With all the current concern over IoT being insecure from cyberattacks, the U.S. Food & Drug Administration (FDA) has posted the agency's final guidance for medical device safety.
In a nutshell, device manufacturers need to take into account security considerations through a product's entire lifecycle, starting with its development to ensure proper performance and functionality if a hospital's network is hacked.
The FDA's final guidance is available in a 30-page white paper. When planning their products, medical device manufacturers should place emphasis on the following considerations:
- Have a way to monitor and detect cybersecurity vulnerabilities in their devices
- Understand, assess and detect the level of risk a vulnerability poses to patient safety
- Establish a process for working with cybersecurity researchers and other stakeholders to receive information about potential vulnerabilities (known as a “coordinated vulnerability disclosure policy”)
- Deploy mitigations (e.g., software patches) to address cybersecurity issues early, before they can be exploited and cause harm