1 October 2018 - The threat of cyber attacks is no longer theoretical. Cyber criminals and adversaries can inflict significant harm on networks through relatively simple methods, like emails or bugs known as malware.

In recent years, we’ve witnessed the far-reaching and negative consequences of successful cyber campaigns on organizations. Victims include financial institutions, government agencies, and now health care systems. Even when medical devices are not being deliberately targeted, if these products are connected to a hospital network, such as radiologic imaging equipment, they may be impacted.

As the number of cyber attacks has increased, we’ve heard concerns about the potential for cyber criminals to attack patient medical devices. Cybersecurity researchers, often referred to as “white hat hackers” have identified device vulnerabilities in non-clinical, research-based settings. They’ve shown how bad actors could gain the capability to exploit these same weaknesses, thereby acquiring access and control of medical devices. The FDA isn’t aware of any reports of an unauthorised user exploiting a cybersecurity vulnerability in a medical device that is in use by a patient. But the risk of such an attack persists. And we understand that the threat of such an attack can cause alarm to patients who may have devices that are connected to a network. We want to assure patients and providers that the FDA is working hard to be prepared and responsive when medical device cyber vulnerabilities are identified.

Read FDA statement