- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
FDA Protects Medical Devices Against Cyber-Threats With New Measures
The US Food and Drug Administration (FDA) staff has published new guidelines to strengthen the cybersecurity levels of internet-connected products used by hospitals and healthcare providers.
According to a guidance document published earlier today, applicants seeking approval for new medical devices must submit a plan designed to “monitor, identify and address” possible cybersecurity issues associated with them.
Further, applicants will also need to outline a process to provide “reasonable assurance” that the device in question is protected with regular security updates and patches, including for critical situations.
Finally, they will be expected to provide the FDA with “a software bill of materials,” which should include commercial, open-source and off-the-shelf software components.
The FDA guidelines provide information regarding the definition of “cyber device,” intended as a device that includes software validated, installed or authorized by the sponsor as a device or in a device, that can be connected to the internet and contains technological characteristics that could be vulnerable to cybersecurity threats.
The guidance document is part of the $1.7 trillion federal omnibus spending bill President Joe Biden signed in December 2022. The legislation also requires the FDA to update its medical device cybersecurity guidance at least every two years.
The new FDA guidelines come a couple of months after security experts at Sonar found three vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management.
More recently, the infamous Russia-affiliated hacktivist group known as KillNet was observed targeting healthcare applications hosted using the Microsoft Azure infrastructure.
Given the considerable efforts threat actors put into targeting the healthcare industry, the FDA’s new requirements could save lives. This is particularly true when considering a September 2022 report by Proofpoint’s Ponemon Institute that linked increased mortality rates to cyber-attacks targeting healthcare organizations.