FDAnews
www.fdanews.com/articles/180328-fda-approach-to-cybersecurity-leaves-open-questions

FDA Approach to Cybersecurity Leaves Open Questions

February 3, 2017

Recent FDA guidance on medical device cybersecurity leaves some unanswered questions for manufacturers, especially on how best to identify and communicate risks.

The agency’s final guidance deals with post-market cybersecurity management and it calls for manufacturers to monitor for vulnerabilities and report any cyber intrusions. But it is not explicit about how companies can find and deal with weaknesses before they are exploited by hackers and about the risks involved in disclosing any vulnerability.

The agency said risk management programs should include procedures for monitoring cybersecurity information sources for vulnerabilities, as well as robust software lifecycle processes, threat modeling, a coordinated vulnerability disclosure policy, and mitigations that address risks before they are exploited. — Jeff Kinney

View today's stories