FDA Aims to Strengthen Cybersecurity, Protect Patients

Commissioner’s statement focuses on medical devices

With each week seemingly comes another news update of a data breach, hack, or other cyber-related activity that compromises the sensitive information of thousands—sometimes millions—of Americans. The medical community has not been immune to this activity.

“In recent years, we’ve witnessed the far-reaching and negative consequences of successful cyber campaigns on organizations,” FDA commissioner Scott Gottlieb said last week in a statement. “Victims include financial institutions, government agencies, and now health care systems. Even when medical devices are not being deliberately targeted, if these products are connected to a hospital network, such as radiologic imaging equipment, they may be impacted.”

According to Gottlieb, cybersecurity researchers, often referred to as “white hat hackers,” have identified device vulnerabilities in non-clinical, research-based settings. They’ve shown how individuals could gain the capability to exploit these same weaknesses, thereby acquiring access and control of medical devices.

Thus, in conjunction with the MITRE Corporation, Gottlieb and the FDA announced the launch of a plan to promote cybersecurity readiness. But he stressed the importance of avoiding overreliance of government agencies for security.

Every stakeholder—manufacturers, hospitals, health care providers, cybersecurity researchers and government entities – all have a unique role to play in addressing these modern challenges,” he concluded. “That’s why the FDA has long been committed to working hard with various stakeholders to stay a step ahead of constantly evolving cybersecurity vulnerabilities.”

About The Author