The International Medical Device Regulators Forum (IMDRF) has drafted a proposed guidance that seeks to protect legacy medical devices from cyberattacks, and provides more nuanced definitions of the devices and what the protections entail.

Communication between manufacturers and healthcare providers is key to ensuring patients with legacy medical devices are kept safe according to proposed cybersecurity guidance from the International Medical Device Regulators Forum (IMDRF). The draft is the result of feedback from a 2020 guidance that stakeholders said did not sufficiently address legacy products.
The draft guidance, published 4 May, outlines what is considered a legacy device, and how stakeholders can keep them safe from cybersecurity threats. The guidance follows the 2020 IMDRF document, which included a framework for legacy devices, but was intended to broadly outline how medical devices in general can be designed and maintained.
Aftin Ross, senior special advisor for emerging initiatives at the US Food and Drug Administration (FDA), told Regulatory Focus, after the 2020 guidance was published, stakeholders asked for more details on legacy products.

Read the full article at Regulatory Affairs Professionals Society.