FDA cybersecurity agreement on medical devices needs updating, watchdog finds | FedScoop<\/title> <meta name=\"description\" content=\"GAO report says FDA's pact with CISA on cybersecurity protocols for medical devices is five years old and needs to be updated.\"> <link rel=\"canonical\" href=\"https:\/\/fedscoop.com\/fda-cisa-medical-devices-cybersecurity-agreement-updated-gao\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"FDA cybersecurity agreement on medical devices needs updating, watchdog finds\"> <meta property=\"og:description\" content=\"GAO report says FDA's pact with CISA on cybersecurity protocols for medical devices is five years old and needs to be updated.\"> <meta property=\"og:url\" content=\"https:\/\/fedscoop.com\/fda-cisa-medical-devices-cybersecurity-agreement-updated-gao\/\"> <meta property=\"og:site_name\" content=\"FedScoop\"> <meta property=\"article:published_time\" content=\"2023-12-26T22:56:41+00:00\"> <meta property=\"article:modified_time\" content=\"2023-12-26T22:56:42+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1275\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Nihal Krishan\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@nihalkrishan\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Feed\" href=\"https:\/\/fedscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Comments Feed\" href=\"https:\/\/fedscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/fedscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1701905043g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/fedscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1701205643g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/fedscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1702656561g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/fedscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/fedscoop.com\/wp-json\/wp\/v2\/posts\/75405\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/fedscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.2\">\n<link rel=\"shortlink\" href=\"https:\/\/fedscoop.com\/?p=75405\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Ffda-cisa-medical-devices-cybersecurity-agreement-updated-gao%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Ffda-cisa-medical-devices-cybersecurity-agreement-updated-gao%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-75405 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/fedscoop.com\/fda-cisa-medical-devices-cybersecurity-agreement-updated-gao\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.665384615385\">\n<div class=\"single-article__header-content\" readability=\"30.575510204082\">\n<p> GAO report says FDA’s pact with CISA on cybersecurity protocols for medical devices is five years old and needs to be updated. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"640\" height=\"425\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds.jpg?resize=640%2C425&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=300,199 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=768,510 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=1024,680 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=1536,1020 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=600,398 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=253,168 253w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=507,337 507w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=1016,675 1016w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-2.jpg?resize=1269,843 1269w\" sizes=\"auto, (max-width: 1016px) 100vw, 1016px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"19.217398945518\"><body readability=\"40.87619526925\"><\/p>\n<p>Medical devices like heart monitors, which are under the purview of the Food and Drug Administration, have cybersecurity vulnerabilities that aren\u2019t frequently exploited but nevertheless pose risks to hospital networks and patients, according to a recent watchdog <a href=\"https:\/\/www.gao.gov\/products\/gao-24-106683\">report<\/a>. <\/p>\n<p>The Government Accountability Office highlighted that the FDA\u2019s medical device cybersecurity formal agreement is five years old and needs to be updated with the help of the Cybersecurity and Infrastructure Security Agency, a move that would improve agency coordination and clarify responsibilities. <\/p>\n<p>\u201cAccording to the Department of Health and Human Services (HHS), available data on cybersecurity incidents in hospitals do not show that medical device vulnerabilities have been common exploits,\u201d the GAO report stated. <\/p>\n<p>\u201cNevertheless, HHS maintains that such devices are a source of cybersecurity concern warranting significant attention and can introduce threats to hospital cybersecurity.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The GAO report found that the FDA\u2019s authority over medical device cybersecurity has increased in recent years. This is attributable to December 2022 legislation that mandated that medical device manufacturers submit to FDA their plans to identify and address cybersecurity vulnerabilities for any new medical device that were introduced to consumers starting in March 2023. <\/p>\n<p>The GAO report also noted that FDA officials are currently implementing new cybersecurity authorities from past legislation and have not yet identified the need for any additional authority. <\/p>\n<p>According to FDA guidance, if medical device manufacturers do not fix cyber vulnerabilities, the agency can find that the manufacturers have violated federal law and can be penalized through enforcement actions.<\/p>\n<p>The GAO report recommended that the FDA and CISA update their medical device cyber agreement to reflect organizational and procedural changes that have occurred. Both agencies agreed with the recommendations.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"5.1954492415403\">\n<div class=\"author-card\" readability=\"18\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds-1.jpg?w=640&ssl=1\" alt=\"Nihal Krishan\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Nihal Krishan<\/h4>\n<p> Nihal Krishan is a technology reporter for FedScoop. He came to the publication from The Washington Examiner where he was a Big Tech Reporter, and previously covered the tech industry at Mother Jones and Global Competition Review. In addition to tech policy, he has also covered national politics with a focus on the economy and campaign finance. His work has been published in the Boston Globe, USA TODAY, HuffPost, and the Arizona Republic, and he has appeared on NPR, SiriusXM, and PBS Arizona. Krishan is a graduate of Arizona State University\u2019s Walter Cronkite School for Journalism. You can reach him at nihal.krishan@fedscoop.com. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Acquisition<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to FedScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/fedscoop.com\/fda-cisa-medical-devices-cybersecurity-agreement-updated-gao\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FDA cybersecurity agreement on medical devices needs updating, watchdog finds<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78],"tags":[86],"class_list":["post-2295","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a>","tag_info":"Cybersecurity","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2295"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2295\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2295,"date":"2024-01-02T16:40:20","date_gmt":"2024-01-02T16:40:20","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78630"},"modified":"2024-01-02T16:40:20","modified_gmt":"2024-01-02T16:40:20","slug":"fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/01\/02\/fda-cybersecurity-agreement-on-medical-devices-needs-updating-watchdog-finds\/","title":{"rendered":"FDA cybersecurity agreement on medical devices needs updating, watchdog finds"},"content":{"rendered":"