On December 5th the U.S. Food and Drug Administration (FDA) published a blood cybersecurity resiliency communication for blood establishments to serve as, “a resource for strengthening their cybersecurity practices in order to prevent and mitigate cybersecurity incidents that could affect the availability and safety of blood and blood components for transfusion or further manufacture.”
The blood cybersecurity resiliency FDA communication encourages blood establishments and transfusion services, “to identify possible shortcomings of their current disaster plans and implement and strengthen measures for cybersecurity resiliency to protect their data, ensure continuity of operations, and maintain a safe and adequate blood supply for patients.”
Considerations from the blood cybersecurity resiliency FDA communication agency for the blood community included:
- “blood establishments must establish, maintain, and follow standard operating procedures (SOPs) for all steps in the collection, processing, compatibility testing, storage, and distribution of blood and blood components for allogeneic transfusion, autologous transfusion, and further manufacturing purposes;
- blood establishments must report to FDA when there is an interruption in manufacturing likely to result in a significant disruption in supply in accordance with 21 CFR 600.82;
- in the event of a cybersecurity incident, blood establishments must continue to maintain records for the performance of each significant step in the collection, processing, compatibility testing, storage, and distribution of each unit of blood and blood components;
- blood establishments that cannot follow their standard operating procedures during a cybersecurity incident should request a meeting with the Office of Blood Research and Review (OBRR) through the Regulatory Project Manager; [and]
- Blood establishments with general questions can contact OBRR at CBEROBRRBPBInquiries@fda.hhs.gov.”
With the America’s Blood Centers (ABC) Policy Council working to finalize the 2025 ABC Advocacy Agenda, ABC encourages member blood centers to please share feedback, for potential inclusion as an advocacy priority, explaining how the federal government can support blood centers in strengthening information technology (IT) systems to avoid cyberattacks.