, has noted in a supporting blog post that the industry is at a huge risk. She said that most of the medical devices used currently are either connected to a hospital network or users' home network. Technological advances in patient care are significant and the risk in cyber security is also growing. Security breaches can affect a device's functionality and performance.
The blog also said that manufacturers should also take into account cybersecurity when designing and developing devices to assure device performance against threats. Continuous monitoring and prevention of cyber security concerns is a must once the device is sold in the market and is already in use.
Compared to non-medical devices that periodically receives software updates, devices such as pacemakers and defibrillators are usually left alone once it is in the market, making it an easy target for attackers. Aside from tampering with the device's functionality, the identity of the user could also be stolen by database thieves.
Poorly secured networks, where these devices are linked, can be easily breached. According to the United States Department of Health and Human Services, there have been more than 1,700 data breaches since 2009 that affected more than 500 individuals. In addition, those, the unnoticed, not reported and unlisted attacks were much higher.
The FDA cited worst-case scenarios resulting from software vulnerabilities and how it can be managed. When a manufacturer gets the information that there is a vulnerability on their device, the manufacturer should immediately communicate with the customers and the user community about the vulnerability, not later than 30 days. They should also inform users about the remediation plan to lessen the risk to acceptable levels and identify the interim compensating controls.
The manufacturer should fix the issue, validate it and roll out the fix to the users and the community within two months of learning about the problem.
IoT home devices are well-known for powering botnets, capable of taking huge parts of the internet offline with DDoS attacks. Medical devices, when hacked, becomes literally life threatening, a threat so great that the FBI released a formal warning about remote exploits.
The real issue, at the end of the day, is enforcement of the said guidelines, and the speed of action when such vulnerabilities are found, especially from the side of the manufacturers. Hopefully, manufacturers should start following the recommendations and release fixes faster, not until a major security incident happens.
most read
related stories
more stories from News
T-Mobile unveils new 5G internet plans, promising enhanced home and travel connectivity for customers seeking high-speed internet on the go.
ernest hamiltonHuawei sets sights on global expansion with HarmonyOS, aiming to rival Android and iOS in the competitive mobile operating system market.
ernest hamiltonStay ahead with the latest updates! Apple rolls out third betas for iOS 17.5 and iPadOS 17.5, bringing exciting app ecosystem changes and new features.
ernest hamiltonBillie Eilish fans, get ready! The iconic singer will be performing live at the Fortnite Festival this week. Don't miss out!
ernest hamiltonMoondrop, known for audiophile gear, teases its inaugural smartphone, the MIAD 01, promising a unique blend of audio excellence and mobile technology.
ernest hamiltonAndroid 15 aims to streamline notification channels by hiding unused ones, enhancing user experience and decluttering notification settings.
ernest hamiltonDolphiniOS developers shed light on why the GameCube and Wii emulator won't be available in the App Store.
ernest hamiltonGet your screen fixed! Galaxy S21 and S22 owners in India facing the green line issue can now enjoy free screen replacements. Don't miss out on this offer!
ernest hamilton