The FDA is taking steps to address cybersecurity vulnerabilities in medical devices but needs to foster more cooperation between stakeholders to encourage timely reporting of cybersecurity incidents, Rep. Diana DeGette (D-Colo.) said in an interview.
DeGette and Rep. Susan Brooks (R-Ind.), both members of the House Energy and Commerce Committee, recently asked the agency about its cybersecurity initiatives. In a letter to FDA Commissioner Robert Califf and Director of the Center for Devices and Radiological Health Jeffrey Shuren, DeGette and Brooks sought details regarding plans to further reduce risks of hacking, unauthorized access, and use of malware.
DeGette and Brooks also asked the FDA about its level of collaboration with manufacturers and other stakeholders, efforts to enhance cybersecurity throughout a device’s life cycle, personnel expertise on cybersecurity, and interagency coordination. They requested a response from the agency by Dec. 16.
DeGette’s request comes at a time of increasing concern about cybersecurity threats to medical devices. Up to 15 million medical devices are integrated into the nation’s digitized healthcare network, creating myriad avenues for cyber-attacks.
“As cyber threats continue to evolve at a rapid pace, FDA must work to prevent emerging threats, mitigate existing vulnerabilities, and assess the strength of a device’s cyber resilience in both pre-market and post-market contexts,” she said in the interview.
DeGette said that she will monitor the FDA’s cybersecurity efforts closely, but that it is premature to talk about legislation on the topic.
“We want to hear more from FDA, other federal agencies, and key stakeholders before deciding whether legislation is necessary,” she said. “My priority right now is to learn whether all stakeholders across the system — including the FDA — have the resources they need to deal with emerging issues as technology continues to evolve. I also want to make sure all device manufacturers, big and small, are able to share best practices and efficiently navigate through the myriad federal agencies with jurisdiction over this issue.”