Gaps Remain In US FDA's Response Procedures For Cybersecurity Events, OIG Says
Executive Summary
FDA's policies and procedures do not adequately address how to handle post-market device cybersecurity events and the agency had not adequately tested its ability to respond to emergencies arising from such events, US HHS' investigative arm says. But the top cybersecurity official at FDA's device center says OIG's report is "incomplete and inaccurate."
You may also be interested in...
Lack Of Funding Stalls Major US FDA Cybersecurity Initiative
A public-private partnership board long touted by top US FDA officials to help address cybersecurity threats has hit a funding wall. The agency received less than half of what it asked for in the FY 2019 budget for its digital efforts, including its cybersecurity strategy, leading it to make some tough choices.
Device-Makers Need To Open Up More On Cybersecurity In Pre-Market, Draft Guidance Says
A new update to the pre-market cybersecurity guidance issued four years ago reflects how US FDA's thinking on the issue has evolved, as more cases of device vulnerabilities have surfaced. Among the key updates are recommendations for sponsors to submit a cybersecurity "bill of materials" in product labeling to better coordinate with end-users and to use a two-tiered risk management approach.
US FDA Pushes Further On Cybersecurity Efforts Despite Limited Resources
US FDA unveiled multiple cybersecurity-related initiatives, including two memoranda of understandings to launch information sharing organizations and playbook for health-care delivery organizations. The agency is continuing a multi-front attack in the area, despite limited resources.