The Food And Drug Administration Seeks Input On Medical Device Security

By David Bruggeman
September 28, 2014

The Food and Drug Administration (FDA) has announced a workshop on medical device cybersecurity for October 21 and 22 in Arlington, Virginia.  Titled “Collaborative Approaches for Medical Device and Health Care Cybersecurity,” the event is intended for a broad audience of stakeholders engaged in health care and public health.  The workshop will be webcast, but if you are planning to attend in person, registration will close by 4 p.m. Eastern on October 14.

As part of the workshop announcement, the FDA issued this Federal Register notice seeking comment.  Whether or not you attend the workshop, the FDA is looking for comments on any aspect of the workshop by November 24.  But for a set of questions connected to the workshop themes, comments are needed by October 7.  Those questions are (HPH means Health Care and Public Health):

  • Are stakeholders aware of the “Framework for Improving Critical Infrastructure Cybersecurity”? If so, how might we adapt/translate the Framework to meet the medical device cybersecurity needs of the HPH Sector?
  • How can we establish partnerships within the HPH Sector to quickly identify, analyze, communicate, and mitigate cyber threats and medical device security vulnerabilities?
  • How might the stakeholder community create incentives to encourage sharing information about medical device cyber threats and vulnerabilities?
  • What lessons learned, case studies, and best practices (from within and external to the sector) might incentivize innovation in medical device cybersecurity for the HPH Sector? What are the cybersecurity gaps from each stakeholder’s perspective: Knowledge, leadership, process, technology, risk management, or others? and,
  • How do HPH stakeholders strike the balance between the need to share health information and the need to restrict access to it?