FDAnews
www.fdanews.com/articles/13860-office-of-inspector-general-prods-fda-to-improve-postmarket-cybersecurity

Office of Inspector General Prods FDA to Improve Postmarket Cybersecurity

November 2, 2018

The FDA needs to do more to reduce postmarket cybersecurity risks to medical devices, according to the HHS Office of the Inspector General.

OIG researchers conducted an audit and found the FDA’s policies and procedures “insufficient” for handling postmarket medical device cybersecurity events.

The OIG acknowledged that the agency had implemented some recommendations from a draft version of its audit report, but it called on the agency to:

  • Continually assess cybersecurity risks to medical devices and update its plans and strategies as needed;
  • Establish written procedures for securely sharing sensitive information about cybersecurity events with key stakeholders who have a “need to know”;
  • Enter into a formal agreement with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team; and
  • Ensure the establishment and maintenance of procedures for handling recalls of medical devices vulnerable to cybersecurity threats.

Read the full report OIG here: www.fdanews.com/11-01-18-OIGreport.pdf.