The FDA issued the final guidance Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.
This guidance provides recommendations on medical device cybersecurity considerations and what information to include in premarket submissions. The guidance replaces the FDA’s guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, issued on Oct. 2, 2014.
The recommendations are intended to promote consistency, facilitate efficient premarket review, and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.
The increased integration of wireless devices, electronic exchange of medical device-related information, and cybersecurity vulnerabilities and incidents, highlight the importance of having stronger cybersecurity measures.
In the guidance document, the FDA explains its reason for updating guidance stating, “Cybersecurity threats to the healthcare sector have become more frequent and more severe, carrying increased potential for clinical impact. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the U.S. and globally. Such cyber attacks and exploits may lead to patient harm as a result of clinical hazards, such as delay in diagnoses and/or treatment.”
On November 2, the FDA will host a webinar for industry and other stakeholders interested in learning more about this guidance.