Cybersecurity Awareness Month at the FDA
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month raises awareness about the importance of cybersecurity and ensuring all Americans have access to resources to help be safer and more secure online.
Cybersecurity is also an important part of patient safety when it comes to medical devices. Maintaining strong cybersecurity is critical throughout the lifecycle of medical devices to keep patients safe and better protect the public health.
“CDRH continues to take steps to support a collaborative, multi-stakeholder environment that fosters communication about cybersecurity vulnerabilities that may affect the safety, effectiveness, and security of medical devices. The Best Practices for Communicating Cybersecurity Vulnerabilities to Patients is one of several actions we are taking during Cybersecurity Awareness Month to collaborate with the U.S. Department of Homeland Security (DHS) and other public and private partners to raise awareness about the importance of cybersecurity for the American public.” – Suzanne Schwartz, Director - Office of Strategic Partnerships & Technology Innovation, CDRH
At the FDA, the Center for Devices and Radiological Health (CDRH) is dedicated to ensuring medical devices are protected from cybersecurity threats by:
- Providing guidance to help manufacturers design and maintain products that are cybersecure.
- Informing the public and stakeholders about medical device safety concerns identified from new cybersecurity vulnerabilities.
- Working across the healthcare sector to improve awareness of and address cybersecurity risks.
- Participating in public and private partnerships to provide the healthcare sector with new tools and information to address medical device cybersecurity.
FDA’s Cybersecurity Awareness Activities in 2021
In 2021, the FDA continued to ensure medical device cybersecurity safety and awareness by:
- Releasing the Best Practices for Communicating Cybersecurity Vulnerabilities to Patients to industry stakeholders and federal partners to consider when designing a communication approach for patients and caregivers about cybersecurity vulnerabilities.
- Increasing the use of the FDA’s Memorandum of Understanding partnerships with sector Information Sharing and Analysis Organizations like H-ISAC, MedISAO, and Sensato to help ensure manufacturers receive timely pre-disclosure and post-disclosure vulnerability information.
- Collaborating with public and private partnerships to continue advancing medical device and health care cybersecurity, such as through participation and leadership in the Healthcare Sector Coordinating Council, the International Medical Device Regulators Forum, and the Medical Device Innovation Consortium.
- Providing responses to the National Institute of Standards and Technology (NIST) request for position papers to fulfill the President’s Executive Order (EO) on Improving the Cybersecurity of the Federal Government (EO 14028).
- Informing the public about a cybersecurity vulnerability within a Real-time operating system in Blackberry QNX, and potential impacts on medical devices and manufacturing equipment.
- Releasing the Discussion Paper: Strengthening Cybersecurity Practices Associated with Servicing of Medical Devices: Challenges and Opportunities to seek input from groups and individuals outside the FDA on cybersecurity issues that are unique to the servicing of medical devices.
- Continuing to respond to medical device and health care cybersecurity vulnerabilities and incidents including healthcare ransomware incidents, third-party software vulnerabilities, and individual medical device vulnerabilities and incidents.