Despite progress in improving medical device safety, many myths and misunderstandings about medical device security continue to persist, says Dr. Suzanne Schwartz of the FDA.
"We have seen a fair amount of progress that has been very encouraging," Schwartz says in an interview with Information Security Media Group. "With regard to manufacturers ... we've seen great progress in being more forward-leaning in adopting what we call coordinated disclosure, establishing policies and processes within their firms so they can be best prepared to receive information around medical device vulnerabilities ... work internally and with partners to assess that information and then appropriately communicate around the vulnerability as well as the mitigation in order to reduce the potential for risk to patients."
But Schwartz, who will discuss device security at ISMG's Healthcare Security Summit, to be held Nov. 14-15 in New York, is concerned that there's still a lot of confusion around patching and updating devices that need security enhancements.
"There is this notion that manufacturers need to come back to FDA each and every time they want to do an update, or a fix, or patch to that device in order for it to be re-certified," she says. "That's an important myth to dispel."
Another myth, she says, is that it's voluntary for manufacturers to follow the FDA's guidelines. She stresses that following the guidance is, indeed, mandatory.
In this interview (see audio link below photo), Schwartz discusses:
- How the FDA's guidance is continuing evolving;
- Confusion among manufacturers on working with the FDA on device updates;
- What she expects for future guidance from the FDA on devices.
Dr. Schwartz is the associate director for science and strategic partnerships at the FDA's Center for Devices and Radiological Health. Before joining the FDA, Schwartz served on the general surgical faculty at the Weill Cornell Medical Center in New York.