News Feature | September 25, 2014

FDA Sets Date For Cybersecurtiy Workshop

By Nick Otto

The FDA is seeking public input on the cybersecurity of medical devices and has scheduled for next month a two-day public workshop in collaboration with the Department of Homeland Security.

The Collaborative Approaches for Medical Device and Healthcare Cybersecurity workshop will take place Oct. 21 and 22 at the National Intellectual Property Rights Coordination Center Auditorium in Arlington, VA, according to a Federal Register notice.

The two agencies are asking the Healthcare and Public Health (HPH) industry – including, but not limited to; medical device manufacturers; healthcare facilities; personnel, professional, and trade organizations; patient groups; insurance providers; and cybersecurity researchers — for input on medical device and healthcare cybersecurity with hopes to “catalyze collaboration” among the HPH industry.

“Participants will identify barriers to promoting cooperation; discuss innovative strategies to address challenges that may jeopardize critical infrastructure; and enable proactive development of analytical tools, processes, and best practices by the stakeholder community in order to strengthen medical device cybersecurity,” according to the notice.

According to the Federal Register, some of the topics the two agencies plan to discuss include:

  • Envisioning a collaborative environment for information sharing and developing a shared risk-assessment framework using a common lexicon.
  • Overcoming barriers (perceived and real) to create a community of `shared ownership and shared responsibility' within the HPH Sector to increase medical device cybersecurity.
  • Gaining situational awareness of the current cyber threats to the HPH Sector, especially to medical devices.

In 2012, the Government Accountability Office issued a report urging the FDA to “develop and implement a plan expanding its focus on information security risks.”

Since then, the agency has issued draft guidance on the subject, providing recommendations for device makers submitting premarket submissions to reduce risks devices could be compromised.

“As the industry evolves, we can expect that cybersecurity will be part of new FDA regulatory framework for medical apps and connected devices,” Scott Sheaf, senior software engineer at Battelle, said recently..

The workshop will be webcast, and registration for physical attendance is on a first-come basis. The FDA is taking comment on the workshop, and industry has until Nov. 24 to submit comment.