Featured Product
This Week in Quality Digest Live
FDA Compliance Features
Kari Miller
An effective strategy requires recruiting qualified personnel familiar with the process and technology
Dario Lirio
Modernization is critical to enhance patient experience and boost clinical trial productivity
Alexander Khomich
Healthcare software opens up opportunities for clinics in both management and patient care
Gary Shorter
Pharma needs to adapt and evolve with the changing environment of life science data
Etienne Nichols
Quality management system regulation explained

More Features

FDA Compliance News
Delivers time, cost, and efficiency savings while streamlining compliance activity
First trial module of learning tool focuses on ISO 9001 and is available now
Free education source for global medical device community
Good quality is adding an average of 11 percent to organizations’ revenue growth
Further enhances change management capabilities
Creates adaptive system for managing product development and post-market quality for devices with software elements
VQIP allows for expedited review and importation for approved applicants that demonstrate safe supply chains
An invite from Alcon Laboratories
Intended to harmonize domestic and international requirements

More News

Michael Causey

FDA Compliance

Medical Device Cybersecurity Risks

The wrong kind of Halloween fright

Published: Thursday, October 9, 2014 - 16:37

Well, boys and girls, Halloween is approaching. Although it’s fun to don a Dracula (or Miley Cyrus) costume and get some yucks faux-scaring folks, the FDA is acting like a responsible parent by setting up a medical-device cybersecurity public workshop, “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” later this month in Arlington, Virginia.

It appears to have filled up already, but a webcast recording will be made available. Why review it? Put it this way: Getting a tiny adrenalin rush when a 9-year-old Frankenstein jumps out at you in the dark is one thing; finding out some 19-year-old hacker has infiltrated your proprietary product and customer information is a different kind of fright altogether.

Participants will be encouraged to help regulators identify barriers to promoting medical device cybersecurity; discuss innovative strategies to address challenges that may jeopardize critical infrastructure; and enable proactive development of analytical tools, processes, and best practices by the stakeholder community to strengthen medical device cybersecurity. It’s shaping up to be a good agenda, but it will probably only be as strong as the attendees who show up to share war stories and discuss best practices with regulators and others.

Broadly speaking, the symposium hopes to help advance medical device cybersecurity by swapping information about the most current online threats, identifying gaps, advancing usage of the feds’ “Framework for Improving Critical Infrastructure Cybersecurity,” and developing tools and standards to build robust, comprehensive protection programs, among other areas of focus.

One of the topics will be the FDA’s new guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” released Oct. 2, 2014. It provides some helpful definitions (helpful in the sense that this is how the FDA views the world), and advises as to the kind of cybersecurity protection program the agency expects from medical device makers and their kin.

Some say the threat of medical device security hacks has been hyped up a bit. I’m no expert, but a report issued earlier this year from a cyber expert at SANS Institute (sponsored by cybersecurity vendor Norse), says some 94 percent of medical institutions report being victims of some type of cyber attack. This isn’t a report specifically about medical device makers, and I’m certain the vast majority of the attacks were relatively small and easy to thwart, but those numbers deserve some attention.

Hyped or not, however, I don’t imagine you’ll see an attendee at FDA’s event getting a jump on Halloween by showing up dressed as a sophisticated hacker. That’s just too scary.

First published Oct. 1, 2014, on the AssurXblog.


About The Author

Michael Causey’s picture

Michael Causey

James Michael Causey’s been a journalist since he started his own neighborhood newspaper in the 1970s. In addition to quizzing FDA officials for the past 10+ years, he’s also interviewed political satirist Art Buchwald, FCC Chairman Reed Hundt, SEC Chairwoman Mary Schapiro, and is the past president of the Washington Independent Writers. Causey is the editor and publisher of eDataIntegrityReport.com and is a contributing writer on the AssurXblog.