FDA warns of risk to patient data

The Food and Drug Administration (FDA) is issuing new cybersecurity recommendations to help healthcare companies protect patient information that is stored on medical devices.

With the healthcare system moving patients' medical records online, this confidential information could be vulnerable to cyberattacks and security breaches that could compromise patient privacy, the FDA said.

"The need for effective cybersecurity to assure medical device functionality has become more important with the increasing use of wireless, Internet- and network-connected devices and the frequent electronic exchange of medical device-related health information," the FDA wrote Wednesday in guidance it posted in the Federal Register.


The new recommendations are intended to prevent hackers from accessing patient information through malware that is planted on network-connected computers, smartphones and tablets.

Healthcare companies will be encouraged to identify potential cybersecurity threats as they are manufacturing a medical device, and develop special controls to prevent that from happening.

"By carefully considering possible cybersecurity risks while designing medical devices, and having a plan to manage system or software updates, manufacturers can reduce the vulnerability in their medical devices," the FDA wrote.