The FDA Appoints its First Chief of Medical Devices Cybersecurity
Technology and medicine have long been inextricably linked. In most cases, the evolution of tech has led to significant and life-saving advances in the medical world, but it also presents challenges.
As we become more reliant on technology, we also become more susceptible to cyber-attacks and breaches — which is especially concerning when it comes to medical devices. While any cybercrime could be considered high-stakes, these circumstances are literally life-and-death. That’s precisely why the FDA recently appointed the first-ever medical device cybersecurity chief: professor and science researcher Kevin Fu.
What does this position entail and how will it affect device manufacturing and the patients who rely on this technology?
What Does This Position Do?
Cybersecurity risks have grown exponentially over the past couple of decades. And while the FDA has been addressing these concerns along the way, this new position is designed to increase risk mitigation.
For the past several years, Fu has been researching embedded security — including identifying vulnerabilities within implantable cardiac defibrillators. During his one-year term with the FDA, he’ll continue these assessing devices before they enter the market, help advance the agency’s Center for Devices and Radiological Health (CDRH) cybersecurity program, and expand public-private partnerships.
"I view my year as guiding an aircraft carrier in the direction of my vision for improving medical device cybersecurity," Fu said in a quote shared with Medscape. "It will take years of continuous effort and leadership on cybersecurity to ensure safe and effective devices as new threats and vulnerabilities inevitably arise."
What Does This Mean for Device Manufacturers and Users?
Medical devices have grown in usage and importance throughout the COVID-19 pandemic. Solutions like home dialysis are helping boost safety amid the virus, but also convenience and quality-of-life.
Unfortunately, cybercriminals see these advances as opportunities for stealing patient data and committing other nefarious crimes — especially as devices have moved from more secure hospital environments to people’s homes, which typically have less sophisticated protections in place. Unsecured WiFi connections are prime targets.
The solution? Better built-in security. "A big part of my year concerns continuous improvement on the medical device industry side in what it means to ‘design in' cybersecurity during initial product development,” Fu said. This means manufacturers will need to make security a leading priority if they want devices to be approved.
Additionally, it’s crucial doctors talk to their patients about the cybersecurity risks associated with medical devices and ensure they’re doing whatever possible to reduce those risks. For example, setting up a firewall and avoiding public WiFi.
Medical devices are incredible tools that can significantly improve patients’ lives, but until tech manufacturers can find a way to overcome those cybersecurity risks, users will need to protect themselves.