As concerns about cybersecurity become part of the everyday threat landscape, the U.S. Food and Drug Administration (FDA) is taking steps to help medical device manufacturers educate consumers about cybersecurity threats associated with connected devices.
The FDA’s “Best Practices for Communicating Cybersecurity Vulnerabilities to Patients” details four essential elements that device manufacturers can adopt to ensure that patients and caregivers are appropriately informed about specific and relevant cybersecurity threats that may affect public health. These elements include:
- Interpretability: Make it easy for people to read and understand;
- Discuss risks and benefits;
- Acknowledge and explain the unknown; and
- Availability and Findability: Make it easy for patients to find and use.
The FDA’s document also addresses issues related to the structure of communication materials, and outreach and distribution methods.
Issued by the FDA’s Center for Devices and Radiological Health (CDRH), the Best Practices document is largely based on findings and recommendations developed by the Patient Engagement Advisory Committee (PEAC) during meetings and consultations in 2019.