FedScoop reports that the Food and Drug Administration has been recommended by the Government Accountability Office to update its five-year-old medical device cybersecurity agreement with the Cybersecurity and Infrastructure Security Agency to better address cybersecurity vulnerabilities impacting heart monitors and other medical devices.
Even though the FDA has increased its hold over medical device cybersecurity following last year's legislation requiring vulnerability identification and remediation plans among medical device manufacturers, the agency has yet to determine additional cybersecurity authorities, according to the GAO.
"According to the Department of Health and Human Services (HHS), available data on cybersecurity incidents in hospitals do not show that medical device vulnerabilities have been common exploits. Nevertheless, HHS maintains that such devices are a source of cybersecurity concern warranting significant attention and can introduce threats to hospital cybersecurity," said the GAO.
GAO's recommendations were accepted by both FDA and CISA.
Endpoint/Device Security, Governance, Risk and Compliance
GAO: Updated FDA medical device cyber agreement needed
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds