Home > Critical Infrastructure Security, Information Security > FDA: Our Approval is not Required for Security Patches

FDA: Our Approval is not Required for Security Patches

For the first time since 2005, the FDA issued a statement to Medical device manufacturers and hospitals dealing with Healthcare IT systems:

The FDA’s Statements come as a reminder about “the shared responsibility of of cybersecurity”

FDA wants to remind you that cybersecurity for medical devices and their associated communication networks is a shared responsibility between medical device manufacturers and medical device user facilities. The proper maintenance of cybersecurity for medical devices and hospital networks is vitally important to public health because it ensures the integrity of the computer networks that support medical devices.

Further more the FDA clarified their position on security patches.

FDA approval is not required before installing changes, updates, or patches that address cybersecurity issues

The statement mentioned the fact that the FDA is aware of misinterpretation of the regulations for the cybersecurity of medical devices that are connected to computer networks. The regulations issued back in 2005 can be downloaded below.

Source: FDA’s official Reminder

Guidance for Industry – Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software (issued January 2005)

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: