TGA Releases Guidance on Device Cybersecurity

Australia’s Therapeutic Goods Administration released new guidance for devicemakers on cybersecurity risks.

If the cybersecurity risk is not minimized throughout the life of the device, the agency said, it can lead to “a breach in the confidentiality, integrity and availability of medical device data, or malicious unauthorized access to the medical device and the network it operates on.”

As the complexity of devices increases so does the potential for hardware and software vulnerabilities, the agency said, adding that effective cybersecurity requires steps by manufacturers, sponsors, clinicians and patients.

The TGA pointed to the U.S. National Institute of Standards and Technology’s cybersecurity framework as a model for addressing cybersecurity risks throughout a product’s lifecycle.