Posts Tagged ‘Medical Devices’

FDA: Our Approval is not Required for Security Patches

November 8, 2009 Leave a comment

For the first time since 2005, the FDA issued a statement to Medical device manufacturers and hospitals dealing with Healthcare IT systems:

The FDA’s Statements come as a reminder about “the shared responsibility of of cybersecurity”

FDA wants to remind you that cybersecurity for medical devices and their associated communication networks is a shared responsibility between medical device manufacturers and medical device user facilities. The proper maintenance of cybersecurity for medical devices and hospital networks is vitally important to public health because it ensures the integrity of the computer networks that support medical devices.

Further more the FDA clarified their position on security patches.

FDA approval is not required before installing changes, updates, or patches that address cybersecurity issues

The statement mentioned the fact that the FDA is aware of misinterpretation of the regulations for the cybersecurity of medical devices that are connected to computer networks. The regulations issued back in 2005 can be downloaded below.

Source: FDA’s official Reminder

Guidance for Industry – Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software (issued January 2005)