Cybersecurity

FDA is launching a sweeping data modernization plan in a bid to make its regulatory practices more efficient and to keep pace with rapid developments in biomedical technology and the use of real-world evidence.

The Government Accountability Project, a whistleblower protection group, has filed suit against HHS seeking a federal court order for documents and information related to a years-long dispute over the establishment, and then restructuring, of HHS' cybersecurity center.

Medical device industry lobby groups are asking FDA to make major changes to the draft premarket cybersecurity guidance it released in October, questioning the agency’s proposed two-tier risk system, Cybersecurity Bill of Materials and one-size-fits-all approach.

An FDA official on Tuesday (Jan. 29) told a group of stakeholders that legacy medical devices remain an “intractable challenge” for promoting cybersecurity in the medical device space, a view also held by agency chief Scott Gottlieb who, on the same day, stated that one of FDA’s most critical challenges lies in addressing safety risks posed by the devices.

HHS and the healthcare industry issued cybersecurity “best practices” that focus on baseline measures such as protecting emails, limiting system access and developing incident response plans -- based on a pre-testing process intended to assess the effectiveness of the security guidelines.

The American Hospital Association and a wide range of health care stakeholders urged congressional leaders to pass a key health security bill before the end of the lame-duck session, arguing that, without reauthorization from lawmakers, essential HHS emergency preparedness authorities will expire and gaps in federal response programs will remain unfilled.

HHS has rebranded its cybersecurity center to distinguish it in the department's efforts to defend the health care sector's information technology infrastructure, an HHS spokesperson told Inside Health Policy.

A key House health care committee suggested Tuesday that Congress bolster efforts by federal regulators to get medical device makers and other industries to ferret out cybersecurity vulnerabilities by offering a liability shield for independent cybersecurity researchers when vulnerabilities are reported, and by helping to distinguish between hacking and good-faith efforts to discover security lags.

An array of stakeholders voiced their support for the cross-industry role laid out in a set of sweeping cybersecurity initiatives unveiled by FDA Commissioner Scott Gottlieb this week, including new cybersecurity information sharing agreements, a playbook for hospitals to prepare for cybersecurity breaches and plans for an updated agency guidance document.