FDA offers best practices for patient-facing alerts on medical device vulnerabilities

The agency noted that communications about cyber risks should be easy to understand and readily available online.

The U.S. Food and Drug Administration released a new best practices document this week to help healthcare actors and government agencies design a communication approach regarding cybersecurity vulnerabilities.   

The agency's Center for Devices and Radiological Health notes that the document is not a guidance and doesn't create any regulatory expectations.  

Instead, authors "hope that this document may be a useful resource for industry stakeholders and federal partners."

WHY IT MATTERS  

As the document notes, the increased use of connected medical devices in the country has, in turn, led to an increase in cybersecurity vulnerabilities.

During past meetings, patient advisors raised the importance of clear, actionable communication about such vulnerabilities in order to promote public health and mitigate potential harms.

With that in mind, when developing a cybersecurity communication strategy, the FDA advises stakeholders and federal partners to consider the following elements: