In its final guidance issued last week, the Food and Drug Administration is requesting that device makers assess what information hackers might target in connection with their devices, how hackers might attempt to access the information, and how device makers intend to address these issues both before and after putting their products on the market. In addition, FDA is requesting that device makers report in to the agency on a continuing basis regarding cybersecurity incidents that arise after product approval.
Medical devices currently on the market are considered to be relatively easy to hack, according to cybersecurity experts. Cybersecurity and device usability, unfortunately, tend to exist in inverse relation so the challenge for device makers is to find a workable balance between the two.
See Modern Healthcare article at “FDA seeks cybersecurity assessments from medical-device makers,” the FDA press release, and the final guidance entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” online and in pdf form.