(CNN)The US Food and Drug Administration is not doing enough to prevent medical devices such as pacemakers and insulin pumps from being hacked, a report from the US Department of Health and Human Services' Office of the Inspector General said Thursday.
FDA isn't doing enough to prevent medical device hacking, HHS report says
"FDA had plans and processes for addressing certain medical device problems in the postmarket phase, but its plans and processes were deficient for addressing medical device cybersecurity compromises," the report says.
The report came after the inspector general's office identified cybersecurity in medical devices as one of the top management problems for Health and Human Services. The FDA is the division responsible for the safety of these devices.
The report says policies did not adequately address medical device cybersecurity problems, the FDA had not sufficiently tested its ability to respond to emergencies, and it did not have written standard operating procedures.
According to the report, the FDA had not adequately assessed the risk that cybersecurity in medical devices can pose, which is what led to these weaknesses.
"We did not identify evidence that FDA mismanaged or responded untimely to a reported medical device cybersecurity event," the report notes. However, "existing policies and procedures did not include effective practices for responding to those events."
The report recommended that the FDA continually assess and update its plans and strategies on medical device cybersecurity risks, establish written procedures and practices to share information about cybersecurity events with key stakeholders such as clinicians, ensure that a procedure for the recall of vulnerable devices is established and maintained, and make agreements with federal partners to further the cybersecurity mission.
In April, the FDA put out a Medical Device Action Plan that outlined its plans to protect the safety of medical devices.
"FDA has taken steps to promote a multi-stakeholder, multi-faceted approach of vigilance, responsiveness, recove