FDA Cybersecurity Workshop Scheduled

Today the Food and Drug Administration published a notice in the Federal Register (79 FR 56814-56816) announcing a public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”. The notice also serves as a request for comments on the same topic. The two day workshop will be held on October 21^st in Arlington, VA.

Recognizing the increasing interconnectedness of medical devices, diagnostic tools, individual medical records and health care administrative functions the FDA is holding this workshop to look at how the health care community and the Healthcare and Public Health (HPH) Sector can collaboratively increase cybersecurity and implement the Cybersecurity Framework (CSF) developed by NIST.

The two day workshop will address the following themes:

● Envisioning a collaborative environment for information sharing;

● Overcoming barriers to create a community of `shared ownership and shared responsibility' within the HPH Sector;

● Gaining situational awareness of the current cyber threats to the HPH Sector, especially to medical devices;

● Identifying cybersecurity gaps and challenges;

● Adapting and implementing the Framework to support management of cybersecurity risks involving medical devices;

● Developing tools and standards to build a comprehensive cybersecurity;

● Leveraging the technical subject matter expertise of the cybersecurity researcher community; and

● Building potential solutions.

Additionally, the FDA is looking for input on five specific cybersecurity related questions:

● Are stakeholders aware of the “Framework for Improving Critical Infrastructure Cybersecurity”?

● How can we establish partnerships within the HPH Sector to quickly identify, analyze, communicate, and mitigate cyber threats and medical device security vulnerabilities?

● How might the stakeholder community create incentives to encourage sharing information about medical device cyber threats and vulnerabilities?

● What lessons learned, case studies, and best practices (from within and external to the sector) might incentivize innovation in medical device cybersecurity for the HPH Sector? 

● How do HPH stakeholders strike the balance between the need to share health information and the need to restrict access to it?

In addition to responses from workshop participants about these themes and questions, the FDA is soliciting written comments on these topics. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # FDA-2014-N-1286). Comments need to be submitted by October 7^th. That is a very short deadline, but the FDA is going to attempt to use these comments to guide their presentations at the workshop.

Because of limited seating availability the FDA is requiring advanced registration to attend the workshop. You are supposed to be able to register for this on-line via the FDA Workshop and Conferences (Medical Devices) web page, but as of 05:00 am CDT this workshop was not listed on that page. This workshop will also be web cast. Registration for the web cast is also supposed to be via the same web site. The registration deadline for both is October 14^th.