The FDA has announced the availability of the draft guidance entitled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The need for effective cybersecurity to ensure medical device functionality and safety has become more important with the increasing use of wireless, internet- and network-connected devices, portable media (e.g., USB or CD), and the frequent electronic exchange of medical device-related health information.
In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the U.S. and globally. Such cyberattacks and exploits can delay diagnoses and/or treatment and may lead to patient harm. As a result, ensuring medical device safety and effectiveness includes adequate medical device cybersecurity, as well as its security as part of the larger system.
This new guidance is intended to provide recommendations to the industry regarding cybersecurity device design, labeling, and the documentation the FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.
This draft guidance is not final, nor is it for implementation at this time. Submit either electronic or written comments on the draft guidance by July 7, 2022 to ensure the agency considers your comment on this draft guidance before it begins work on its final version.