FDA Drafts Cybersecurity Guidelines for Medical Equipment Manufacturers Dylan Duarte January 19, 2016 News Back in mid-2015, the US Food and Drug Administration issued a warning about the Hospira Symbiq Infusion System, an insulin pump that was vulnerable to cyberattacks. Now the FDA has drafted guidelines to be followed by those manufacturing medical equipment to avoid the vulnerabilities found in past devices. We live in an age where analog has given away to digital, and plenty of those digital devices are vulnerable to cyberattacks. What’s worse is that many of those devices have no security whatsoever in that regard. When you consider the amount of digital medical devices we use, then it becomes really scary, which is why the FDA is stepping in. The FDA wants manufacturers to not only be vigilant against cyberattacks, but also have a plan of disclosure in the event that a vulnerability is discovered, presumably so that the user may make an informed decision on how to proceed. In the case of the Hopira pump mentioned above, the security vulnerability was discovered two whole months before warnings were issued about it. The FDA guidelines do state that minor bugs can be discovered and patched without being reported, but anything that could result in severe health consequences must be, and those flaws must be patched and consumers notified with 30 days. Share This With The World!