The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) announced they will be implementing a new framework to ensure greater coordination and cooperation for addressing cybersecurity in medical devices.
The two agencies have already worked together on many aspects of medical device cybersecurity, but the memorandum of agreement between the FDA's Center for Devices and Radiological Health and the DHS Office of Cybersecurity and Communications is meant to encourage even greater coordination and information sharing about potential or confirmed medical device cybersecurity vulnerabilities and threats. This increased collaboration could lead to timelier and better responses to potential threats, the FDA and DHS said. They also plan to enhance shared technical capabilities, such as conducting collaborative risk assessments of potential vulnerabilities and coordinating device testing, if necessary.
DHS will continue to serve as the central medical device vulnerability coordination center, and will interface with appropriate stakeholders, including the FDA for technical and clinical expertise regarding medical devices. In addition, The DHS' National Cybersecurity and Communications Integration Center will continue to coordinate and enable information sharing between medical device manufacturers, researchers, and the FDA, particularly in the event of cybersecurity vulnerabilities in medical devices that are identified to the DHS. For its part, the FDA will continue to engage in regular, ad hoc, and emergency coordination calls with DHS and advise the agency regarding the risk to patient health and potential for harm posed by identified cybersecurity threats and vulnerabilities.
"Our strengthened partnership with DHS will help our two agencies share information and better collaborate to stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities and assist the healthcare sector in being well-positioned to proactively respond when cyber vulnerabilities are identified," said FDA Commissioner Dr. Scott Gottlieb in a statement. "This agreement demonstrates our commitment to confronting cybersecurity risks and the unscrupulous cybercriminals who may seek to put patient lives at risk."