Companies Nervous About 'Sharing' Organizations Touted In FDA Cyber Guidance
This article was originally published in The Gray Sheet
Industry groups have questions and concerns about the Information Sharing and Analysis Organizations highlighted in FDA's recent postmarket cybersecurity draft guidance. The agency's use of the term "essential clinical performance" in the document has also raised concerns, comments submitted to FDA show.
You may also be interested in...
As reports of potential cybersecurity vulnerabilities and ransomware attacks on health-care institutions have increased in recent years, manufacturers are stepping up efforts to protect their products and reputation. To defend against such attacks companies are developing strategies and hiring hackers who are able to understand potential adversaries.
US FDA says the collaborative approach taken by an independent security researcher and Johnson & Johnson/Animas in responding to a potentially fatal cybersecurity vulnerability with the firm's Animas OneTouch Ping insulin pump should be a model for the industry that aligns with the agency's recent draft guidance.
While conflicting reports have surfaced regarding the veracity of allegations from a short-seller that a significant number of St. Jude cardiac rhythm management devices have serious cybersecurity flaws, FDA says plans to complete an initial assessment of the allegations soon. The Minnesota device-maker, meanwhile, says it is suing the short-seller for disseminating false information.