FDA Recommendations on Medical-Device Cybersecurity
The FDA has issued a report giving medical devices guidance on computer and network security. There’s nothing particularly new or interesting; it reads like standard security advice: write secure software, patch bugs, and so on.
Note that these are “non-binding recommendations,” so I’m really not sure why they bothered.
EDITED TO ADD (1/13): Why they bothered.
Frank Scavo • January 9, 2017 4:38 PM
It is for legal reasons. In FDA parlance, “non-binding recommendations” is to differentiate them from regulations that are promulgated and, in fact, are binding on organizations regulated by FDA. Interestingly, when FDA issues industry guidance, FDA itself is not bound to follow its own guidance.