Sterling Medical Devices & RBC Medical Innovations have combined to form Vantage MedTech! Learn More

FDA’s New Guidance for Cybersecurity in Medical Devices: What it Means for You

Author: Ashish Salunkhe | October 17, 2023

Medical professional on laptop and phone with cybersecurity graphic.

In September 2023, the FDA finalized its medical device cybersecurity guidance for premarket submissions. The updated document, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submission,” details the information that must be submitted to the Center for Devices and Radiological Health (CDRH) or the Center for Biologics Evaluation and Research (CBER) for the premarket evaluation of products that involve cybersecurity risks. The guidance is applicable to any device or piece of software that can connect to the internet and is susceptible to cybersecurity threats, including but not limited to devices containing software or programmable logic.

Designed to keep patients safe and improve public health protection, the FDA cybersecurity requirements document includes pre-market guidance, as well as guidance related to monitoring, identifying, and addressing cybersecurity vulnerabilities in medical devices once they are on the market.

Specifically, the updated FDA cybersecurity guidance addresses the following submission types:

  • 510(k) premarket notifications
  • De Novo requests
  • Premarket Approval (PMA) applications or PMA supplements
  • Product Development Protocols (PDP)
  • Investigational Device Exemptions (IDE)
  • Humanitarian Device Exemptions (HDE)
  • Biologics License Applications (BLA)
  • Investigational New Drug submissions (IND)

In the updated cybersecurity requirements, the FDA included recommendations related to comprehensive medical device cybersecurity risk management, continuous improvement throughout the total product life cycle, and incentivize changing marketed and distributed medical devices to reduce risk.

The FDA continues to make efforts to safeguard the safety and efficacy of medical devices at all points in their lifecycle in the face of possible cyber risks by collaborating with business and other federal government entities.

Cybersecurity is more important than ever in the medical device industry. As the FDA continues to make efforts to safeguard the safety and efficacy of medical devices to combat the growing attack surface, it is imperative that you maintain compliance across all points in your products’ lifecycle.

Here are some best practices to  guide this process:

  • Assess the impact [impact of what?] on the device’s functionality, the impact to the patients, the likelihood of the threat, and the device’s vulnerability to a breach
  • Determine the risk levels, and understand different mitigation strategies for medical device cybersecurity risks
  • Establish a medical device cybersecurity management approach that identifies assets and threats and examines corner cases.
  • Identify and eliminate any elements that could threaten the medical device’s cybersecurity, create vulnerabilities, or present other potential risks associated with each individual medical device

Though the above can seem daunting and overwhelming, it doesn’t have to be. With advanced expertise across the regulatory landscape, Sterling can help you complete the necessary steps to ensure your device meets all FDA cybersecurity requirements—all while keeping the design and development process moving forward without disruption.For more information about how to complete a medical device cybersecurity risk assessment, details about the FDA premarket submission cybersecurity guidelines, help ensuring your FDA premarket submission meets cybersecurity requirements, or guidance on how to protect your device from cyber threats, contact us here.

Share

Contact Us

  • This field is for validation purposes and should be left unchanged.

Resources

March 29, 2021

What Is Polarion?

Learn more about our tool that streamlines product development in a compliance-based...
Watch Now >
View More Videos
Professional on computer reviewing ISO documents.

October 18, 2023

What’s New in ISO 10993-17:2023?

In early September, the International Organization for Standardization (ISO) released new ISO standards for medical devices: the ISO 10993-17:2023 (en) Biological Evaluation of Medical...
Read More >
View More Articles

April 19, 2023

Requirements Management and Cybersecurity Webinar

Do you struggle with managing requirements for your products? Are you concerned about cybersecurity and the potential impact of software...
Read More >
View More Download Tools

Sign up for regular updates and resources

This field is for validation purposes and should be left unchanged.

Dan Sterling Photo of Dan Sterling President
250 Moonachie Rd., Suite 400 Moonachie, NJ 07074
201-227-7569 dan@sterlingmedicaldevices.com
John Campbell Photo of John Campbell VP of Operations
250 Moonachie Rd., Suite 400 Moonachie, NJ 07074
201-227-7569 jc@sterlingplm.com
John Fargo Photo of DanJohn Fargo PLM Manager
250 Moonachie Rd., Suite 400 Moonachie, NJ 07074
201-227-7569 jf@sterlingplm.com