USA – US FDA aims to improve cybersecurity related to servicing and maintenance of medical devices

A new discussion paper published by the US Food and Drug Administration focused on cybersecurity risk and vulnerability issues directly related to servicing medical devices, and is seeking comment from industry and other stakeholders through August 17, 2021.

The FDA discussion paper follows a report on medical device servicing published in 2018 wherein the agency set a goal of strengthening and improving cybersecurity processes tied to the servicing of medical devices. The new paper identifies four cybersecurity issues involved in device servicing:

  • Privileged access, whereby access to a device for servicing purposes is limited to specific privileged users (typically designated by the device’s original equipment manufacturer, or OEM). Extending access to other users or entities to perform servicing, maintenance or repair functions introduces cybersecurity risks. FDA recommends firms establish privileged access to device operating systems and applications, as well as use of user authentication and related controls to mitigate these risks…