ARTICLE SUMMARY:
With global risk on the rise, FDA has issued its much-anticipated draft device cybersecurity guidance. Medtech cyber czar Kevin Fu explains that this proposal takes a total product lifecycle approach, incorporating both pre- and postmarket coverage, while emphasizing the need for companies to employ threat modeling as part of device development. One change: The focus is now on software with hardware seen as less of a threat.
The current geopolitical situation has elevated the risk of cyberattacks throughout all industries and geographies to a level never before seen. Potential threats, which once came largely as ransomware attacks from random hackers or organized criminal groups, are now also being generated by state actors on a national level. And while a multitude of industries are obvious potential targets, healthcare generally is high on the list of actual cyber victims.
This is no longer a matter of a possible risk presented in a fictional television episode of the series Homeland, in which the vice president’s pacemaker is hacked. The reports of cyberattacks on US hospitals and provider organizations are real, widespread, and getting more sophisticated. A recent article in The Wall Street Journal highlighted the increased sophistication of these healthcare cyber breaches, resulting in efforts to employ cyber artificial intelligence (AI) tools to prevent such attacks.
