FDA unveils medical device cybersecurity guidance

The FDA’s Center for Devices and Radiological Health (CDRH) has issued its long-awaited final guidance on cybersecurity issues that manufacturers should consider when designing and developing medical devices and preparing for premarket submissions.

The need for effective cybersecurity to assure medical device functionality and safety has grown, especially as devices are increasingly connected to the internet and exchange health information, according to the agency.

“There is no such thing as a threat-proof medical device,” Suzanne Schwartz, MD, MBA, director of emergency preparedness/operations and medical countermeasures at CDRH, said in a statement. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.” 

The nine-page guidance, Content of Premarket Submission for Management of Cybersecurity in Medical Devices, applies to premarket medical device submissions received beginning on Oct. 1. It recommends that the following types of information are disclosed in a submission:

  • A justification of the security functions chosen for their medical devices;
  • A list of cybersecurity risks considered in the medical device’s design;
  • A matrix that traces those risks considered to the appropriate controls; and,
  • A systematic plan for providing patches and updates to operating systems or medical device software.

The FDA has scheduled a webinar on Oct. 29 to further explain the guidance. It also has scheduled a public workshop Oct. 21-22 to gain stakeholder feedback on medical device and healthcare cybersecurity. Learn more here.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.