FDA Recommends Steps to Assure Cyber Security in Hospitals

The US Food and Drug Administration (FDA) has recommended that health care facilities take steps to ensure appropriate safeguards are in place to reduce the risk of failure due to cyber attack.

The US Food and Drug Administration (FDA) has recommended that health care facilities take steps to ensure appropriate safeguards are in place to reduce the risk of failure due to cyber attack.

Such failure could be caused by the introduction of malware into medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.

The FDA has become aware of cyber security vulnerabilities and incidents that could directly affect medical devices or hospital network operations, though the agency is not aware of any patient injuries or deaths associated with those incidents. The concern is that many medical devices contain configurable embedded computer systems that can be vulnerable to security breaches, and the increasing interconnectedness of devices via the Internet, hospital networks, other medical devices, and smartphones increases the risk of cyber security breaches.

The FDA recommends that steps be taken to evaluate network security and protect hospital systems, including:

· Restricting unauthorized access to networks and networked medical devices

· Ensuring that antivirus programs and firewalls are up to date

· Monitoring for unauthorized use

· Contacting device manufacturers about any problems with cyber security.

More Information