U.S. Rep. Susan Brooks (R-IN) has led a bipartisan inquiry into steps being taken by the Food and Drug Administration to protect medical devices from cyberattacks, malware and unauthorized access.
Brooks and U.S. Rep. Diana DeGette (D-CO), both members of the House Energy and Commerce Committee, sought information about medical device vulnerabilities in letters to FDA Commissioner Robert Califf and Center for Devices and Radiological Health Director Jeffrey Shuren.
“We applaud FDA and other stakeholders for the steps that have already been taken to protect patients against potential emerging threats,” the congresswomen wrote.
“Nevertheless, we have also seen recent headlines about the potential for unauthorized access in insulin pumps and implantable cardiac devices, among others. As technology will undoubtedly continue to evolve at a rapid pace, we must ensure that FDA is equipped with the appropriate cybersecurity expertise and resources to evaluate not only the current risks to new medical devices, but also how new threats affect the medical devices already in use,” the letter said.
There are 10 to 15 million medical devices in circulation today that are susceptible to cyber attacks, the senators said, and existing devices that are 10 years old or more might not be designed to handle today’s cyberthreats.
Specifically, the congresswomen requested information about how the FDA works with medical device manufacturers, ensures known vulnerabilities are mitigated, secures network infrastructures and collaborates with outside agencies.
The lawmakers noted that individual medical devices could serve as a gateway to criminals launching cyberattacks against health care providers, potentially threatening entire health systems.