The arrival of October marked the beginning of National Cybersecurity Awareness Month. Proclaimed by President Obama each year, National Cybersecurity Awareness Month encourages the public as well as industry to understand the importance of cybersecurity and to be vigilant when it comes to the technology we rely on every day – this includes ensuring patients are confident in the safety of their medical devices.
Just as technology continues to connect, transform and evolve, cybersecurity threats also evolve. As medical devices become more interconnected through wired and wireless connections, they also become more vulnerable, which could potentially impact patient safety. However, connected medical devices can still provide an enormous benefit to patients, health care providers, and health care institutions alike. As such, the FDA takes medical device cybersecurity very seriously, and we have continuously worked to mitigate the risks cybersecurity vulnerabilities can pose to patient safety and the public health.
At FDA, we strongly believe that medical device cyber safety is a large and shared responsibility that requires diligence from all stakeholders, including: medical device manufacturers, government agencies, health care organizations, health care professionals, cybersecurity researchers, and medical device users. To that effect, the FDA has partnered with several public and private sector organizations including the Department of Health and Human Services, the National Health Information Sharing and Analysis Center (NH-ISAC), and the Medical Device Innovation, Safety, and Security Consortium (MDISS), and the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). These partnerships serve to raise awareness of medical device safety and cybersecurity in health care and public health, and also to foster collaboration, information sharing, and coordinated vulnerability disclosure policies and practices.
As National Cybersecurity Awareness Month goes forward, the FDA encourages everyone to be aware, vigilant, and committed to employing cybersecurity best practices and good cyber hygiene. Through a community approach including the public and several government agencies, we have seen significant progress in the management of medical device cybersecurity. And although gaps and challenges in medical device cybersecurity still exist, we must remain committed to working together to address the common goal of protecting the public health.
For more information about National Cybersecurity Awareness Month, including tips on cyber safety, visit DHS’ Stop.Think.Connect.™ campaign website. You can also find more information about medical device cyber security by visiting the CDRH website.
Additionally, if you have any questions regarding cybersecurity and medical devices, please contact CDRH’s Division of Industry and Consumer Education (DICE) at DICE@fda.hhs.gov, or via phone at 1-800-638-2041, or 301-796-7100.