Cyber risks abound in health care, as the experiences of some of the big device companies that operate in Minnesota illustrate. Abbott Laboratories has issued updated software for hundreds of thousands of implanted heart devices over cybersecurity risks. Last month security researchers revealed vulnerabilities in Medtronic heart device-programming machines during a hacking conference in Las Vegas.
With those kinds of risks in mind, FDA staff members are closely examining companies’ preparations for potential computer-hacking threats to devices that millions of Americans depend on, according to an audit report published Tuesday by the Health and Human Services Department’s inspector general office.
“It’s a fairly good story in terms of what FDA is doing on the cybersecurity front. As we dug into their processes further, however, we identified areas where there was room for improvement,” said Abby Amoroso, the San Francisco-based deputy regional inspector general who served as team leader for the study.
FDA officials welcomed the input, noting that they were already following most of it and going beyond it in other aspects.
The guidance involves having the FDA make changes to its internal processes to make sure it asks questions about medical device cybersecurity earlier in the device-approval process, and to ensure such questions are asked uniformly when new device submissions are made…