FDA’s Cybersecurity Guidelines for Medical Devices have arrived

4 January 2017
The FDA’s (Food and Drug Administration) guidelines encourage device makers to regularly monitor their devices and linked software for any potential bugs and threats, and to install the necessary preventative measures for problems that may occur during device usage. The medical devices that are unsecure, mainly the ones connected to the Internet, are subject for hacking. In the wrong hands it can result in devices being altered to deliver incorrect levels of medication, leading to lethal results for patients.

Stock price drops

Researchers recently revealed it's fairly easy to tamper with life-saving devices like pacemakers, defibrillators, and insulin pumps. In August 2016, the stock price of medical device maker St. Jude Medical Inc. (STJ) dropped over 5% when a prominent short seller claimed that the company's devices are prone to hacking. In 2015, The FDA issued a warning that Hospira Inc.'s Symbiq infusion pump, which is used to administer nutrients and drugs, can be controlled over the hospital’s network to deliver too little or too much medication.

Devices with low security can also be used by skilled hackers to gain access to a wider network, including the confidential patients records of hospitals. The newly released FDA guidelines are pronounced as a step enhanced security of medical devices, but the recommendations are not legally binding, which raises a question mark on the effectiveness of achieving the necessary objectives.

FDA's associate director for science and strategic partnerships Suzanne Schwartz backed the guidelines, by saying they allow “manufacturers to focus on continuous quality improvement, which is essential to ensuring the safety and effectiveness of medical devices at all stages in the device’s lifecycle.”