FDA Plans Workshop to Address Cybersecurity in Medical Devices

“There is no such thing as a threat-proof medical device.”

Suzanne Schwartz, M.D., MBA, director of emergency preparedness and medical countermeasures at the FDA’s Center for Devices and Radiological Health.

Two months after finalizing its first guidance on cybersecurity, the FDA has announced a public workshop entitled “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity” to continue to address a growing safety consideration.

Since 2013, the FDA and other organizations have taken increased steps to address cybersecurity in the medical device industry.  In summer 2015, the FDA issued its first cybersecurity alert for a network enabled computerized pump designed for general infusion therapy.  Both the manufacturer and an independent researcher confirmed that the pump was vulnerable to access by an unauthorized remote user through the networked hospital information system.  The unauthorized user could then modify the dosage the pump delivers to a patient.  While no actual incidents were reported, both the manufacturer and the FDA recommended all hospitals immediately transition to other devices or at least disconnect the pump from the network and run offline as a temporary solution.

Other past efforts by the FDA to address cybersecurity include the white paper Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, Guidance to Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software, and a 2014 public workshop to seek further input from the public health sector on medical device and general health care cybersecurity.

The stated purposes of the January 2016 workshop are multifaceted and designed to take a comprehensive look at the state of the medical device cybersecurity.  The purposes include: highlighting past collaborative efforts between agencies, increasing awareness of models for benchmarking organizational cybersecurity status, reviewing standards and tools in development to address cybersecurity risk, and discussing unresolved gaps and challenges in advancing medical device cybersecurity.

The workshop will also bring together a diverse set of stakeholders including the National Health Information Sharing Analysis Center (NH-ISAC), the Department of Health and Human Services and the Department of Homeland Security.

The workshop is planned for January 20-21, 2016, from 9:00 am – 5:30 pm at the FDA White Oak Campus in Silver Spring, Maryland.  Registration is free and the meeting will also be webcast.

Mark Davis
Mark Davis is an associate in our Orange County office. His practice is focused on patent litigation and prosecution. Mr. Davis earned his Bachelor of Science in Mechanical Engineering at Brigham Young University, where he competed in the international University Rover Challenge. After graduation, he worked as a regulatory compliance engineer at Novarad, a small medical device company. Following his work as an engineer, Mr. Davis attended the University of Texas School of Law. At Texas, he was an officer in the Texas IP Law Society and served as an associate editor of the Texas Law Review. He also represented small business owners and nonprofit groups as a member of the Texas Clinical Law Programs. He joined the firm in 2015.
Click here to read full bio
View all posts published by Mark Davis »

Leave a Reply

By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.