Food and Drug Administration final guidance protects medical devices from hacks

December 27, 2016

The Food and Drug Administration (FDA) has finalized guidance on keeping medical devices such as pacemakers and insulin pumps safe from hacks.

Device makers should develop “a structured and comprehensive program to manage cybersecurity risks” even after their products are sold, according to Dr. Suzanne Schwartz, associate director for science and strategic partnerships at the FDA’s Center for Devices and Radiological Health.

The agency currently is investigating claims that St. Jude Medical’s heart devices are vulnerable to hacks that could be life-threatening to patients. The allegations, made by short-selling investment firm Muddy Waters and cybersecurity company MedSec Holdings, claim St. Jude’s devices “lack even the most basic forms of security.”