FDA’s Draft Guidance Lays Out Recommendations for Medical Devices with Cybersecurity Risks

By MedTech Intelligence Staff
October 22, 2018


• Categories: 03-Manufacturing Execution, 04-Product Design & Development, 05-Quality/Regulatory

Save the Date: Medical Device Cybersecurity: Legacy Device Remediation, Compensating Controls & End of Life | May 7–8, 2019Last week FDA released a draft guidance with updates to the agency’s suggestions on what should be included in premarket submissions of devices that have cybersecurity risks. The document, titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”, provides technical recommendations on device design, labeling and documentation with the following purpose, according to an FDA release:

1. “Ensure better medical device protection against cybersecurity threats that could interrupt clinical operations and delay patient care; and
2. Allow for a more efficient premarket review process that would better ensure marketed medical devices are protected against cybersecurity vulnerabilities.”

The draft pertains to premarket submissions for devices that contain software, programmable logic and software that is considered a medical device. The following submissions fall under the guidance: 510(k)s, De Novo requests, PMAs, product development protocols and humanitarian device exemptions.

The draft is open for comments for 150 days after the date of October 18, 2018. Upon finalization of the guidance, it will supersede the original “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”, which was finalized on October 2, 2014.

FDA will be answering questions about the draft guidance during a public workshop that will be held January 29–30, 2018. Attendees will also be able to provide their own comments on the draft.