FDA: Best Practices for Communicating Cybersecurity Vulnerabilities

The U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH) has released a new document this month entitled, “Best Practices for Communicating Cybersecurity Vulnerabilities to Patients.”

The document states, “Although it may not be possible to communicate about every cybersecurity vulnerability, the FDA works with federal partners and industry stakeholders to assess the best approaches to communicate with patients and caregivers about specific and relevant cybersecurity events that may affect public health.”

The FDA and CDRH state in the document that both remain committed to its mission to promote and protect public health, including the effective use of medical devices that are connected to the internet, hospital networks, and other medical devices (“connected medical devices”). The document explains that the increased usage of these devices in the U.S. has led to an increase in cybersecurity vulnerabilities and the FDA is at the forefront of helping reduce cybersecurity issues related to the use of connected medical devices.