Medical device cybersecurity provider Medcrypt announces the launch of FDA Cybersecurity Readiness Services. The solution allows medical device manufacturers (MDMs) to navigate the U.S. Food and Drug Administration’s (FDA) Refuse to Accept (RTA) policy as well as the new Section 524B requirements stemming from the Consolidated Appropriations Act, 2023.

The RTA policy evaluates the acceptability of medical device submissions, focusing on crucial elements, including cybersecurity, and may result in refusal if requirements from the amendment of the Food, Drug, and Cosmetic Act (FD&C Act) are not met. Medcrypt’s comprehensive services also prioritize the FDA’s eSTAR, a now mandatory FDA program that guides manufacturers in documenting and describing to the FDA their cybersecurity efforts for all 510(k) submissions, unless exempted. Both initiatives were issued by the FDA with an effective date of Oct. 1, 2023.

Medcrypt’s FDA Cybersecurity Readiness Services streamline MDMs’ FDA journey, catering to those preparing, submitting, or already encountering issues:

  1. FDA Cybersecurity Filing Readiness Survey: This free assessment for MDMs helps gauge submission readiness with survey questions aligned with the FDA guidance, including RTA/eSTAR and provides valuable insights into the risks to acceptance.
  2. FDA Cybersecurity Filing Remediation: For MDMs who do not pass the FDA Filing Readiness Survey or have received an FDA refusal, Medcrypt’s experts can help identify gaps and create a prioritized plan to rectify issues, ensuring the submission becomes acceptable.
  3. FDA Cybersecurity Submission Readiness: Aimed at MDMs with submissions either already under FDA review or planned for the near future, this service offers a comprehensive review using Medcrypt’s unique framework to ensure cybersecurity compliance.
  4. Hold Letter Cybersecurity Response: In the event of an FDA hold letter, Medcrypt provides immediate guidance to navigate the response process effectively.

“We developed the FDA Cybersecurity Readiness Services to address the growing demand from medical device manufacturers seeking guidance through the complex and evolving submission process,” says Naomi Schwartz, senior director of quality and safety at Medcrypt. “Our goal is to equip MDMs with comprehensive insights into cybersecurity gaps, enabling them to prioritize and manage these gaps efficiently.”

For MDMs, these services are designed to streamline the submission process, saving time and fostering confidence in meeting FDA requirements. Regulators also benefit from better-organized submissions, adhering to guidance and providing contextualized cybersecurity design and validation details as expected by the FDA.

Medcrypt’s primary objective is to support MDMs facing new submissions under cybersecurity draft guidance and needing to comply with the amendment to the FD&C Act (Section 524B). In addition to assessing the pivotal role of FDA Cybersecurity Readiness Services, Medcrypt’s supporting product portfolio includes additional innovative products that address vulnerability management, network encryption, and cryptography.

“Our program is led by experts who have previously held cybersecurity roles at the FDA, worked in medical device manufacturing, or comparable industries,” says Seth Carmody, vice president of regulatory strategy at Medcrypt. “This expertise ensures that our services meet the highest standards and help our customers successfully navigate the FDA’s stringent requirements.”

Photo 267733180 © Yuri Arcurs |