The U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH) developed Best Practices for Communicating Cybersecurity Vulnerabilities to Patients to provide helpful information to consider when communicating with patients and caregivers about cybersecurity vulnerabilities. This document is not guidance and does not create or convey any policies on regulatory matters or any regulatory expectations.
About the Paper
Best Practices for Communicating Cybersecurity Vulnerabilities to Patients outlines information for the FDA, federal partners, and industry stakeholders to consider to help thoughtfully inform patients and the public about cybersecurity vulnerabilities.
The paper includes the following best practices for communications:
Make the content easy for people to read and understand, including how to:
- Keep it timely
- Keep it relevant
- Keep it simple
- Keep it readable for diverse audiences
Discuss risks and benefits
Acknowledge and explain the unknown
Make it easy for patients to find and use, including:
Make communications easy to find in online searches
Make communications easy to view on mobile devices
This paper also includes best practices shared during the Patient Engagement Advisory Committee (PEAC) meeting held on September 10, 2019 on vulnerabilities cybersecurity in medical devices.