As researchers continue to find security flaws in medical devices and threat actors continue to target the healthcare sector, the U.S. Food & Drug Administration (FDA) is pushing for medical devices to have mandatory built-in update mechanisms.
The administration Tuesday released its Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health report to outline how the FDA can enhance programs and processes to assure the safety of medical devices.
In the report, the FDA asks Congress for funding and regulatory powers to improve its approach toward medical device safety on the cybersecurity front by enacting a plan to address unmet needs.
The plan focuses on establishing a medical device patient safety net, exploring regulatory options to streamline and modernize timely implementation of postmarket mitigations, spur innovation towards safer medical devices, advance medical device cybersecurity, and integrate CDRH’s premarket and postmarket offices and activities to advance the use of a Total Product Life Cycle (TPLC) approach to device safety, according to the April 17 press release.
“To facilitate this approach, CDRH is evaluating a potential structural design of one large office comprised of seven smaller device-specific offices that would each be responsible for premarket review, postmarket surveillance, manufacturing and device quality, and enforcement,” the report said. “The design also would include a new office that would be dedicated to clinical evidence and analysis, under which teams would be focused on clinical evidence policy, evidence synthesis and analysis, biostatistics, bioresearch compliance, and collaboration with and outreach to clinical researchers outside of FDA.”