FDA News: New Security Guidelines For Pacemakers
Jomst C.The U.S. Food and Drug Authority has released a set of guidelines for keeping medical devices secure from jeopardy and to ensure safety and privacy of the users. The "Postmarket Management of Cybersecurity in Medical Devices" report discusses the importance of device security and reiterating that cyber security is a continuous effort of maintenance and periodical software updates.
Notably, the steps contained in the report are identified as "nonbinding recommendations," implying that the recommendation is just advisory, the maintenance of the devices is still up to the user.
Dr. Suzanne Schwartz, Associate Director for Science and Strategic Partnerships at the FDA's Center for Devices and Radiologic Health, has noted in a supporting blog post that the industry is at a huge risk. She said that most of the medical devices used currently are either connected to a hospital network or users' home network. Technological advances in patient care are significant and the risk in cyber security is also growing. Security breaches can affect a device's functionality and performance.
The blog also said that manufacturers should also take into account cybersecurity when designing and developing devices to assure device performance against threats. Continuous monitoring and prevention of cyber security concerns is a must once the device is sold in the market and is already in use.
Compared to non-medical devices that periodically receives software updates, devices such as pacemakers and defibrillators are usually left alone once it is in the market, making it an easy target for attackers. Aside from tampering with the device's functionality, the identity of the user could also be stolen by database thieves.
Poorly secured networks, where these devices are linked, can be easily breached. According to the United States Department of Health and Human Services, there have been more than 1,700 data breaches since 2009 that affected more than 500 individuals. In addition, those, the unnoticed, not reported and unlisted attacks were much higher.
The FDA cited worst-case scenarios resulting from software vulnerabilities and how it can be managed. When a manufacturer gets the information that there is a vulnerability on their device, the manufacturer should immediately communicate with the customers and the user community about the vulnerability, not later than 30 days. They should also inform users about the remediation plan to lessen the risk to acceptable levels and identify the interim compensating controls.
The manufacturer should fix the issue, validate it and roll out the fix to the users and the community within two months of learning about the problem.
IoT home devices are well-known for powering botnets, capable of taking huge parts of the internet offline with DDoS attacks. Medical devices, when hacked, becomes literally life threatening, a threat so great that the FBI released a formal warning about remote exploits.
The real issue, at the end of the day, is enforcement of the said guidelines, and the speed of action when such vulnerabilities are found, especially from the side of the manufacturers. Hopefully, manufacturers should start following the recommendations and release fixes faster, not until a major security incident happens.
most read
related stories
more stories from News
Discover the key features and security enhancements of Apple's iOS 17.5 update.
ernest hamiltonDiscover top iPhone apps that let you earn real money by playing games, scanning receipts, and staying active.
ernest hamiltonSamsung has reached a remarkable milestone, shipping nearly 3 billion smartphones since 2014. Discover how the tech giant's decade-long dominance and innovative advancements have solidified its leadership in the global smartphone market.
ernest hamiltonLearn about Apple's settlement in the class-action lawsuit over iPhone 7 audio issues, offering up to $349 compensation for eligible users. Dive into the details and implications of this landmark agreement.
ernest hamiltonThousands of Apple users experienced a major iMessage outage on Thursday evening, impacting communication across the U.S., Canada, and the U.K. Downdetector reported over 13,000 disruptions starting at 6 p.m. ET. Stay updated with the latest developments and potential fixes.
ernest hamiltonDelve into the complexities of managing screen time for children as parents navigate between practicality and idealism.
ernest hamiltonDiscover why the Pixel 7a outperforms the new Pixel 8a in this detailed comparison. Learn about the advantages in affordability, color options, and feature parity. Read now to make an informed choice!
ernest hamiltonDiscover the future of smartphone audio with Moondrop's MIAD 01. Explore its dual audio jacks and premium DACs in this in-depth review. Ready to elevate your music experience? Read now!
ernest hamilton