Cybersecurity issues are increasingly prevalent in medical devices as the tools being developed are more connected to software. These developers are turning to the FDA to develop guidance, according to Bloomberg Law.
The comment deadline for the FDA's premarket cybersecurity guidance ended March 18. The guidance was created to provide updated recommendations for device manufacturers to better protect products from ransomware and other cyberattacks.
Currently, the FDA created two categories for cyber-risks. Tier one is for implantable devices connected to other medical or nonmedical products, a network or the Internet. Tier 2 comprises the connected devices that do not fall into tier one, such as MRI machines or portable cardio rhythm monitors.
Device manufactures are challenged with investing millions of dollars on cybersecurity protection on top of the millions of dollars spent on equipment.
"As medical devices become increasingly connected to networks, security risks move beyond the device to intrusions across the digital network ecosystem. Therefore, we believe that cybersecurity in the healthcare setting is a shared responsibility among all stakeholders, including medical device manufacturers, system integrators, product owners/users and patients," a GE spokesperson told Bloomberg Law.
Companies including Becton, Dickinson & Co., GE Healthcare and MedCrypt provided comments to the FDA. The companies encouraged a shared responsibility and having hackers test equipment to reveal vulnerabilities.
To read the full report, click here.