As National Cybersecurity Awareness Month comes to a close, the U.S. Food and Drug Administration (FDA) is reminding you that cyber safety is a shared responsibility. We encourage everyone to consider the importance of cybersecurity and remain aware throughout the year when it comes to the technology we rely on every day—including the security of medical devices.
During the month of October, the FDA:
- Released a new video to emphasize our commitment to patient safety and highlight some of our work to protect the public from medical device cybersecurity threats
- Shared the discussion paper, Communicating Cybersecurity Vulnerabilities to Patients: Considerations for a Framework, for review and comment
- Qualified the Mitre Rubric For Applying the Cybersecurity Common Vulnerabilities Scoring System (CVSS) to Medical Devices as a cybersecurity Medical Device Development Tool (MDDT)
- Collaborated with CDC’s Public Health Matters Blog: #BeCyberSmart: 5 Ways to Protect Your Health Tech
- Encouraged awareness of FDA’s Consumer Update: Medical Device Cybersecurity: What You Need to Know
- Promoted the FDA Fact Sheet: The FDA’s Role in Medical Device Cybersecurity: Dispelling Myths and Understanding Facts (PDF)
The FDA takes medical device cybersecurity seriously. We are committed to mitigating the risks that cybersecurity vulnerabilities can pose to patient safety and public health, without decreasing the benefits of interconnected medical devices. As technology continues to connect, transform, and evolve, cybersecurity threats are never far behind. For this reason, it is vital that medical device cyber safety is considered a shared responsibility for all stakeholders, including: medical device manufacturers, government agencies, health care organizations, health care professionals, cybersecurity researchers, and medical device users throughout the U.S. and abroad.
We remind everyone to remain aware and committed to using cybersecurity best practices and good cyber hygiene. Although we constantly find new gaps and face new challenges in medical device cybersecurity, we must remain committed to working together to protect public health.
