Join us in September as we will be at the IAPP Privacy. Security. Risk. 2019 conference in Las Vegas discussing the CCPA, the GDPR, and traits of effective privacy and security professionals. We will also be exploring the latest thinking on key privacy and cybersecurity topics as well as cybersecurity as it relates to medical devices and patients, and more. We hope you can join us.
Please join us for our June 2016 Privacy and Cybersecurity Events.
The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration, Department of Health and Human Services, and the Department of Homeland Security. The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices.
Three weeks after the FTC’s seminar on Consumer Generated and Controlled Health Data, the French data protection authority, the CNIL, held its own workshop on connected health and wellness devices. This blog post summarizes the results of the CNIL workshop.
Drawing on the increasing use of wireless, Internet- and network-connected medical devices, the Food and Drug Administration issued a draft guidance document for comment on June 14, 2013, proposing that manufacturers of medical devices that contain software, firmware, or programmable logic, address cybersecurity risks in premarket submissions. The draft guidance represents the Agency’s most direct and recent effort to address the potential risks of compromised medical device functionality due to intentional or unintentional cyber-attacks. In conjunction with the draft guidance, FDA issued a safety communication on its website addressing not only medical device manufacturers, but hospitals, medical device user facilities, and health care IT and procurement staff, recommending that these facilities also take steps to ensure that safeguards are place to reduce the risks of medical device failures resulting from cybersecurity breaches, and report such failures.