WASHINGTON – Industry experts welcome the U.S. Food and Drug Administration’s greater emphasis on cybersecurity, in the wake of a report by the Office of the Inspector General that found the agency could be doing more to ensure the safety of medical devices during its premarket approval process.
“This is an important step in ensuring the safety and security of medical devices,” said Jonathan Langer, CEO and co-founder of Medigate, providers of a medical device security platform. “This will serve to spark further awareness of medical device security best practices throughout the industry.”
The FDA concurred with the OIG’s recommendations, which include: promoting the use of presubmission meetings to address cybersecurity-related questions; using cybersecurity documentation as a criterion in its Refuse-To-Accept checklist; and using cybersecurity as an element in the Smart template that FDA reviewers use during their substantive review.
The OIG conducted the report after increasing cybersecurity threats to medical devices. They interviewed FDA staff that carry out and manage the reviews of cybersecurity in premarket submissions for networked medical devices, as well as members of the FDA’s Cybersecurity Workgroup. They also reviewed a sample of submissions and FDA reviewer notes for networked medical devices cleared by the agency in 2016.
Like the FDA, industry experts believe that cybersecurity for medical devices is a shared responsibility among device manufacturers, providers, consumers and the FDA itself.
“As companies are drawn to connect more devices to provide a higher standard of care it is critical that they appreciate the stakes of making sure the devices are secure,” said Steven Snyder, a cyber risk attorney at the law firm Bradley. “The industry could benefit from a focused approach and information sharing on threats and best practices.”
In addition to the report, the OIG is conducting an audit of the FDA’s plans and processes for responding to cybersecurity vulnerabilities affecting medical devices that are already on the market.