Feds boost cooperation on medical device cybersecurity

Register now

The Food and Drug Administration and Department of Homeland Security will work more closely to address threats to medical device cybersecurity.

The federal agencies have signed a memorandum of agreement to increase coordination and cooperation when it comes to potential or confirmed vulnerabilities and threats.

While the agencies have previously worked together on medical device cybersecurity, particularly around coordination of vulnerability disclosures, the agreement formalizes a long-standing relationship between the FDA and DHS, according to the announcement.

“The FDA has been proactive in developing a robust program to address medical device cybersecurity concerns,” says Scott Gottlieb, MD, the FDA’s commissioner. “But we also know that securing medical devices from cybersecurity threats cannot be achieved by one government agency alone. Every stakeholder has a unique role to play in addressing these modern challenges.

“That’s why this announcement is so important,” Gottlieb adds. “Our strengthened partnership with DHS will help our two agencies share information and better collaborate to stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities and assist the healthcare sector in being well positioned to proactively respond when cyber vulnerabilities are identified.”

Also See: FDA issues ‘playbook’ to providers for medical device cybersecurity

The agreement seeks to boost information sharing between the two agencies to “enhance mutual awareness of potential or known threats, thereby heightening coordination when vulnerabilities are identified.” In particular, the FDA and DHS will conduct collaborative assessments to determine the “level of risk a potential vulnerability may pose to patient safety and coordinate testing of devices as warranted.”

As part of the agreement, DHS will retain its status as the central medical device vulnerability coordination center and continue to work with stakeholders, including consulting with the FDA for technical and clinical expertise regarding devices. In addition, the DHS National Cybersecurity and Communications Integration Center will maintain its responsibilities for coordinating and enabling information sharing between medical device manufacturers, researchers and the FDA.

“Ensuring our ability to identify, address and mitigate vulnerabilities in medical devices is a top priority, which is why DHS depends on our important partnership with the FDA to collaborate and provide actionable information,” says Christopher Krebs, undersecretary for the National Protection and Programs Directorate at DHS.

“This agreement is another important step in our collaboration,” Krebs adds. “DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country. DHS has enjoyed a great working relationship with the FDA for several years, and we look forward to this agreement making that working relationship even stronger and more effective.”

For reprint and licensing requests for this article, click here.