Best Practices for Communicating Cybersecurity Vulnerabilities to Patients
The U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH) developed Best Practices for Communicating Cybersecurity Vulnerabilities to Patients to provide helpful information to consider when communicating with patients and caregivers about cybersecurity vulnerabilities. This document is not guidance and does not create or convey any policies on regulatory matters or any regulatory expectations.
About the Paper
Best Practices for Communicating Cybersecurity Vulnerabilities to Patients outlines information for the FDA, federal partners, and industry stakeholders to consider to help thoughtfully inform patients and the public about cybersecurity vulnerabilities.
The paper includes the following best practices for communications:
-
Make the content easy for people to read and understand, including how to:
- Keep it timely
- Keep it relevant
- Keep it simple
- Keep it readable for diverse audiences
-
Discuss risks and benefits
-
Acknowledge and explain the unknown
-
Make it easy for patients to find and use, including:
-
Make communications easy to find in online searches
-
Make communications easy to view on mobile devices
-
This paper also includes best practices shared during the Patient Engagement Advisory Committee (PEAC) meeting held on September 10, 2019 on vulnerabilities cybersecurity in medical devices.