AHA comments on cybersecurity: Responsibility lies with device manufacturers
Medical device cybersecurity should be the responsibility of device makers, according to the American Hospital Association in its submitted comments on the FDA's Collaborative Approaches for Medical Device and Healthcare Cybersecurity, published in the Federal Register on Sept. 23.
The letter from AHA's Senior Vice President of Public Policy Analysis and Development Linda Fishman called on the agency to "hold device manufacturers accountable" for ensuring the safety of medical devices from cyberthreats while also encouraging them to participate in the sharing of risk information.
"Hospitals and health systems must consider the full spectrum of cyberthreats, not just those involving medical devices," Fishman wrote. "However, medical devices have been identified as key vulnerabilities and high-risk areas for the security of hospitals' overall information systems. The [healthcare and public health] sector cannot successfully protect against cyber risk unless all parts of the sector actively manage risk."
Device manufacturers, she wrote, should "embrace their responsibility to proactively minimize risk."
AHA recommends that the National Institute of Standards and Technology and "partner federal agencies make additional efforts to ensure that the guidance and standards are scalable to the smallest actors in critical infrastructure sectors, including physician offices and small rural hospitals."
Read the complete letter.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.