“The Food and Drug Administration is taking a closer look at medical device cybersecurity and countermeasures following supply chain challenges and attacks presented by the COVID-19 pandemic.”
“’The idea is to be as prepared as possible for the next event. We want to help shorten the time it takes to develop these medical countermeasure devices so that they are available when needed,’ said FDA Senior Science Health Advisor Heather Agler during FDA’s Science Forum last week.”
“Cybersecurity threats to the health care sector could make medical devices and hospital networks inoperable, thereby disrupting the delivery of patient care. Therefore having medical countermeasure devices in place is critical, Agler said.”
“FDA is tackling this via threat modeling, which helps identify, analyze and evaluate potential security risks. Threat modeling enables FDA to avoid ‘gut judgements’ on cyber posture and move toward a verifiable security control, said Kevin Fu, acting director for medical device cybersecurity at FDA’s Center for Devices and Radiological Health.”
“’It’s the cousin to hazard analysis. The idea is that it’s very difficult to make scientific claims about medical device security if a manufacturer doesn’t provide a reasonable and reputable threat model specific to the device,’ Fu said.”
“Fu outlined three insufficient threat model claims for medical devices: using obscure programming language, relying on past history of never being attacked and placing products on a secure hospital network…” Read the full article here.
Source: FDA Hones in on Medical Device Security – By Sarah Sybert, June 7, 2021. GovernmentCIO.
