FDA Explains What Hospitals Can Do to Boost Medical Device Security

Posted on

Last week, we explained the Food and Drug Administration’s stance on the cyber security of medical devices.  But with a report to Congress on the dangers of hacking now in, the agency is attempting to get device makers and hospital administrators alike to do what they can to ensure safety.

The FDA points out that no adversity has been reported because of an infiltration by malware or an unwanted alteration to the configuration of a device.  The FDA also has not been able to identify any concerted efforts to go after a product.  However, the threat becomes more apparent every day with the increasing interconnectivity of hospitals.  If but one link in the chain is compromised, an entire hospital network could be impacted.

Even as device makers are being asked to boost security, hospitals are being told to beef up protection around their networks.  Access should only be provided to those with proper authorization, and overseers should strive to identify any instances of unauthorized use that could indicate malfeasance.

When a suspected problem with a specific device can be demonstrated, the producer of that item should be contacted at once.  If contact proves difficult, the FDA and the cybercrime division of the Department of Homeland Security should be notified.  Hospitals should also start thinking about precautions to take to ensure continued function of a device even when adversity presents itself.