Endpoint Security , Internet of Things Security , Video

Legacy Medical Devices: Critical Cyber Risk Considerations

Jessica Wilkerson of the FDA on Managing Top Challenges
Jessica Wilkerson, senior cybersecurity adviser, FDA

Legacy medical devices continue to pose significant cyber challenges to many healthcare delivery organizations. A recent joint report by the Food and Drug Administration and MITRE Corp. emphasizes the importance of entities taking a consistent risk-based approach to managing these and other devices, said Jessica Wilkerson, senior cybersecurity adviser at the FDA.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

"The fact of the matter is: Legacy is not a simple issue. It's not just a matter of the equipment and the technologies are out of date, and therefore we should replace them," she said in an interview with Information Security Media Group.

"There are very real challenges with trying to replace legacy equipment, including health equity issues, financial issues," she said. So replacing a device that is still performing its clinical function safely and effectively doesn't make sense for many hospitals, she said.

"We commissioned this report because we need to keep the drumbeat up on this challenge and make sure that we are continuing to push in finding solutions," she said.

"When we think about legacy devices and the devices that we may be most concerned with, we do the same thing that we do with devices that aren't legacy - and take a very risk-affirmed approach," she said.

In the video interview, Wilkerson also discusses:

  • The importance of asset management and other risk considerations with legacy devices;
  • An update on the FDA's recently implemented "refuse to accept" policy for the cybersecurity of new medical device submissions;
  • Machine learning and AI cybersecurity concerns involving medical devices;
  • The FDA's plans to update certain medical device cybersecurity guidance in the new year.

Wilkerson is senior cyber policy adviser and medical device cybersecurity team lead with the All Hazards Readiness, Response, and Cybersecurity, or ARC, team in the Center for Devices and Radiological Health within the FDA. As part of ARC, she examines issues and develops policy related to the safety and effectiveness of connected medical devices.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.