An anonymous reader quotes a report from The Verge: The U.S. Food and Drug Administration released its recommendations for how medical device manufacturers should maintain the security of internet-connected devices, even after they've entered hospitals, patient homes, or patient bodies. Unsecured devices can allow hackers to tamper with how much medication is delivered by the device -- with potentially deadly results. First issued in draft form last January, this guidance is more than a year in the making. The 30-page document (PDF) encourages manufacturers to monitor their medical devices and associated software for bugs, and patch any problems that occur. But the recommendations are not legally enforceable -- so they're largely without teeth. The FDA issued an earlier set of recommendations in October 2014 (PDF), which recommended ways for manufacturers to build cybersecurity protections into medical devices as they're being designed and developed. Today's guidance focuses on how to maintain medical device cybersecurity after devices have left the factory. The guidelines lay out steps for recognizing and addressing ongoing vulnerabilities. And they recommend that manufacturers join together in an Information Sharing and Analysis Organization (ISAO) to share details about security risks and responses as they occur. Most patches and updates intended to address security vulnerabilities will be considered routine enhancements, which means manufacturers don't have to alert the FDA every time they issue one. That is, unless someone dies or is seriously harmed because of a bug -- then the manufacturer needs to report it. Dangerous bugs identified before they harm or kill anyone won't have to be reported to the FDA as long as the manufacturer tells customers and device users about the bug within 30 days, fixes it within 60 days, and shares information about the vulnerability with an ISAO.pdiv class="share_submission" style="position:relative;"
a class="slashpop" href="http://twitter.com/home?status=FDA+Releases+New+Cybersecurity+Guidelines+For+Medical+Devices%3A+http%3A%2F%2Fbit.ly%2F2hsA7Zy"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a
a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fscience.slashdot.org%2Fstory%2F16%2F12%2F28%2F0120218%2Ffda-releases-new-cybersecurity-guidelines-for-medical-devices%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a
a class="nobg" href="http://plus.google.com/share?url=https://science.slashdot.org/story/16/12/28/0120218/fda-releases-new-cybersecurity-guidelines-for-medical-devices?utm_source=slashdotamp;utm_medium=googleplus" onclick="javascript:window.open(this.href,'', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"img src="http://www.gstatic.com/images/icons/gplus-16.png" alt="Share on Google+"//a
/div/ppa href="https://science.slashdot.org/story/16/12/28/0120218/fda-releases-new-cybersecurity-guidelines-for-medical-devices?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./pimg src="http://feeds.feedburner.com/~r/Slashdot/slashdotScience/~4/tkSnFr3vJXY" height="1" width="1" alt=""/
