As cyberattacks continue to become a bigger threat to the health care industry, with medical devices particularly vulnerable, the U.S. Food and Drug Administration (FDA) recently issued draft guidance to medical device manufacturers to help protect their products from such attacks.
The proposed guidance, released April 8, provides important updates to guidance first published by the FDA in 2018. Since that first guidance was published, cyberattack threats have “have become more frequent, more severe, and more clinically impactful,” the FDA states in its new guidance document. Titled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” the guidance:
- Outlines main recommendations for device makers to help ensure they address cybersecurity at each stage of a product’s life cycle
- Asks medical device makers to incorporate a vulnerability communication plan into their premarket submissions outlining who will be responsible for monitoring for, identifying, and correcting vulnerabilities and how such corrections will be rolled out and communicated to users
While not legally binding, according to G2 editor/writer, Glenn Demby, it’s likely this guidance will eventually acquire binding force, making it important for medical device makers to follow in order to receive and maintain FDA approval for their products. Stakeholders have until July 7, 2022 to submit comments to the FDA regarding the proposed guidance.
Learn more in the May 2022 issue of Diagnostic Testing & Emerging Technologies.