Eliminating Misconceptions of Cybersecurity

Eliminating Misconceptions of Cybersecurity

What the FDA Actually Says About Medical Device Cybersecurity

Medical devices, like other computer systems, can be vulnerable to security breaches- potentially impacting the safety and effectiveness of the device. As medical devices are increasingly connected to the Internet, hospital networks, and to other medical devices, this vulnerability becomes more prevalent. With cybersecurity breaches becoming more and more publicized, the concern around medical device cybersecurity has become more mainstream than ever.

“In the past, government regulators were not very vocal about their concerns around data security in devices. That has changed significantly over the last 18 months.” Mike Kijewski, CEO of MedCrypt explained to Q1 Productions. “Device vendors need to have a well-articulated and executed security strategy to ensure that products in their development pipelines will make it to market without regulatory problems.”

All medical devices carry a certain amount of risk. The FDA allows devices to be marketed when there is a reasonable assurance that the benefits to patients outweigh the risks. So what exactly does that mean? The FDA post-market final guidance was released in December, and since then they have published resources to dispel myths about cybersecurity. Here are five common myths and misconceptions the FDA wants you to know about.

To discuss other cybersecurity concerns, Q1 Productions is hosting the 2nd Annual Medical Device Cybersecurity Risk Mitigation Conference on July 17-18 in Arlington, Virginia.  There will be regulator perspectives (FDA), security organizations (ISAO, NH-ISAC), and industry leaders coming together to provide insights on the evolving space of medical device cybersecurity. It will be a very interactive conference with solo presentations, co-presentations, fireside chats, panels, and open discussions.