To strengthen the safety of medical devices, the FDA has finalized recommendations to manufacturers for managing cybersecurity risks to better protect patient health and information. On October 1, the agency issued a final guidance on the content of premarket submissions for the management of cybersecurity in medical devices.
The FDA’s concerns about cybersecurity vulnerabilities include malware infections on network-connected medical devices or computers, smartphones, and tablets used to access patient data; unsecured or uncontrolled distribution of passwords; failure to provide timely security software updates and patches to medical devices and networks; and security vulnerabilities in off-the-shelf software designed to prevent unauthorized access to the device or network.
