Threat watch

Modern Healthcare - - News -

Among other things, the OIG au­dit found:

The Food and Drug Ad­min­is­tra­tion had not ad­e­quately tested its abil­ity to re­spond to emer­gen­cies re­sult­ing from cy­ber­se­cu­rity events in med­i­cal de­vices

Two out of 19 district of­fices had not es­tab­lished writ­ten pro­ce­dures ad­dress­ing re­calls of med­i­cal de­vices vul­ner­a­ble to cy­berthreats

The FDA did not clearly de­fine “emer­gency” to in­clude a cy­ber­se­cu­rity threat, vul­ner­a­bil­ity, or ex­ploit in med­i­cal de­vices

The OIG rec­om­mended the FDA:

Con­tin­u­ally as­sess the cy­ber­se­cu­rity risks to med­i­cal de­vices and up­date, as ap­pro­pri­ate, its plans and strate­gies

Es­tab­lish writ­ten pro­ce­dures and prac­tices for se­curely shar­ing sen­si­tive in­for­ma­tion about cy­ber­se­cu­rity events with key stake­hold­ers who have a “need to know”

En­ter into a for­mal agree­ment with fed­eral agency part­ners

Es­tab­lish and main­tain pro­ce­dures for han­dling re­calls of med­i­cal de­vices vul­ner­a­ble to cy­ber­at­tacks

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.