FDA issued a safety communication: Cybersecurity for Medical Devices and Hospital Networks. This notices is intended for hospitals, user facilities, health care IT and procurement staff and biomedical engineers.
It indicates FDA has become aware of vulnerabilties and incidents where medical devices have been affected by malware and timely security software updates have not been provided or installed. FDA is not aware of actual patient injuries.
This communication recommends a number of actions. The full text is at the link provided.