Device manufacturers will no longer have to focus purely on product efficacy when seeking FDA approval; to further stress the need for digital safety and to encourage companies to incorporate cybersecurity features into their products, the FDA recently released guidelines outlining what concerns companies should address to ensure their wireless, internet-, and network-connected devices protect patient privacy. The FDA emphasizes the need for adequate cybersecurity measures particularly for medical devices that connect with other devices, media, or networks, given that these devices are more susceptible to infiltration. For example, Jerome Radcliffe explains how, with minimal resources, hackers can remotely tamper with insulin pumps, which could induce a temporary coma state or even death in the target. The FDA specifies, however, that cybersecurity features should not interfere with the usability of the device, particularly with devices designed for use in emergency scenarios. FDA recommendations range from user passwords, to data encryption, to restricting software updates to authenticated code.
Given other security concerns that have become prominent in the media, companies that are quick to incorporate the FDA's recommended cybersecurity measures may be able to win the confidence of concerned physicians and patients. This will be particularly true as the HITECH Act encourages more facilities to adopt medical devices that integrate and communicate with health care IT systems, leaving them more susceptible to security breaches.