In September, the U.S. Food and Drug Administration issued request for comments on collaborative approaches for medical device and healthcare cybersecurity.
In comments responding to the issued report, the American Hospital Association proposes medical device manufacturers should be held accountable for the cybersecurity of their own medical devices.
"Medical devices have been identified as key vulnerabilities and high-risk areas for the security of hospitals' overall information systems," the letter reads. "The [healthcare and public health] sector cannot successfully protect against cyber risk unless all parts of the sector actively mange risk. Therefore, medical device security must be seen as both an issue to address on its own and as a component part of the overall landscape."
The AHA suggests medical device manufacturers hold the obligation to safeguard patient data confidentiality and maintain data integrity for new devices and devices already in use. "The scope will continue to grow as innovation leads to new types of devices, potentially including those connected to mobile platforms," reads the letter.
More articles on cybersecurity:
University at Albany home to new cybersecurity, data breach research library
VA fails cybersecurity audit 16 years in a row
The role of contractors, hackers and regulators in cybersecurity