The Food and Drug Administration’s policies and procedures are not sufficient for effectively dealing with postmarket medical device cybersecurity events, an emerging risk to public health and the FDA’s mission.
That’s the finding of an audit by the Department of Health and Human Services’ Office of Inspector General.
The FDA regulates medical devices in two phases: premarket and postmarket. In the postmarket phase, after clearing or approving a medical device, the agency conducts oversight activities such as monitoring and investigating a medical device’s safety and effectiveness, and alerting the public when there are problems.