FDA has released a final guidance document that clarifies the agency’s recommendations for recommendations of how medical device companies should management postmarket cybersecurity vulnerabilities. The guidance, Postmarket Management of Cybersecurity in Medical Devices, establishes a risk-based framework for evaluating when changes to devices for cybersecurity vulnerabilities require reporting to the FDA and outlines the instances in which the agency will not enforce reporting requirements under 21 CFR part 806.
Don’t miss the Medical Device Cybersecurity conference | March 23-24, 2017 | Attend in Washington, D.C. or virtually | LEARN MORE
FDA points out that the recommendations it has made in the final guidance apply to legacy devices (products already on the market or in use), devices that are part of an interoperable system, and devices that contain software, programmable logic or software that is a medical device (including mobile medical applications).
The agency also commented on the guidance in an FDA Voice blog written by Suzanne Schwartz, M.D., associate director for science and strategic partnerships at CDRH. FDA is hosting a webinar on January 12 to discuss the guidance and answer questions from attendees.
Read the article by Battelle’s Stephanie Domas: Commodity Malware: What Medical Device Manufacturers Should Know |