Endpoint Security , Internet of Things Security , Standards, Regulations & Compliance

Securing Lives: FDA's Latest Push for Safer Medical Devices

FDA's Aftin Ross on Secure-by-Design Approaches and Manufacturer Compliance
Aftin Ross, deputy director, Office of Readiness and Response, Center for Devices and Radiological Health, FDA

The increase in ransomware incidents affecting hospitals and the potential patient harm from medical device vulnerabilities has prompted the FDA to release major regulatory updates, said Aftin Ross, deputy director of the Office of Readiness and Response at the FDA's Center for Devices and Radiological Health. These updates extend the agency's ability to ensure the safety and effectiveness of medical device cybersecurity.

See Also: Frost Radar™ on Healthcare IoT Security in the United States

"We recognize that cybersecurity threats can have and do have patient safety impacts," Ross said. "Patients are at the center of what we do."

The agency's approach to medical device security includes pre-market guidance for manufacturers to develop secure devices and collaboration with the Office of Product Evaluation and Quality to review manufacturers' documentation.

Meeting the agency's expectations has become more challenging, but manufacturers are working closely with the FDA to comply with the regulations, Ross said. When the FDA finds deficiencies, "manufacturers are going back and addressing the issues brought forward in such a way that they are making their devices more secure by design."

In this interview with Information Security Media Group at the 2024 Healthcare Cybersecurity Summit, Ross also discussed:

  • FDA's involvement in the International Medical Device Regulators Forum to harmonize best practices for cybersecurity internationally;
  • Advice for medical device manufacturers, healthcare organizations and users;
  • Emerging trends and challenges in the medical device cybersecurity landscape.

Ross provides strategic leadership on critical initiatives related to medical device cybersecurity, public health emergency preparedness, and the development of standards that enhance the safety and efficacy of medical devices.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.