Inside Track
See more of the story

Following a new cybersecurity alert this week from Microsoft, the FDA’s Dr. Suzanne Schwartz is urging medical device manufacturers and hospitals to remain vigilant about protecting their electronic systems.

Schwartz, who is acting director of the U.S. Food and Drug Administration’s Office of Strategic Partnerships and Technology Innovation, said in an emailed statement that manufacturers and the hospitals who buy their wares both have roles to play in keeping electronic health tools secure.

“By carefully considering possible cybersecurity risks while designing medical devices, and having a plan to manage emerging cybersecurity risks, manufacturers can reduce cybersecurity risks posed to devices and patients. Health care delivery organizations should evaluate their network security and protect their hospital systems,” Schwartz said in a statement provided via email Thursday morning.

Schwartz has addressed the topic previously in a blog post. The FDA has also been criticized for its work in the area of health care cybersecurity.

Schwartz' comments came in response to questions about how the healthcare system should respond to an unusual move by Microsoft this week to issue a software patch for outdated versions of Windows. The patch was released after a serious security vulnerability was discovered that would allow malware attacks similar to 2017’s WannaCry global computer security incident.

The patch applies to older operating systems including Windows 7, Windows Server 2008, Windows XP and Windows 2003.

XP and 2003 are so old that they’re no longer actively supported by Microsoft. But they’re still used in health care in part because they’re often woven into the operation of large machines like MRI scanners that are expensive to replace and difficult to upgrade.

Read the full Star Tribune story about the Microsoft patch here.