Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Monday, 17 July 2017 14:06

Think Twice Before Ignoring FDA Cybersecurity Guidance

FDA late last year published new guidance documenting postmarket management of cybersecurity in medical devices. It seems prudent to recognize this guidance for exactly what it is: a wake-up call for the medical industry that we are in the 21st century and the potential for hacking any medical device, whether it is connected to a network or not, is a problem that must be taken seriously. In the guidance, FDA provides the means of demonstrating a risk-based management approach to cybersecurity and medical devices. The agency also provides mitigation and reporting requirements that are governed by other sections of the Code of Federal Regulations (CFR) pertaining to medical devices. So, while some may argue that this guidance has no teeth and cannot be enforced, if a patient is harmed or put at risk by a potential cybersecurity vulnerability, what company's attorneys are going to argue that their client chose to ignore potential cybersecurity impacts on their medical device because they felt the guidance “didn't have any teeth”?