News | Cybersecurity | October 30, 2018

FDA and DHS Expand Partnership on Medical Device Cybersecurity

Agreement will allow greater information sharing between agencies on threats and vulnerabilities in medical devices

FDA and DHS Expand Partnership on Medical Device Cybersecurity

October 30. 2018 — The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will be implementing a new framework for greater coordination and cooperation between the two agencies for addressing medical device cybersecurity. The partnership is part of a memorandum of agreement the two agencies issued this month.  

“As innovation in medical devices advances and more devices are connected to hospital networks or to other devices, ensuring that devices are adequately protected against cyber-intrusions is paramount to protecting patients. The FDA has been proactive in developing a robust program to address medical device cybersecurity concerns,” said FDA Commissioner Scott Gottlieb, M.D. “But we also know that securing medical devices from cybersecurity threats cannot be achieved by one government agency alone. Every stakeholder has a unique role to play in addressing these modern challenges. That’s why this announcement is so important. Our strengthened partnership with DHS will help our two agencies share information and better collaborate to stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities and assist the healthcare sector in being well-positioned to proactively respond when cyber-vulnerabilities are identified. This agreement demonstrates our commitment to confronting cybersecurity risks and the unscrupulous cybercriminals who may seek to put patient lives at risk.”

“Ensuring our ability to identify, address and mitigate vulnerabilities in medical devices is a top priority, which is why DHS depends on our important partnership with the FDA to collaborate and provide actionable information. This agreement is another important step in our collaboration,” said Christopher Krebs, undersecretary for the National Protection and Programs Directorate at DHS. “DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country. DHS has enjoyed a great working relationship with the FDA for several years and look forward to this agreement making that working relationship even stronger and more effective.”    

The agreement, between the FDA’s Center for Devices and Radiological Health (CDRH) and DHS’ Office of Cybersecurity and Communications (OCC), is meant to encourage even greater coordination and information sharing about potential or confirmed medical device cybersecurity vulnerabilities and threats. Such collaboration can lead to more timely and better responses to potential threats to patient safety.

The two agencies have already worked together on many aspects of medical device cybersecurity, most notably around coordination of vulnerability disclosures. This helps medical device manufacturers receive technical information from cybersecurity researchers regarding identified vulnerabilities in their products in a way that enables all parties to respond to potential threats in a timely way. The agencies have also collaborated on planning, executing and conducting after-action reviews of DHS-led exercises that simulate real-world cybersecurity attacks and enable the government and stakeholders to practice and improve their responses to these threats.

The goal of the agreement is to expand these types of collaboration by increasing the sharing of information between the two agencies to enhance mutual awareness of potential or known threats, thereby heightening coordination when vulnerabilities are identified. The agreement will also enhance shared technical capabilities, such as conducting collaborative assessments regarding the level of risk a potential vulnerability may pose to patient safety and coordinate testing of devices as warranted.

Under the agreement, DHS will continue to serve as the central medical device vulnerability coordination center and interface with appropriate stakeholders, including consulting with the FDA for technical and clinical expertise regarding medical devices. The DHS’ National Cybersecurity and Communications Integration Center will continue to coordinate and enable information sharing between medical device manufacturers, researchers and the FDA, particularly in the event of cybersecurity vulnerabilities in medical devices that are identified to DHS. The FDA will continue to engage in regular, ad hoc and emergency coordination calls with DHS and advise DHS regarding the risk to patient health and potential for harm posed by identified cybersecurity threats and vulnerabilities.

For more information: www.fda.gov, www.dhs.gov

Related Content

Sponsored Content | Videos | Artificial Intelligence | February 21, 2020
In Artificial Intelligence at RSNA 2019, ITN Contributing Editor Greg Freiherr offers an overview of artificial intel
Altamont’s zero-footprint solution, CaptureWare, allows Mach7’s Enterprise Imaging Platform (EIP) to ingest more DICOM and/or non-DICOM data from various sources in a facility
News | PACS | February 20, 2020
February 20, 2020 — Mach7 announced its partnership with Altamont
Sponsored Content | Videos | Enterprise Imaging | February 19, 2020
Bill Lacy, vice president, Medical Informatics at FUJIFILM Medic...
The Candelis ImageGrid Plus PACS Server is an ultra-high-performance platform that can support high volume healthcare environments of 1,000 plus modalities
News | PACS | February 12, 2020
February 12, 2020 — The Candelis ImageGrid Plus...
An example of artificial intelligence (AI) being developed by Hitachi to automatically review and identify nodules on lung CT scans. This is part of a suite of AI apps Hitachi is developing. This example was being shown as a work in progress at RSNA 2019.

An example of artificial intelligence (AI) being developed by Hitachi to automatically review and identify nodules on lung CT scans. This is part of a suite of AI apps Hitachi is developing. This example was being shown as a work in progress at RSNA 2019. Photo by Dave Fornell.

Feature | Artificial Intelligence | February 07, 2020 | Sanjay Parekh, Ph.D. 
February 7, 2020 – At the 2019 Radiological Society...
Infervision’s deep learning medical imaging platform is helping screen patients for the coronavirus in China. It acts as second pair of eyes to identify multiple diseases from one set of chest scans. The artificial intelligence (AI) can provide a complete view of the nodule, including volume and density.

Infervision’s deep learning medical imaging platform is helping screen patients for the coronavirus in China. It acts as second pair of eyes to identify multiple diseases from one set of chest scans. The artificial intelligence (AI) can provide a complete view of the nodule, including volume and density.

News | Artificial Intelligence | February 04, 2020
February 4, 2020 — Since January 2020, the...
Qynapse, a medical technology company, announced that it received U.S. Food and Drug Administration (FDA) 510(k) clearance for its QyScore software
News | Information Technology | February 04, 2020
February 4, 2020 — Qynapse, a medical technology company, anno
While electronic medical record systems have helped consolidate most patient data into one location, medical imaging IT systems has proved to be more difficult to replicate by large EMR vendors. This has made room in the market for third-party radiology IT vendors that allow easy integration with the larger EMRs like Epic and Cerner. This image shows Agfa's enterprise imaging system, leveraging its ability to be accessed anywhere with internet connection and pull images from radiology and surgery.

While electronic medical record systems have helped consolidate most patient data into one location, medical imaging IT systems has proved to be more difficult to replicate by large EMR vendors. This has made room in the market for third-party radiology information system vendors that allow easy integration with the larger EMRs like Epic and Cerner. This image shows Agfa's enterprise imaging system, leveraging its ability to be accessed anywhere with an internet connection and able to pull in images from both radiology and surgery. 

Feature | Enterprise Imaging | February 02, 2020 | Steve Holloway
The growing influence and uptake of electronic medical records (EMRs) in healthcare has driven debate over the future