FDA Reacts to Critique of Medical Device Security Strategy

The Department of Health and Human Services’ Office of Inspector General’s report says the agency found FDA’s policies and procedures insufficient for handling postmarket medical device cybersecurity events.In addition, the watchdog agency notes that FDA had not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices. It also notes that in two of 19 FDA district offices, FDA had not established written standard operating procedures to address recalls of medical devices vulnerable to cyber threats.The OIG report acknowledges, however, that the weaknesses existed because, at the time of OIG’s fieldwork in early 2017, FDA had not sufficiently assessed medical device cybersecurity.”We shared our preliminary findings with FDA in advance of issuing our draft report. Before we issued our draft report, FDA implemented some of our recommendations. Accordingly, we kept our original findings in the report, but, in some instances, removed our recommendations,” the report notes.

Source: https://www.healthcareinfosecurity.com/fda-reacts-to-critique-medical-device-security-strategy-a-11689