FDA Releases Cybersecurity Guidance for Medical Devices

Tuesday, November 13, 2018

The US Food and Drug Administration has released draft guidance for internet- and network-connected medical devices in response to cybersecurity concerns. The new guidance updates previous guidelines titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” published in 2014.

“This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk,” the guidance states. “These recommendations can facilitate efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.”

Cybersecurity experts have warned the industry in the past that these medical devices, such as infusion pumps and pacemakers, are vulnerable to cyberattacks—as are portable media devices like CDs and USB drives.

The new guidance covers:

Remarket notifications (510(k))
De novo requests
Premarket approval applications
Product development protocols
Humanitarian device exemption (HDE) applications

Click here to read the new guidance.

[author] [author_image timthumb='on']/Portals/0/uploads/content_hub/Mary-Butler-Portrait.jpg[/author_image] [author_info]Mary Butler is the associate editor at Journal of AHIMA.[/author_info] [/author]

Tags: cybersecurity