National Cybersecurity Awareness Month

Technology in medical devices! It's hardly a secret that it's one of our favorite topics around here. We talk about technology in medical devices all the time. It's also no secret that technology comes with certain risks, as with any new age of innovation. And, just like any other new age of innovation, it doesn't mean that the developments are inherently bad or should be avoided. On the contrary, technology in medicine is saving more lives. What this new frontier does imply is that users, developers, medical device manufacturers, health care providers, and everyone else in the industry and alongside it, all have an obligation to be aware of, and able to react to, new potential risks that come with the advent of increased technology. 

CRDH and FDA are aware of this too, of course. That's why they are supporting and promoting National Cybersecurity Awareness Month this October. As they say, "The FDA believes this a good time to reinforce the importance of medical device cybersecurity and the role we all play in medical device safety." Indeed! Additionally, "All medical devices carry a certain amount of risk. The FDA allows devices to be marketed when there is a reasonable assurance that the benefits to patients outweigh the risks. While the increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats, these same features also improve health care and increase the ability of health care providers to treat patients."

Check out the Stop.Think.Connect. Campaign, "a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone."

Okay, so what does online security have to do with what we're interested in? Well, consider devices like two of the most recent ones we've featured here on MedDevice Monday: an app that's a medical device, and a wristband that's a medical device. Both of these medical devices require access to the internet, and interfacing on various phones, tablets, computers, or other screens. There's ample opportunity—and obligation—to practice cybersecurity best practices with devices like these. And we're only going to encounter more of them as strides continue to be made in technology. And that's a good thing! 

FDA recommends a few best practices, including, 

  • "Medical device manufacturers and health care facilities should take steps to ensure appropriate safeguards. Manufacturers are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity. They are responsible for putting appropriate mitigations in place to address patient safety risks and ensure proper device performance.
  • Hospitals and health care facilities should evaluate their network security and protect their hospital systems."

You can read more about Cybersecurity Awareness Month and FDA's approach to technology at the following resources:

Stop.Think.Connect.

FDA's standing resource page on cybersecurity in digital health

FDA's fact sheet on their role in cybersecurity: myths vs. facts

Premarket management of medical device cybersecurity

Postmarket management of medical device cybersecurity