FDA Guidance On Medical Device Cybersecurity: Too Little Too Late?

Chris Petersen | Forbes | October 3, 2014

The Food and Drug Administration (FDA) has taken an important step forward in better protecting patients and their data with the release of new guidelines on managing cybersecurity risks of medical devices this week. Despite being a step in the right direction, it unfortunately comes late.

Today’s cyber adversary can easily bypass perimeter defenses and quickly find a foothold in almost any network, even those applying “bank grade” security. Healthcare networks are usually not bank grade, and provide a target rich environment once an attacker is in.

Healthcare networks typically consist of thousands of Internet Protocol (IP) enabled medical delivery and information systems. These systems span from backend data processing systems to devices directly delivering patient care – whether that be delivering medicine via an infusion system or delivering full life support...