U.S. flag An official website of the United States government

On Oct. 1, 2024, the FDA began implementing a reorganization impacting many parts of the agency. We are in the process of updating FDA.gov content to reflect these changes.

  1. Home
  2. About FDA
  3. FDA Organization
  4. Center for Devices and Radiological Health
  5. Division of Patient-Centered Development
  6. Best Practices for Communicating Cybersecurity Vulnerabilities to Patients
  1. Division of Patient-Centered Development

Best Practices for Communicating Cybersecurity Vulnerabilities to Patients

 

The U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH) developed Best Practices for Communicating Cybersecurity Vulnerabilities to Patients to provide helpful information to consider when communicating with patients and caregivers about cybersecurity vulnerabilities. This document is not guidance and does not create or convey any policies on regulatory matters or any regulatory expectations.

About the Paper

Best Practices for Communicating Cybersecurity Vulnerabilities to Patients outlines information for the FDA, federal partners, and industry stakeholders to consider to help thoughtfully inform patients and the public about cybersecurity vulnerabilities. 

The paper includes the following best practices for communications:

  • Make the content easy for people to read and understand, including how to:

    • Keep it timely
    • Keep it relevant
    • Keep it simple
    • Keep it readable for diverse audiences 
  • Discuss risks and benefits

  • Acknowledge and explain the unknown

  • Make it easy for patients to find and use, including:

    • Make communications easy to find in online searches

    • Make communications easy to view on mobile devices 

This paper also includes best practices shared during the Patient Engagement Advisory Committee (PEAC) meeting held on September 10, 2019 on vulnerabilities cybersecurity in medical devices.

 

Back to Top