GAO Says FDA, CISA Should Update Medical Device Cybersecurity Agreement

A five-year-old agreement between the FDA and the Cybersecurity and Infrastructure Security Agency (CISA) on medical device cybersecurity should be updated to reflect new practices, according to a recent report by the U.S. Government Accountability Office (GAO).

While the FDA has primary responsibility for medical device cybersecurity, the GAO says, the agency formally collaborates with CISA on security guidance for device manufacturers and public alerts about current vulnerabilities.

But the current formal agreement doesn’t address all collaboration practices and “needs to be updated to reflect organizational and procedural changes that have occurred since 2018” and “improve agency coordination and clarify roles,” the GAO report states.

Read the full report here.

To read the whole story, click here to subscribe.

Related Topics