Communicating Cybersecurity Vulnerabilities to Patients: Considerations for a Framework
The U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH) has developed a discussion paper, Communicating Cybersecurity Vulnerabilities to Patients: Considerations for a Framework, to provide best practices to consider when communicating with patients and caregivers about cybersecurity vulnerabilities.
About the Discussion Paper
Communicating Cybersecurity Vulnerabilities to Patients: Considerations for a Framework outlines considerations for the FDA, federal partners, and industry stakeholders to help thoughtfully inform patients and the public about cybersecurity vulnerabilities.
This discussion paper includes proposed considerations received during the Patient Engagement Advisory Committee (PEAC) meeting held on September 10, 2019, on cybersecurity in medical devices.
Communicating Cybersecurity Vulnerabilities to Patients: Considerations for a Framework is being issued for discussion purposes only and is not a draft guidance. This document is not intended to communicate the FDA's proposed (or final) regulatory expectations but is instead meant to seek early input from groups and individuals outside the FDA.
Submitting Comments on the Discussion Paper
As part of it's efforts to ensure medical device cybersecurity safety and awareness, the FDA is sharing Communicating Cybersecurity Vulnerabilities to Patients: Considerations for a Framework for review and comment. Feedback on the discussion paper will help the FDA provide a collection of best practices to better communicate with patients and caregivers about cybersecurity vulnerabilities.
The FDA encourages stakeholders to provide comments in the Federal Registry under docket number FDA-2020-N-1933. The last day to submit comments is December 21, 2020.