Last week, the US Food and Drug Administration released a draft guidance on cybersecurity for medical devices.
The Draft Guidance “Cybersecurity for Medical Devices: Quality System Considerations and Premarket Submissions” aims to emphasize the importance of protecting medical devices throughout the product life cycle.
This guidance replaces the one issued by the agency in 2018.
“These recommendations help facilitate an efficient pre-marketing review process and ensure that medical devices on the market are fully resilient to cybersecurity threats,” the FDA said. Federal Register Notification about guidance.
Important reason
Cybersecurity is becoming more important as more patients benefit from connected care, especially when it comes to medical devices.
“The improved connectivity allows individual devices to act as a single element of a larger medical device system,” the FDA said in a draft guidance. “These systems can include medical facility networks, other devices, and software update servers, among other interconnected components.
“As a result, without proper cybersecurity considerations in all aspects of these systems, cybersecurity threats can compromise the safety and effectiveness of devices by impairing the functioning of assets within the system. There is, “he continued the guidance.
The general principles set out in the draft guidance are the recognition that cybersecurity is part of device safety and quality system regulations, and the FDA’s assessment of the adequacy of device security based on the listed objectives. It consists of planning and the importance of device user transparency.
“Manufacturers need to take into account the larger systems in which the device may be used,” says the difference in risk profile between unconnected thermometers and thermometers used in safety-critical control loops. Flagged and the agency said.
“Cybersecurity risks evolve over time, and as a result, cybersecurity controls can become less effective as new risks, threats, and attack methods emerge,” Guidance said. “Cybersecurity is part of the safety and effectiveness of the device, so cybersecurity control must take into account the intended actual environment of use.”
Guidance also included suggestions for labeling devices at cybersecurity risk, including detailed diagrams and instructions for backup and restore procedures.
“The instructions for managing cybersecurity risks must be understandable to the target audience, which may include patients and caregivers with limited technical knowledge. “The agency said.
The FDA requires that comments be submitted electronically or in writing by July 7, 2022.
Big trend
The agency’s draft guidance is the latest in several publications on the medical IT and medical technology industries over the past few years.
Last October, we published the Guiding Principles for developing devices that rely on artificial intelligence and machine learning, followed by a draft guidance on software features.
Just this week, Dr. Jennifer McCaney, Executive Director of UCLABiodesign, said: Healthcare IT News The majority of recent research executives believe that the FDA is responding more effectively to the evolving needs of healthcare innovation compared to global response agencies.
“Examples of specific devices implemented by the FDA to drive innovation include the introduction of breakthrough device designations that accelerate patient access to technologies that address critical unmet needs, funded by De Novo. Making money, providing regulatory guidance for software, and establishing the FDA’s Digital Health Center of Excellence. “
Meanwhile, earlier this month, a law was introduced that imposes a set of cybersecurity requirements on manufacturers applying for premarket approval through the FDA.
On record
“As the integration of frequent electronic exchanges of wireless, internet, network connectivity, portable media, and medical device-related health information progresses, the need for robust cybersecurity controls to ensure the safety and effectiveness of medical devices. Gender is becoming more and more important, “said the FDA in a draft guidance.
“In addition, cybersecurity threats to the healthcare sector are becoming more frequent and serious, increasing the potential for clinical consequences,” he continued.
Kat Jercich is a Senior Editor of Healthcare IT News.
twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a publication of HIMSS Media.
