In late January, the U.S. FDA commemorated the reopening of the government by hosting a two-day public workshop on medical device cybersecurity. The workshop was designed to bring together industry stakeholders to discuss the October 2018 draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” and the draft guidance sub-topic regarding a Cybersecurity Bill of Materials (CBOM)—which, FDA officials say, can help identify assets, threats, and vulnerabilities.
Identifying cyber-threats is an important move, according to the FDA, since cyber breaches have disrupted the delivery of patient care throughout the world by rendering medical devices and hospital networks unusable. And delaying medical diagnoses and/or treatments can directly lead to patient harm.
In a statement, the agency said: “Although the FDA issued guidance addressing recommendations for device cybersecurity information in premarket submissions in 2014, the rapidly evolving landscape, and the increased understanding of the threats and their potential mitigations necessitates an updated approach.”
Further, the most recent draft guidance is “intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk.” Such recommendations, the FDA says, can streamline the premarket review process and protect marketed medical devices from cyber-threats.
Industry stakeholders can comment on the “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” draft guidance until March 18.