FDA Calls for Heightened Health IT Cybersecurity Measures

Wednesday, 19 June 2013 14:20
Print


The U.S. Food and Drug Administration (FDA) is calling for heightened security measures for medical records, applications, and network operations via online.

The FDA is recommending that medical device manufacturers and healthcare facilities to take the steps to guarantee a safeguard to obstruct any cyberattack which could be carried out through the appearance of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.

The call for optimum security comes at a time when a vast majority of medical devices retain configurable fixed computer systems that can be susceptible to hackers and cyberattacks. In addition, as medical devices are gradually more associated with the Internet, hospital networks, other medical device, and smartphones, there is an amplified hazard of cybersecurity violations, which could negatively affect how a medical device functions.

For all device manufacturers, the FDA is calling on them to remain attentive toward recognizing risks and vulnerability linked to their medical devices, this of course includes risks relevant to cybersecurity, and are in charge of implementing the necessary precautions that address patient safety and guarantee consistent device performance.

The FDA expects medical device manufactures to take the necessary provisions to ensure any unauthorized access to medical devices is warded off and contained. The FDA particularly points out that manufacturers should re-evaluate their cybersecurity strategies and policies to ensure proper protection is present to avert any unauthorized access or alteration to their medical devices or compromise of the security of the hospital network that may be linked to the device itself.

In its guiding principles, the FDA suggests that all medical device manufactures should work to:fda cybersecurity

- Limit unauthorized device access to only trusted users

- Protect individual components from exploitation

- Craft strategies for active security protections appropriate for a device's use environment

- Provide methods for retention and recovery following security breakdowns

As for healthcare facilities, the FDA regards network security in accordance with protecting the hospital system to be at the forefront of concerns. Therefore, in re-evaluating network security, healthcare facilities should consider the following:

- Restricting unauthorized access to networks and medical devices, and tracking network activity, just in case

- Updating antivirus and firewall efforts, as well as security patches

- Creating and evaluating strategies for maintaining functionality during adverse events

"We are aware of hundreds of medical devices that have been infected by malware. It's not difficult to imagine how these types of events could lead to patient harm,” said deputy director for science at FDA's Center for Device and Radiological Health, Bill Maisel.

For now the FDA is taking security measures one step at a time, encouraging medical device manufactures and healthcare facilities to thoroughly examine the guidelines made available to them; and cooperate with the FDA in a concerted effort to significantly limit any possibilities of a cyberattack.

Related Articles
Array
(
    [type] => 2048
    [message] => Non-static method JResponse::sendHeaders() should not be called statically
    [file] => /home/hihadmin/public_html/libraries/joomla/environment/response.php
    [line] => 206
)