Last week, the Food and Drug Adminstration (FDA) closed the public comment period on the draft guidelines for Postmarket Management of Cybersecurity in Medical Devices.
In our decade of experience in healthcare security, we've noticed that the most effective information security tools do not disturb clinical workflow. That's why we are pleased to see that FDA's draft guidance not only respects clinical workflow, but also makes crisp, actionable recommendations to manufacturers so that Healthcare Delivery Organizations (HDOs) can get back to their core mission of healthcare delivery. Here's the comment we submitted to FDA; see below for an explanation.
Our comments focus on safe vulnerability scanning and risk management. Why? Our customer base of HDOs, more than any other industry, constantly struggles with asset and vulnerability management, and safe vulnerability scanning is an important ingredient of a successful solution.
- Even small HDOs have thousands of devices that need to be monitored.
- Some devices move between rooms and networks.
- Some devices are powered on & connected only at certain times.
- Some devices touch electronic health records.
- Some devices depend on antique operating systems far outside extended support.
- Some crash against vulnerability scanners.
- Some have vulnerabilities that the vendor should have patched years ago.
To minimize the risks of malware (including ransomware), HDOs need sharp tools that give them constant visibility into their complex networks. That's why we've built BlueFlow™ to help IT and clinical engineering address medical device vulnerabilities.
We're excited to see other healthcare security leaders submitting comments:
- Virta Labs Co-Founder and University of Michigan professor Dr. Kevin Fu wrote about the importance of focusing on exposure to cybersecurity risk.
- Congressman Langevin praised the risk-based philosophy of FDA draft guidance on postmarket cybersecurity.
- The College of Healthcare Information Management Executives (CHIME) praised the FDA postmarket guidance on medical device cybersecurity, but noted opportunities for health delivery organizations and manufacturers to more effectively collaborate on cybersecurity.
- The Mayo Clinic provided FDA with 16 comments based on their expertise as a world-class health delivery organization with a leading internal cybersecurity program.
Virta Labs is developing healthcare-friendly tools that reduce malware risks. To learn more about how Virta Labs can help your organization with postmarket monitoring of cybersecurity risk in medical devices, please request more information at http://go.virtalabs.com/healthcare.