The Food and Drug Administration and Department of Homeland Security signed a memorandum of agreement to improve coordination around medical device security, including a framework.
While the two federal agencies have worked together in the past to improve medical cybersecurity and vulnerability disclosures, the new agreement formalizes the process and the FDA and DHS relationship. The goal is to bolster coordination around potential or confirmed threats and/or flaws.
“As innovation in medical devices advances and more devices are connected to hospital networks or to other devices, ensuring that devices are adequately protected against cyber intrusions is paramount to protecting patients,” wrote FDA Commissioner Scott Gottlieb.
“The FDA has been proactive in developing a robust program to address medical device cybersecurity concerns. But we also know that securing medical devices from cybersecurity threats cannot be achieved by one government agency alone,” he added.
The strengthened partnership will make it easier for the groups to share data and better collaborate, while reaffirming their commitment to combating cyber threats, Gottlieb explained. The hope is that it will lead to more timely, better responses to potential threats.
For one, DHS and FDA will perform collaborative assessments to determine the extent a potential flaw could pose to patient safety, while coordinating device testing when needed. DHS will remain the central medical device vulnerability coordination center and consult with the FDA for device expertise.
For years, researchers have warned that hackers could easily gain access to a network through these flaws. But worst case scenario, these vulnerabilities could put patient lives at risk and providers aren’t being trained to detect or react to a hacked device.
Both the FDA and DHS have ramped up device vulnerability disclosures in recent years. In fact, since the FDA released its cybersecurity guidelines for devices in 2016, manufacturers reported 400 percent more flaws per quarter. It’s a sign vendors are beginning to take action to improve device security.
ON THE RECORD
“Ensuring our ability to identify, address and mitigate vulnerabilities in medical devices is a top priority,” Christopher Krebs, undersecretary for the DHS National Protection and Programs Directorate, said in a statement. “DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country.”