September 29, 2012

GAO on Medical Device Security

Here is the recommendation from the GAO study of FDA Should Expand Its Consideration of Information Security for Certain Types of Devices

Recommendation for Executive Action
Recommendation: To better ensure the safety and effectiveness of active implantable medical devices, the Secretary of Health and Human Services should direct the Commissioner of FDA to develop and implement a more comprehensive plan to assist the agency in enhancing its review and surveillance of medical devices as technology evolves, and that will incorporate the multiple aspects of information security. This plan should include, at a minimum, four actions, such as determining how FDA can (1) increase its focus on manufacturers' identification of potential unintentional and intentional threats, vulnerabilities, the resulting information security risks, and strategies to mitigate these risks during its PMA review process; (2) utilize available resources, including those from other entities, such as other federal agencies; (3) leverage its postmarket efforts to identify and investigate information security problems; and (4) establish specific milestones for completing this review and implementing these changes.


http://gao.gov/products/GAO-12-816