Tuesday, April 25, 2017

FDA Announces Medical Device Cybersecurity Workshop

Today the Food and Drug Administration published a meeting notice in the Federal Register (82 FR 19059-19060) for a public workshop on “Cybersecurity of Medical Devices: A Regulatory Science Gap Analysis”. The two-day workshop will be held on May 18th, 2017 in Silver Springs, MD. The objective of the workshop is to facilitate a discussion on the current state of regulatory science in the field of cybersecurity of medical devices, with a focus on patient safety.

Cybersecurity Regulatory Science

The FDA notes that their Center for Devices and Radiological Health (CDRH) identified medical device cybersecurity as one of their top 10 regulatory science gaps. In the CDRH publication “Regulatory Science Priorities (FY2016)” it was noted that (page 8):

“Digital Health and cybersecurity are some of the fastest growing areas impacting medical devices. Devices are being increasingly used in networked environments and are expected to communicate with one another securely and accurately. To ensure these technologies and technological environments achieve the desired public health impact, research is needed to enhance performance and security of medical devices and interoperability, and to understand the impact of software modifications on device performance.”

With that in mind the FDA, in conjunction with the National Science Foundation and the DHS Science and Technology Directorate, is attempting to establish a cybersecurity regulatory science research framework to foster a collaborative research conducted between federal agencies such as NSF, DHS S&T, academia, medical device industry, and third party experts and other organizations with input from FDA.

Workshop Agenda

This scheduled workshop is designed to support that effort by conducting a number of simultaneous working sessions discussing the following topics:

• Relationship between medical device cybersecurity and patient safety;
• Unique cybersecurity and regulatory challenges for medical devices;
• Differences in cybersecurity between home care, large health care providers, and acute care settings (e.g., ambulance, emergency room);
• The roles and intersection of information technology professionals and biomedical engineering staff;
• Potential metrics, evaluation tools to test and quantify the cybersecurity of medical devices and systems;
• Automated and manual tools for communicating cybersecurity information about medical device design and function;
• Best practices for cybersecurity of medical devices at deployment and how to apply updates throughout the medical device lifecycle;
• Human factor issues in cybersecurity of medical device development, deployment, and use of devices; and
• Best practices in cybersecurity design, deployment, and post-deployment activities and procedures.

Each of the sessions will attempt to add to address the:

• Immediate cybersecurity challenges and potential solutions to facilitate entry of innovative medical devices into the marketplace;
• Cybersecurity regulatory science gaps to which solutions can be developed through additional scientific research; and
• Long-term cybersecurity research challenges which may need significant additional basic research.

Public Participation

Personnel wishing to participate in the workshop need to register in advance via the FDA’s workshop registration page. Unfortunately, as of 8:20 am EDT today that page does not show this planned workshop even though the notice states that early registration is recommended due to limited seating.

The FDA is also soliciting written comments on the above topics. Written comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # FDA-2017-N-1572). Those comments should be submitted by June 23rd, 2017.

Please note that the Federal Register notice specifically states that the workshop is not designed to discuss FDA policy regarding cybersecurity of medical devices.

No comments:

/* Use this with templates/template-twocol.html */