Medical device developers should standardize a certain level of cybersecurity protections for their products, according to Daniel Bardenstein, a technology strategist at the Cybersecurity and Infrastructure Security Agency.

The FDA’s current approach to cybersecurity standards is to provide “nonbinding recommendations” in guidance to device makers, Bardenstein says.

But he says that results in inconsistency among manufacturers and add that his medical device suggestions come from his research as a fellow at the Aspen Tech Policy Hub, a technology policy incubator organization, and not from his work at CISA.

“In order for a medical device to be approved by the FDA, it would at a minimum have certain common sense cybersecurity protections,” Bardenstein says in an interview with Information Security Media Group.

Read the full article at Gov Info Security.