The Food and Drug Administration has issued new guidelines for medical device cybersecurity. It requires new medical device applicants to submit a plan on how to monitor, identify, and address cybersecurity issues.
A 2022 FBI report cited research that found 53 percent of digital medical devices in hospitals have known critical vulnerabilities. These devices—including insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, and pacemakers—could be susceptible to cyberattacks that endanger patient health.
The new requirements went into effect as part of a federal spending bill signed by President Joe Biden.
NTD spoke with Derek Georgino, health care risk consultant and NTD contributor, about the guidelines and vulnerabilities.