As cyber security risks continue to grow, a number of industries are starting to take steps to ensure secured protection of products. Health Care has always been an area of concern given the sensitive nature of the data that is transferred and stored among doctor’s offices, hospitals, and insurance carriers. Recently, the Food and Drug Administrations’s (FDA) released an announcement on new proposed guidance to help secure and protect information from medical devices. This “draft guidance details the agency’s recommendations for monitoring, identifying and addressing cybersecurity vulnerabilities in medical devices once they have entered the market. The draft guidance is part of the FDA’s ongoing efforts to ensure the safety and effectiveness of medical devices, at all stages in their lifecycle, in the face of potential cyber threats.”
The announcement continues, stressing not only the importance of the manufacturing and engineering processes of these devices, but also the necessity for continued maintenance on security updates to adapt to the evolving threats that could put sensitive personal data at risk. Part of the guidance outlines potential areas of concern and ways to prevent such attacks – including the incorporation of NIST approved frameworks on protecting critical infrastructure.
As these guidelines continue to shift and changes the rationale behind additional certifications such as Common Criteria could be applied. The idea is not unprecedented, as many industries have started to look to Common Criteria as a potential certification mandate for products protection sensitive and encrypted data.
Stay up to date on more information about Medical Devices and how Security Certifications could impact product development.