Raising The Bar On Premarket Medical Device Cybersecurity – Govinfosecurity.com

Raising the Bar on Premarket Medical Device Cybersecurity – GovInfoSecurity.com

3rd Party Risk Management , Application Security , Business Continuity Management / Disaster Recovery
The Food and Drug Administration’s decision to incorporate “quality systems regulations” into its latest draft guidance for the cybersecurity of premarket medical devices is an important development in the scope of the agency’s security expectations for manufacturers, says Dr. Suzanne Schwartz of the FDA.
“We have stated over many years the importance of thinking about cybersecurity from beginning to end, all the way through a product’s use life,” she says in an interview with Information Security Media Group.
“And therefore that has to be considered under the umbrella of the quality systems considerations,” she says. “While we mentioned the quality systems regulations in our original [premarket medical device cybersecurity] guidance in 2014, it became clear to us as we further evolved … and the ecosystem matured more – that it becomes much more necessary to call out the QSR as something manufacturers need to be thinking about early, early on as they design their devices,” she says.
“This guidance does a kind of crosswalk for medical device manufacturers through the QSR as it relates to their premarket submission and what the [cybersecurity] expectations are of manufacturers.”
The FDA’s draft guidance issued on April 6, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” covers a wide range of cybersecurity device design, labeling and documentation issues that the FDA expects be addressed by manufacturers in their premarket submissions to the agency (see: FDA Document Details Cyber Expectations for Device Makers).
The new draft guidance, for which the FDA is accepting public comment until July 7, replaces earlier draft guidance that the FDA released in 2018. That 2018 draft guidance proposed updates to a final guidance that the FDA issued in 2014, which addressed premarket cybersecurity expectations at the time, the FDA says.
Once the new 2022 draft guidance is finalized, however, it will replace the FDA’s 2014 cybersecurity guidance for premarket medical devices, Schwartz says.
While FDA guidance materials are considered nonbinding, the latest draft document – once finalized – is meant to provide a road map for how medical device makers can accomplish requirements under the FDA’s QSR and patient safety regulations, and address cybersecurity considerations in their premarket submissions to the agency, according to Schwartz.
“The guidance provides what we believe is the road map for greatest efficiency for meeting FDA’s premarket medical cybersecurity expectations,” she says.
“Not adhering to the guidance on the premarket side will possibly raise additional questions that the [FDA] review teams [might] come back to [manufacturers] with that take a fair amount of back-and-forth, in terms of getting those questions answered.”
In the interview (see audio link below photo), Schwartz also discusses:
Schwartz is the director of the Office of Strategic Partnerships and Technology Innovation at the FDA’s Center for Devices and Radiological Health, or CDRH. Her work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and coalition-building within the healthcare and public health sector, as well as fostering collaborations across other government agencies and the private sector. She also chairs CDRH’s cybersecurity working group, tasked with formulating the FDA’s medical device cybersecurity policy, and has served as co-chair of the Government Coordinating Council for the healthcare and public health critical infrastructure sector.
Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement

Endpoint Security
Anti-Money Laundering (AML)
Was added to your briefcase
Raising the Bar on Premarket Medical Device Cybersecurity
Raising the Bar on Premarket Medical Device Cybersecurity
Sign in now
Need help registering?
Contact support
Complete your profile and stay up to date
Contact Support
Create an ISMG account now
Create an ISMG account now
Need help registering?
Contact support
Sign in now
Need help registering?
Contact support
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.


Leave a Comment

Leave a Reply

Your email address will not be published.

Trump classified documents case: Mishandling charges rare, experts say – USA TODAY

Happy anniversary, Ukraine: Here's $3 billion- POLITICO – POLITICO

Leadership & Management – Measuring organisational cyber maturity – TEISS

Cyber Security Market worth $266.2 billion USD by 2027 – Exclusive Report by MarketsandMarkets™ – PR Newswire