The Food and Drug Administration released a new
safety and availability communication on Thursday, providing blood establishments and transfusion services with updated guidance to strengthen cybersecurity practices. The considerations aim to prevent and mitigate incidents that could compromise the safety and availability of blood and blood components for transfusion or further manufacture.
The agency emphasized that recent cybersecurity incidents have disrupted health care systems and halted blood establishment operations, exposing vulnerabilities in the highly interconnected computer systems and networks used to ensure blood safety and availability. FDA warned that recovery from such incidents may take weeks or months, potentially interrupting critical manufacturing and distribution functions.
Additionally, FDA reminded blood establishments of existing regulatory requirements, such as maintaining detailed records (
21 CFR 606.160 [a]) and reporting significant disruptions to manufacturing (
21 CFR 600.82). Registered-only facilities are also encouraged to notify the FDA of interruptions caused by cybersecurity incidents to help mitigate broader impacts on the blood supply.
Blood establishments that cannot follow their standard operating procedures during a cybersecurity incident should
request a meeting with OBRR through the regulatory project manager.
AABB hosted a cybersecurity summit during the 2024 AABB Annual Meeting, focusing on how blood establishments and transfusion services can address emerging security threats. AABB will make the recording of this summit publicly available soon and encourages members to watch it to gain insights and prepare for evolving challenges in the field.
