As cyberattacks on U.S. hospitals continue to increase with health care’s growing reliance on technology, a new report from the U.S. Office of Inspector General (OIG) has flagged Medicare’s requirements for being silent on the cybersecurity of networked medical devices. The OIG’s study found hospitals are not required to identify networked device cybersecurity in their emergency preparedness risk assessments, and as a result, they don’t include this information “very often.”
A new FDA discussion paper addresses cybersecurity issues specific to the servicing of medical devices, with the goal of guiding the conversation about potential challenges and opportunities. It coincides with a larger agency initiative to provide more clarity on servicing.
The FDA’s Center for Devices and Radiological Health (CDRH) issued a new document on June 8 responding to the National Institute of Standards and Technology (NIST) call for position papers to fulfill the President’s Executive Order on improving the federal government’s cybersecurity. It details how CDRH is planning to do its part to advance the shared goal within medical devices.
It’s no secret that physicians are the interface between device makers and the patient, but their role in cybersecurity has been limited to date. However, Christian Dameff, assistant professor of biomedical informatics and computer science at the University of California San Diego, said its time to engage physicians once they are in practice and to include cybersecurity in medical school education, two efforts he said would go a long way toward improving medical device cybersecurity in the clinical setting.
In a span of a mere two years, the state of California passed two ballot initiatives dealing with privacy that promise to have an impact on digital health, the second of which created an office specifically for privacy enforcement matters. Eric Goldman, a professor of law at the Santa Clara (California) University School of Law, said on a recent webinar that the state attorney general’s office and the new California Privacy Protection Agency (CPPA) have overlapping jurisdiction, and as a consequence, companies doing business in California may find themselves at the mercy of not one, but two enforcement entities.
The latest global regulatory news, changes and updates affecting medical devices and technologies, including: FDA: Metal-containing masks can cause injuries during MRIs.
The latest global regulatory news, changes and updates affecting medical devices and technologies, including: Vaccine, diagnostic developers targeted by cyberattacks; Groups make case for extending sequester moratorium; More money needed for global vaccine effort; Russia extends COVID-19 drug, device program.
The latest global regulatory news, changes and updates affecting medical devices and technologies, including: NIST ramps up Zero Trust cybersecurity program; TGA sets date for mesh up-classification; IMDRF posts post-market study update; ANVISA updates list of non-regulated devices.
The latest global regulatory news, changes and updates affecting medical devices and technologies, including: FDA’s cybersecurity discussion paper emerges; CMS eyes MAC default for Allomap coverage; CMS floats draft coverage for CRC screening test.
There are some U.S. FDA work items that have been hampered primarily by the COVID-19 pandemic, and some that have just proven difficult to push across the finish line. The FDA’s October 2018 draft guidance for premarket considerations for cybersecurity in medical devices might fall into that latter category, but the FDA’s Suzanne Schwartz said the agency will reissue another draft version of that guidance, which will be available sometime in early 2021.
RSS
