Skip to main content
close search
site logo
Dive Brief

Grassley questions FDA about 'troubling' cybersecurity audit

Published Nov. 13, 2018
By
Contributor
Flickr user Gage Skidmore

Dive Brief:

  • Senate Judiciary Committee Chairman Chuck Grassley, R-Iowa, asked FDA last week if it has assessed what threats foreign governments or other entities pose to postmarket medical device cybersecurity.

  • The series of questions to FDA Commissioner Scott Gottlieb from the senior lawmaker were triggered by an HHS Office of Inspector General audit that found fault with the agency's cybersecurity policies and procedures. Grassley found the audit "particularly troubling" in light of the potential for foreign actors to harm patients and steal personal medical information by exploiting the cybersecurity weaknesses of medical devices.

  • Despite the OIG's findings, FDA argues its processes to evaluate threats to medical device cybersecurity at an enterprise level are sufficient. "FDA has built a multi-faceted regulatory program specifically dedicated to mitigating the risk of cybersecurity threats to medical devices, from their inception to obsolescence," FDA wrote in response to the OIG report.

Dive Insight:

FDA's regulation and oversight of postmarket medical device cybersecurity have been subject to intense scrutiny in recent weeks. At the start of the month, the HHS OIG posted an audit that found FDA ill equipped to respond to device-related cybersecurity emergencies, and in some cases lacked written standard operating procedures for recalling vulnerable products.

Those perceived failings brought FDA to the attention of Grassley, who is involved in congressional oversight of federal entities' efforts to protect the U.S. from cyber threats. Grassley is concerned the deficiencies identified in the audit leave the U.S. vulnerable to attacks.

"These revelations are particularly troubling because it is clear that foreign governments have focused on our governmental systems to leverage them for their benefit," Grassley wrote. "Medical devices could be exploited by those same foreign actors to not only interfere with normal device operation, which could cause harm to patients, but also to steal personal medical information."

In light of these concerns, Grassley asked Gottlieb whether FDA has assessed the threats posed by "foreign governments or other entities." If FDA has performed such an assessment, Grassley wants to know which governments or entities FDA has identified.

Grassley asks Gottlieb to respond to the letter by Nov. 23. One question the lawmaker asks is for a summary of the fixes FDA is implementing to address the audit recommendations. HHS tasked FDA with writing cybersecurity procedures for securely sharing sensitive information about cybersecurity attacks, partnering with federal agencies and taking other steps to strengthen U.S. defenses.

The lawmaker also asked Gottlieb to brief the staff of the Senate Judiciary Committee about FDA's activities.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
New Published Study Shows MedLite ID as Faster and Simpler Solution to Primary Medication Infu…
From Orion Innovations
November 20, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell