The FDA appoints the first chief cybersecurity officer for medical devices

• The FDA has appointed Kevin Foo, an associate professor at the University of Michigan, as the agency’s acting director of cybersecurity for the Agency for Radiation Health.

• The longtime security researcher and the attorney will serve as FDA Expert in Residence and Senior Director for Medical Computing Devices in the CDRH’s Strategic Partnerships and Technological Innovation Office. His responsibilities also include meeting with the Digital Health Competence Center, which was launched in September to better coordinate regulatory and policy approaches tailored to fast-growing technologies.

• Cybersecurity experts welcomed this appointment. Chris Gates, director of product safety at medical device company Velentium, said Fu could help the FDA make significant regulatory advances in 2021 with the release of the second draft guidance document. Pre-market cybersecurity and possibly a new draft release. -Cybersecurity Marketing Guide.

In 2018, the FDA released its Medical Safety Action Plan and drafted guidelines for cybersecurity considerations for pre-market performances. However, since then, the agency has made little progress on cyber regulation, especially over the past year, as the FDA’s medical device priorities have been disrupted by the COVID-19 pandemic.

To make matters worse, cyber experts say the chaos of the coronavirus-related public health crisis has created the perfect storm for hackers to exploit vulnerabilities in medical devices that are potentially easy for cybercriminals to attack Hospital networks.

However, cyber experts consider the name Fu as an indication that the FDA is the first leader in cybersecurity for medical devices, That the agency wants to make cybersecurity a priority in 2021.

Gates of Velentium described Fu as an academic who “achieved” cybersecurity while having an innate ability to easily convey complex computer topics to unskilled audiences.

Not only does he understand all aspects of cybersecurity for medical devices, but his expertise also encompasses both small devices in resource-constrained vehicles and PC-based devices.” Gates added.

With Fu’s appointment, Gates sees 2021 as a potentially important year for the FDA’s cybersecurity initiatives, which stalled during the pandemic last year.

Looking ahead, the New Year will be more of a fresh start as the center seeks to both manage coronavirus response-focused work and advance non-COVID-19 projects, said Jeff Shuren, director of CDRH, in December.

Suzanne Schwartz, director of CDRH’s office for strategic partnerships and technological innovation, said in a written statement Monday that Fu’s academic background and hands-on experience combined with the FDA’s “strong” regulatory approaches will be a resource. Powerful combo to advance device cybersecurity medicine with innovation and patient safety in a holistic way. 

With cyber experts and law enforcement agencies hoisting the red flag for security vulnerabilities in connected medical devices for years, Nick Yuran, CEO of cybersecurity consulting firm Harbor Labs, argues that while computing technologies and devices are becoming increasingly complex, they are critical to addressing them fix vulnerabilities.

“The emergence of this new position, the transfer of FDA representative Kevin Fu from the FDA, shows that regulators place great importance on the safety of medical devices,” Yuran said.