Skip to main content
close search
site logo
Dive Brief

FDA patient advisory meeting set to tackle cybersecurity in devices

Published July 3, 2019
By
Reporter
Getty

Dive Brief:

  • FDA will convene its Patient Engagement Advisory Committee Sept. 10 for a public discussion of medical device cybersecurity, the agency announced Tuesday.
  • "Preserving the benefit of these devices requires continuous vigilance as well as timely and effective communication to medical device users about evolving cybersecurity risks," the FDA notice said.
  • The committee is slated to make recommendations on factors that FDA and industry should consider when informing the public about cybersecurity risks, including the content, phrasing, timing and means of disseminating the message.

Dive Insight:

Cybersecurity for medical devices remains top of mind for FDA. Last week, the agency warned patients about a weakness in Medtronic insulin pumps that could allow a hacker to interfere with drug delivery. Medtronic recommends patients not connect the device to third-party technologies it has not authorized.

In June, the Department of Homeland Security flagged security vulnerabilities in some BD infusion pumps that could be exploited by hackers. The company said it had not received any reports of security breaches and advised users to block a client server protocol for sharing access to files.

The agency issued draft guidance in October 2018 covering cybersecurity in premarket submissions. Some device makers pushed back on FDA's proposal to create a two-tiered system for managing cybersecurity risk, asking for clarification on how it would work. The agency also proposed implementing a cybersecurity bill of materials requirement, which some viewed as too onerous.

Cybersecurity concerns were part of FDA's Medical Device Safety Action Plan last year. The agency worked on the Healthcare and Public Sector Coordinating Council public-private collaboration that resulted in a 53-page report released in January with recommendations for managing device cybersecurity in clinical practice.

And in a 2016 postmarket guidance, the agency said manufacturers should manage cybersecurity risks through the entire lifecycle of the device. Manufacturers were also directed to have cybersecurity risk management programs that address vulnerabilities, especially any that could result in patient harm.

FDA said it intends to make background material available to the public no later than two business days before the meeting, which is scheduled for 8 a.m. to 5:30 p.m. Sept. 10 in Gaithersburg, Maryland.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
SYNDEO Medical Announces European MDR Approval for Two Product Brands
From SYNDEO Medical
November 06, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell