FDA has taken these potential threats seriously, and according to FDA Commissioner Scott Gottlieb, the agency “has been working to stay a step ahead of these changing cybersecurity vulnerabilities, including engaging with external stakeholders.” FDA believes that, by taking proactive steps, it can help ensure that the health-care sector is well positioned to preemptively respond when cybersecurity vulnerabilities are identified in FDA-regulated products. In particular, FDA, through its Center for Devices and Radiological Health (CDRH), has taken a holistic, systematic approach to building its medical device cybersecurity program, as well as establishing a platform that emphasizes the importance of shared responsibility by the industry and other stakeholders. CRDH’s medical device cybersecurity program launched in 2013 with the establishment of a Cybersecurity Working Group, created to respond to concerns and actively address the need for innovative approaches and policies in medical device cybersecurity. Soon after, FDA began to focus on cybersecurity regulatory considerations, mostly in the form of recommendations for product developers and manufacturers at “each stage of a product’s life cycle.”

To read the full article, please visit bloomberglaw.com.