FDA and DHS Expand Device Cybersecurity Partnership

The U.S. Food and Drug Administration (FDA; Silver Spring, MD, USA) and the Department of Homeland Security (DHS; Washington DC, USA) have announced a new framework for greater coordination and cooperation that will address medical device cybersecurity. The collaboration agreement will increase sharing of information of potential or known threats, assessments regarding the level of risk a potential vulnerability, and technical capabilities, with coordinated testing of devices as warranted.

Under the agreement, DHS will serve as the central medical device vulnerability coordination center and interface with appropriate stakeholders, including consulting with the FDA for technical and clinical expertise regarding medical devices. The DHS National Cybersecurity and Communications Integration Center will continue to coordinate information sharing between the FDA, medical device manufacturers, and researchers, particularly in the event of cybersecurity vulnerabilities in medical devices that are identified to the DHS.

The FDA will continue to engage in regular, ad hoc, and emergency coordination calls with DHS and advise DHS regarding the risk to patient health and potential for harm posed by identified cybersecurity threats and vulnerabilities. The agencies will also collaborate on planning, executing, and conducting after-action reviews of DHS-led exercises that simulate real-world cybersecurity attacks, and enable the federal government and stakeholders to practice and improve their responses to these threats.

“As innovation in medical devices advances and more devices are connected to hospital networks or to other devices, ensuring that devices are adequately protected against cyber-intrusions is paramount to protecting patients,” said FDA Commissioner Scott Gottlieb, MD. “Our strengthened partnership with DHS will help our two agencies share information and better collaborate to stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities, and assist the healthcare sector in being well-positioned to proactively respond when cyber-vulnerabilities are identified.”

“Ensuring our ability to identify, address and mitigate vulnerabilities in medical devices is a top priority, which is why DHS depends on our important partnership with the FDA to collaborate and provide actionable information. This agreement is another important step in our collaboration,” said Christopher Krebs, undersecretary for the DHS National Protection and Programs Directorate. “DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country.”

Related Links:
U.S. Food and Drug Administration
Department of Homeland Security