Tag Archives: cybersecurity

Health Care Task Force Pre-Releases Report on Cybersecurity Days Before Ransomware Attack

Last week, the Health Care Industry Cybersecurity (HCIC) Task Force (the “Task Force”) published a pre-release copy of its report on improving cybersecurity in the health care industry.  The Task Force was established by Congress under the Cybersecurity Act of 2015.  The Task Force is charged with addressing challenges in the health care industry “when … Continue Reading

CDRH Releases Postmarket Cybersecurity Final Guidance

On December 28, 2016, CDRH announced the publication of the final guidance “Postmarket Management of Cybersecurity in Medical Devices.”  In a separate post, we reported on the January 22, 2016 draft version of this guidance document.  The final guidance provides FDA’s recommendations on a risk-based framework for medical device manufacturers to assess and remediate cybersecurity … Continue Reading

After Two-Day Workshop, CDRH Releases Postmarket Cybersecurity Draft Guidance

On January 22, 2016, CDRH announced in the Federal Register the publication of the draft guidance, “Postmarket Management of Cybersecurity in Medical Devices.”  The release of the draft guidance coincided with the conclusion of a two-day public workshop hosted by FDA entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.”  We previously discussed the Agency’s … Continue Reading

CDRH Schedules January 2016 Cybersecurity Workshop

CDRH has scheduled a cybersecurity workshop entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity,” on January 20-21, 2016 (see here for the Federal Register announcement). Background and Workshop Context As we discussed in a previous blog post, cybersecurity vulnerability is an increasing concern as medical devices are becoming more connected to the Internet, hospital … Continue Reading

Cybersecurity Risks with Connected Devices

Cybersecurity vulnerability is becoming an increasing concern as medical devices are becoming more connected to the Internet, hospital networks, and other medical devices. As we previously reported, FDA has increasingly focused on promoting cybersecurity, recognizing that compromised medical devices can pose a risk to patient health and safety and to the confidentiality of personal medical … Continue Reading

FDA Finalizes Guidance for Management of Cybersecurity in Medical Devices

The U.S. Food and Drug Administration (“FDA”) has increasingly focused on promoting cybersecurity because compromised medical devices can pose a risk to patient health as well as the confidentiality of personal medical information.  On October 2, 2014, FDA issued final guidance on the content of premarket submissions for the management of cybersecurity in medical devices.  … Continue Reading

Analyst Report Indicates that Health Care Organizations, Including Internet-connected Medical Devices, Are Vulnerable to Attack

A recent analyst report indicates that health care organizations and internet-connected medical devices are increasingly vulnerable to cyber-attacks. The Health Care Cyberthreat Report was issued in February 2014 by the SANS Institute, which describes itself as a cooperative research and education organization that is a source of cybersecurity training, security certification, and research information.… Continue Reading

NIST Releases Discussion Draft of Preliminary Cybersecurity Framework

As we’ve previously noted, federal agencies have prioritized cybersecurity as a key issue, as reflected in FDA’s recent draft guidance on cybersecurity in medical devices.  As part of a broader Executive Branch-wide effort, last week the National Institute of Standards and Technology (“NIST”) issued a “Discussion Draft of a Preliminary Cybersecurity Framework” pursuant to the … Continue Reading

US Information Security and Privacy Board Expresses Concerns about Management of Cybersecurity in Wireless Medical Devices

The US Information Security and Privacy Board (ISPAB) voiced concerns over potential harms resulting from a lack of controlled management of cybersecurity in wireless medical devices in response to FDA’s previously reported draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  ISPAB operates under the National Institute of Standards and Technology … Continue Reading

FDA Issues Draft Guidance Document on Cybersecurity in Medical Devices

The issue of cybersecurity has been on FDA’s radar in the last year, due in part to a Government Accountability Office report issued last August that urged FDA to consider the risk of intentional threats to device information security.  Although the GAO report noted that FDA was not aware of any actual incident of device … Continue Reading
LexBlog