OIG: FDA Should Address Postmarket Cybersecurity Risk to Medical Devices

The Food and Drug Administration’s policies and procedures were insufficient for handling postmarket medical device cybersecurity events, and the agency has not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices, according to a Department of Health and Human Services Office of Inspector General report released Nov. 2. OIG recommends that FDA: continually assess the cybersecurity risks to medical devices and update, as appropriate, its plans and strategies; establish written procedures and practices for securely sharing sensitive information about cybersecurity events with key stakeholders who have a need to know; enter into a formal agreement with federal agency partners to establish roles and responsibilities; and ensure the establishment and maintenance of procedures for handling recalls of medical devices vulnerable to cybersecurity threats.

Visit Us

North Carolina Healthcare Association

2400 Weston Parkway
Cary, NC 27513

Main: 919-677-2400
Fax: 919-677-4200

Contact Us