iTnews

Therapeutic Goods Admin issues security guidance for medical devices

By Simon Sharwood on Jul 19, 2019 11:24AM
Therapeutic Goods Admin issues security guidance for medical devices

'Please do security right and see your doctor if pain persists' is the gist of it.

Australia’s Therapeutic Goods Administration (TGA) has published new guidelines for the security of medical devices and in vitro diagnostic (IVD) medical equipment.

Revealed on 18 July here, the new guidance comes in one version for Guidance for consumers, health professionals, small business operators and large scale service providers (pdf) and another for industry (pdf).

Neither go too far beyond generic advice, in part because legislation and regulations already offer more detailed advice.

The guidance for industry even points out that the “Essential Principles” it outlines “are not a prescriptive list of requirements for manufacturers to comply with and instead provide high level principles for flexibility according to the characteristics of the device.”

Device manufacturers are advised that they have a “responsibility to determine which essential principles are relevant and to demonstrate compliance with these.” And those principles are quite anodyne, as they call on manufacturers to make sure they design their products to take into account known security risks, maintain them well and make it hard for attacks to exploit them.

Guidance for users (pdf) gets a little meatier, as it addresses small and large businesses that deploy medical devices as part of their services.

Entities the TGA classes as “large-scale service providers” or those “responsible for implementing medical devices in critical health services” are advised to “develop a clear and well documented risk management strategy.”

That plan should include network security precautions such as “isolating networks from any untrusted network such as the internet, disabling any unused ports and services, only allowing real-time connectivity to external networks with a defined business requirement and using unidirectional networks with an air gap where possible.” Penetration testing and ensuring physical security of medical devices are also recommended.

The guidance to consumers is full of anodyne advice such as “Follow instructions when using your device” and “change from a password to a hard-to-guess passphrase.” It also asks consumers to actively consider the security implications of using medical devices by asking “either your doctor or the manufacturer of the medical device” questions such as “How can I tell if a device has been hacked or compromised and who should I talk to if this is suspected?”

iTnews imagines the average GP will have a lot of trouble answering that question, especially given that the universe of products the TGA considers includes smartphone apps, the OSes they run, devices themselves, diagnostic software and more.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
federalit health security therapeutic goods administration

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity
Building a ransomware remediation backup strategy
Building a ransomware remediation backup strategy

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Simon Sharwood
Jul 19 2019
11:24AM
0 Comments

Related Articles

  • WA health data published by teen to public-facing site
  • WA Health traces data leak to third-party pager service
  • Reserve Bank of NZ governor apologises for 'serious' data breach
  • Google unravels state-of-art Android and Windows exploit chains
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra pilots its first neurodiversity recruitment program

Telstra pilots its first neurodiversity recruitment program

Update Chrome or risk remote takeover, US govt warns

Update Chrome or risk remote takeover, US govt warns

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.