FDA & DHS Coordinate Efforts to Address Cybersecurity

The U.S. Food and Drug Administration (FDA) announced an agreement with the U.S. Department of Homeland Security (DHS) to strengthen the partnership between the agencies and “stay a step ahead of constantly evolving medical device cybersecurity vulnerabilities.”

The agreement formalizes a long-standing relationship by developing a new framework for greater coordination and cooperation. As part of the new framework, specific responsibilities have been assigned to the FDA and the National Protection and Programs Directorate (NPPD), a component of the DHS. The following table provides a breakdown of the responsibilities outlined in the agreement:

                                 

In summary, the DHS will serve as the central coordination center and interface with appropriate stakeholders, and the FDA will provide technical and clinical expertise regarding medical devices.

FDA Commissioner Scott Gottlieb, M.D., during his discussion of the new agreement, addressed the FDA’s continued commitment to confront cybersecurity risk, while also recognizing the need for increased coordination between government agencies:

This agreement is not the first time a government agency has reached out to the FDA in an effort to strengthen medical device cybersecurity. As previously reported on the KnobbeMedical blog, the U.S. Department of Health & Human Services (HHS) Office of the Inspector General recommended earlier this year that the FDA include cybersecurity review as a greater part of the premarket review process for medical devices (e.g., through the inclusion of a Refuse-To-Accept checklists). This new FDA-DHS agreement is another example of continuing attempts to address ongoing medical device cybersecurity risks.

Written by: Albert J. Sueiras