Featured Product
This Week in Quality Digest Live

More Videos

FDA Compliance Features
The Value of Risk-Based Supplier Inspections in Pharma Quality Management
Kari Miller
An effective strategy requires recruiting qualified personnel familiar with the process and technology
Staying Ahead of ICH E6(R3) Good Clinical Practice Guidelines
Dario Lirio
Modernization is critical to enhance patient experience and boost clinical trial productivity
How Healthcare Software Development Enhances the Medical Industry
Alexander Khomich
Healthcare software opens up opportunities for clinics in both management and patient care
Four Steps to Accelerating Discoveries in Life Sciences
Gary Shorter
Pharma needs to adapt and evolve with the changing environment of life science data
What FDA QSR and ISO 13485 Harmonization Means for Medical Device Companies
Etienne Nichols
Quality management system regulation explained

More Features

FDA Compliance News
Qualio Focuses on Building a New, Collaborative Life Sciences Ecosystem
Delivers time, cost, and efficiency savings while streamlining compliance activity
Exemplar Global and QLBS Partner to Launch Audit Simulator
First trial module of learning tool focuses on ISO 9001 and is available now
Greenlight Guru Launches Greenlight Guru Academy
Free education source for global medical device community
Study Finds Quality Shifting From Operational Compliance to Strategic Business Driver
Good quality is adding an average of 11 percent to organizations’ revenue growth
Greenlight Guru Updates Risk Management to Align With ISO 14971:2019
Further enhances change management capabilities
Greenlight Guru Announces New Integration With Jira Software
Creates adaptive system for managing product development and post-market quality for devices with software elements
FDA Opens Voluntary Qualified Importer Program (VQIP) Application Portal
VQIP allows for expedited review and importation for approved applicants that demonstrate safe supply chains
IVT’s Validation Week 2018
An invite from Alcon Laboratories
FDA Plans to Use ISO 13485 for Medical Devices Regulation
Intended to harmonize domestic and international requirements

More News

Michael Causey

FDA Compliance

Medical Device Cybersecurity Risks

The wrong kind of Halloween fright

Published: Thursday, October 9, 2014 - 16:37

Well, boys and girls, Halloween is approaching. Although it’s fun to don a Dracula (or Miley Cyrus) costume and get some yucks faux-scaring folks, the FDA is acting like a responsible parent by setting up a medical-device cybersecurity public workshop, “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” later this month in Arlington, Virginia.

It appears to have filled up already, but a webcast recording will be made available. Why review it? Put it this way: Getting a tiny adrenalin rush when a 9-year-old Frankenstein jumps out at you in the dark is one thing; finding out some 19-year-old hacker has infiltrated your proprietary product and customer information is a different kind of fright altogether.

Participants will be encouraged to help regulators identify barriers to promoting medical device cybersecurity; discuss innovative strategies to address challenges that may jeopardize critical infrastructure; and enable proactive development of analytical tools, processes, and best practices by the stakeholder community to strengthen medical device cybersecurity. It’s shaping up to be a good agenda, but it will probably only be as strong as the attendees who show up to share war stories and discuss best practices with regulators and others.

Broadly speaking, the symposium hopes to help advance medical device cybersecurity by swapping information about the most current online threats, identifying gaps, advancing usage of the feds’ “Framework for Improving Critical Infrastructure Cybersecurity,” and developing tools and standards to build robust, comprehensive protection programs, among other areas of focus.

One of the topics will be the FDA’s new guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” released Oct. 2, 2014. It provides some helpful definitions (helpful in the sense that this is how the FDA views the world), and advises as to the kind of cybersecurity protection program the agency expects from medical device makers and their kin.

Some say the threat of medical device security hacks has been hyped up a bit. I’m no expert, but a report issued earlier this year from a cyber expert at SANS Institute (sponsored by cybersecurity vendor Norse), says some 94 percent of medical institutions report being victims of some type of cyber attack. This isn’t a report specifically about medical device makers, and I’m certain the vast majority of the attacks were relatively small and easy to thwart, but those numbers deserve some attention.

Hyped or not, however, I don’t imagine you’ll see an attendee at FDA’s event getting a jump on Halloween by showing up dressed as a sophisticated hacker. That’s just too scary.

First published Oct. 1, 2014, on the AssurXblog.

Discuss

About The Author

Michael Causey’s picture

Michael Causey

James Michael Causey’s been a journalist since he started his own neighborhood newspaper in the 1970s. In addition to quizzing FDA officials for the past 10+ years, he’s also interviewed political satirist Art Buchwald, FCC Chairman Reed Hundt, SEC Chairwoman Mary Schapiro, and is the past president of the Washington Independent Writers. Causey is the editor and publisher of eDataIntegrityReport.com and is a contributing writer on the AssurXblog.