As National Cybersecurity Awareness Month comes to a close, the U.S. Food and Drug Administration (FDA) takes time to reflect on the advances our cybersecurity program has made during the year. Cyber safety is a shared responsibility. We encourage everyone to consider the importance of cybersecurity and remain aware when it comes to the technology we rely on every day. That includes the security of medical devices.
In 2019, the FDA continued to ensure medical device cybersecurity safety and awareness by:
- convening a patient engagement advisory committee meeting which sought recommendations on integrating medical device cybersecurity risk into health risk communications;
- participating in the National Telecommunications and Information Administration’s Software Transparency Initiative as a part of the healthcare Proof of Concept (PoC). The healthcare PoC is a collaborative effort between healthcare delivery organizations, medical device manufacturers, and other public health stakeholders to establish a prototype Software Bill of Materials (SBOM) format and exercise use cases for SBOM production and consumption;
- convening a public workshop focused on the premarket cybersecurity draft guidance;
- coordinating with MITRE, a not-for-profit organization, to release an updated rubric for applying the Common Vulnerability Scoring System (CVSS) to medical devices which provides guidance for how an analyst can utilize CVSS as part of a risk assessment for medical device cybersecurity;
- serving in leadership roles in the Healthcare and Public Health Sector Coordinating Council (HSCC), a public-private partnership among healthcare industry leaders and the government that seeks to address pressing security and resiliency challenges to the healthcare sector including cybersecurity. One of the HSCC task groups that FDA co-chairs released Medical Device and Health IT Joint Security Plan (JSP) which is a total product lifecycle reference guide to developing, deploying and supporting cyber secure technology solutions in the health care environment; and
- serving as a co-chair for the International Medical Device Regulator’s Forum working group tasked with drafting a global medical device cybersecurity guide. The purpose of the guide is to promote a globally harmonized approach to medical device cybersecurity that at a fundamental level ensures the safety and performance of medical devices while encouraging innovation. The draft guide is available for public comment until December 2, 2019.
The FDA takes medical device cybersecurity seriously. We are committed to mitigating the risks that cybersecurity vulnerabilities can pose to patient safety and public health, without decreasing the benefits of interconnected medical devices. As technology continues to connect, transform, and evolve, cybersecurity threats are never far behind. For this reason, it is vital that medical device cyber safety is considered a shared responsibility for all stakeholders, including: medical device manufacturers, government agencies, health care organizations, health care professionals, cybersecurity researchers, and medical device users throughout the U.S. and abroad.
We remind everyone to remain aware and committed to using cybersecurity best practices and good cyber hygiene. Although we constantly find new gaps and face new challenges in medical device cybersecurity, we must remain committed to working together to protect public health.
No hay comentarios:
Publicar un comentario