Managing the Cybersecurity Risks of the Medical Internet of Things

The cybersecurity ramifications of the Internet of Things (IoT) are perhaps nowhere more crucial—potentially a matter of life and death, in fact—than in the realm of medical devices. Until recent times, a potential hack of the data-sharing that is a hallmark of the IoT raised far more privacy concerns than actual health risks. However, as medical devices begin to evolve and make use of the connectivity of the IoT, this balance may change. For one example, think pacemakers, where a malicious glitch in a networked piece of equipment could have fatal consequences.

For medical device makers, this is obviously of paramount concern. How does one utilize the latest technological advances to make a product better while also minimizing liability for the vulnerabilities such technology carries alongside its potential?

The FDA is well aware of the pressing need of medical device makers for guidance in mitigating cybersecurity risks for their products. To that end, the agency has issued draft guidance setting forth recommendations for managing cybersecurity vulnerabilities.

In turn, colleagues Brian E. Finch, Kristi V. Kung and Caitlin Bloom Stulberg have released a client alert exploring the key takeaways found in the Draft Guidance for medical device manufacturers.

As with the Internet of Things itself, cybersecurity concerns continue to reach into all aspects of our lives, drawing in turn more and more manufacturers and entrepreneurs into new territory in terms of liability. The FDA’s latest guidance suggests that proactive risk assessment and, when a problem has occurred, prompt notification of the relevant parties will remain key components of any liability-lessening policies and procedures.