Skip to main content


FDA Medical Device Safety Action Plan Spotlights Cybersecurity

By Steven Porter  
   April 18, 2018

Trade associations have chimed in with cybersecurity contract recommendations of their own.

The Food and Drug Administration (FDA) released an 18-page document Tuesday designed to help protect patients from the risks of unsafe medical devices in an increasingly interconnected world.

The document, titled "Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health," outlines how the FDA intends to guard against current and future threats, both in the physical world and online.

"Like computers and the networks they operate in, medical devices can be vulnerable to security breaches. Exploitation of device vulnerabilities could threaten the health and safety of patients," FDA Commissioner Scott Gottlieb said in a statement.

"We’ve already taken several steps to promote a multi-stakeholder, multi-faceted approach of vigilance, responsiveness, recovery, and resilience that applies throughout the life cycle of relevant devices," Gottlieb said, noting that his agency plans to seek additional money and cybersecurity-related authorization from Congress.

The action plan's release comes as the Healthcare Supply Chain Association (HSCA) released 12 recommendations of its own for cybersecurity terms and conditions on medical devices.

The top recommendation on the HSCA list calls for suppliers to "warrant their compliance with FDA premarket and post market guidance relative to cybersecurity risks throughout their product's lifecycle."

Steven Porter is an associate content manager and Strategy editor for HealthLeaders, a Simplify Compliance brand.

Get the latest on healthcare leadership in your inbox.