WASHINGTON – The U.S. Food and Drug Administration recently released a medical device cybersecurity playbook to help health care organizations prepare their medical devices and staff for a cybersecurity breach. The playbook, along with other efforts by the agency to improve medical device security, is welcome news to industry experts.
“This is good news in terms of reducing risks to patient safety, particularly for patients who are using connected medical devices,” said Kimberly Gold, partner at the Reed Smith law firm and co-leader of the firm’s HIPAA and Health Privacy & Security practice.
The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook, developed by MITRE Corp. under contract with the FDA, focuses on cybersecurity threats affecting medical devices that could impact continuity of clinical operations for patient care. Even when the devices may not be deliberately targeted, they could be impacted if connected to a hospital network, said Dr. Scott Gottlieb, commissioner of the FDA, in a statement.
The FDA also recently announced the signing of two significant memoranda of understanding (MOA) designed to bring together stakeholder groups—including manufacturers, hospitals, health care providers, cybersecurity researchers and government entities—to create information sharing analysis organizations (ISAO) that will gather, analyze and disseminate information about cyber threats.
The agency is also asking for budget funds for 2019 that include $70 million to establish a digital health center of excellence that incorporates a cybersecurity unit.
“Technology is enabling health care to be delivered in new and innovative ways, providing opportunities to reach more patients immediately and effectively,” said Gold. “But with significant new opportunities come increased cybersecurity risks.”