FDA News: New Security Guidelines For Pacemakers
Jomst C.The U.S. Food and Drug Authority has released a set of guidelines for keeping medical devices secure from jeopardy and to ensure safety and privacy of the users. The "Postmarket Management of Cybersecurity in Medical Devices" report discusses the importance of device security and reiterating that cyber security is a continuous effort of maintenance and periodical software updates.
Notably, the steps contained in the report are identified as "nonbinding recommendations," implying that the recommendation is just advisory, the maintenance of the devices is still up to the user.
Dr. Suzanne Schwartz, Associate Director for Science and Strategic Partnerships at the FDA's Center for Devices and Radiologic Health, has noted in a supporting blog post that the industry is at a huge risk. She said that most of the medical devices used currently are either connected to a hospital network or users' home network. Technological advances in patient care are significant and the risk in cyber security is also growing. Security breaches can affect a device's functionality and performance.
The blog also said that manufacturers should also take into account cybersecurity when designing and developing devices to assure device performance against threats. Continuous monitoring and prevention of cyber security concerns is a must once the device is sold in the market and is already in use.
Compared to non-medical devices that periodically receives software updates, devices such as pacemakers and defibrillators are usually left alone once it is in the market, making it an easy target for attackers. Aside from tampering with the device's functionality, the identity of the user could also be stolen by database thieves.
Poorly secured networks, where these devices are linked, can be easily breached. According to the United States Department of Health and Human Services, there have been more than 1,700 data breaches since 2009 that affected more than 500 individuals. In addition, those, the unnoticed, not reported and unlisted attacks were much higher.
The FDA cited worst-case scenarios resulting from software vulnerabilities and how it can be managed. When a manufacturer gets the information that there is a vulnerability on their device, the manufacturer should immediately communicate with the customers and the user community about the vulnerability, not later than 30 days. They should also inform users about the remediation plan to lessen the risk to acceptable levels and identify the interim compensating controls.
The manufacturer should fix the issue, validate it and roll out the fix to the users and the community within two months of learning about the problem.
IoT home devices are well-known for powering botnets, capable of taking huge parts of the internet offline with DDoS attacks. Medical devices, when hacked, becomes literally life threatening, a threat so great that the FBI released a formal warning about remote exploits.
The real issue, at the end of the day, is enforcement of the said guidelines, and the speed of action when such vulnerabilities are found, especially from the side of the manufacturers. Hopefully, manufacturers should start following the recommendations and release fixes faster, not until a major security incident happens.
most read
related stories
more stories from News
Experience AI-enhanced One UI 6.1 on your Galaxy Z Fold 4. Upgrade now for smarter interactions and enhanced user experience!
ernest hamiltonBumble's dynamic shift: Women no longer need to make the first move. Explore automated conversation starters and new dynamics!
ernest hamiltonDiscover the latest leaked specs for the Sony Xperia 1 VI, including cameras, chipset, and battery details. Stay updated!
ernest hamiltonThe Rabbit R1 appears to be just an Android app, despite earlier speculations. Read more about Rabbit's denial.
ernest hamiltonGoogle introduces a playful twist to calls with audio emojis, including a fart button. Discover the fun!
ernest hamiltonDiscover how Apple's Safari AI upgrade is revolutionizing browsing. Click to stay ahead with the latest tech insights!
ernest hamiltonStay updated on Apple's efforts to fix iPhone alarm silence bug. Read more for the latest on this critical issue!
ernest hamiltonGoogle transitions Fitbit Pay to Google Wallet worldwide, streamlining payment experiences. Stay informed on this significant development!
ernest hamilton