Each October during National Cybersecurity Awareness Month, the U.S. Food and Drug Administration (FDA) takes time to reflect on the advances our cybersecurity program has made during the year. Cyber safety is a shared responsibility. We encourage everyone to consider the importance of cybersecurity and remain aware when it comes to the technology we rely on every day. That includes the security of medical devices.
In 2018, the FDA continued to ensure medical device cybersecurity safety and awareness by:
- outlining a vision for how we will advance medical device cybersecurity in our Medical Device Safety Action Plan;
- coordinating with MITRE, a not-for-profit organization, to release a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook that will guide health care delivery organizations in their preparedness and response activities for medical device threats or vulnerabilities;
- continuing to foster coordinated information sharing regarding cybersecurity vulnerabilities and threats through the launch of information sharing analysis organizations; and
- renewing our partnerships with stakeholders such as the Healthcare Information Sharing and Analysis Center and the Medical Device Innovation, Safety, and Security Consortium, and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.
The FDA takes medical device cybersecurity seriously. We are committed to mitigating the risks that cybersecurity vulnerabilities can pose to patient safety and public health, without decreasing the benefits of interconnected medical devices. As technology continues to connect, transform, and evolve, cybersecurity threats are never far behind. For this reason, it is vital that medical device cyber safety is considered a shared responsibility for all stakeholders, including: medical device manufacturers, government agencies, health care organizations, health care professionals, cybersecurity researchers, and medical device users throughout the U.S. and abroad.
We remind everyone to remain aware and committed to using cybersecurity best practices and good cyber hygiene. Although we constantly find new gaps and face new challenges in medical device cybersecurity, we must remain committed to working together to protect public health.
For more information about National Cybersecurity Awareness Month, including tips on cyber safety, visit the Department of Homeland Security’s Stop.Think.Connect. Campaign website. You can also find more information about how the FDA approaches medical device cybersecurity by visiting the Center for Devices and Radiological Health (CDRH) website.
If you have any questions regarding cybersecurity and medical devices, please contact CDRH’s Division of Industry and Consumer Education (DICE) at DICE@fda.hhs.gov, or by phone at 1-800-638-2041, or 301-796-7100.