Published December 28, 2016 Reuters
The U.S. government on Tuesday issued rules for addressing cyber vulnerabilities in medical devices, providing manufacturers with guidelines for fixing security bugs in equipment, including pacemakers, insulin pumps and imaging systems.
“Cybersecurity threats are real, ever-present and continuously changing,” Suzanne Schwartz, a senior Food and Drug Administration official who helped draft the new rules, said in a blog post. “And as hackers become more sophisticated, these cybersecurity risks will evolve.”
The FDA released the 30-page guidance as the agency investigates claims from a short-selling firm and security researchers that heart devices from St. Jude Medical Inc are vulnerable to life-threatening hacks. The allegations, which surfaced in August, underscore the need for clear government rules on identifying and mitigating the impact of security vulnerabilities in medical equipment.
The FDA has been grappling with such issues for several years in response to a surge in research on potentially life- threatening security bugs in medical devices from so-called “white hat” hackers looking to identify flaws before they are exploited to harm patients.
The agency in 2014 issued guidance on how manufacturers should address cyber security when developing new products, though the rules did not cover equipment that was already on the market.
Read Entire Story in Fox News