The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits, but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. The third week of Cybersecurity Awareness Month delved into the industry (hospitals, care facilities) and consumer (telemedicine patients) implications of internet-connected device use and what steps both can take own their part and #BeCyberSmart.
CSIAC Webinar – Update on Current FDA Cybersecurity Efforts:
To raise awareness about cybersecurity in the healthcare industry, CSIAC presented a webinar titled “Update on Current FDA Cybersecurity Efforts.” This webinar was presented by the U.S. Food and Drug Administration. View the live recording and presentation slides at: https://www.csiac.org/podcast/fda-cybersecurity-efforts/
Over the past several years, FDA has undertaken a significant and diverse set of efforts aimed at improving not only medical device cybersecurity, but cybersecurity across the healthcare sector. The agency has worked internally on efforts such as updated guidance with respect to satisfying regulatory requirements for cybersecurity within medical devices, the development of a playbook related to regional response, “boot camps” for threat modeling, and others. FDA has also supported the development of a vulnerability scoring system specifically targeted at medical devices. At the same time, FDA has been working closely with its government and private sector partners, patients, security researchers, and more. This includes groups like the International Medical Device Regulators Forum, the Healthcare Sector Coordinating Council, and the National Telecommunications and Information Administration’s multistakeholder process on software transparency. This talk provided an update and overview of these efforts.