FDA Releases Cybersecurity Guidance for Medical Devices

FDA Releases Cybersecurity Guidance for Medical Devices

The US Food and Drug Administration has released draft guidance for internet- and network-connected medical devices in response to cybersecurity concerns. The new guidance updates previous guidelines titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” published in 2014.

“This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk,” the guidance states. “These recommendations can facilitate efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.”

Cybersecurity experts have warned the industry in the past that these medical devices, such as infusion pumps and pacemakers, are vulnerable to cyberattacks—as are portable media devices like CDs and USB drives.

The new guidance covers:

  • Remarket notifications (510(k))
  • De novo requests
  • Premarket approval applications
  • Product development protocols
  • Humanitarian device exemption (HDE) applications

Click here to read the new guidance.

Mary Butler is the associate editor at Journal of AHIMA.