FDA releases updated cybersecurity guidance for medical devices

On 18 October, 2018, the US Food & Drug Administration (FDA) released a draft revision to its 2014 cybersecurity guidance.

In the face of rapidly evolving cyber threats, “Content of Premarket Submission for Management of Cybersecurity in Medical Devices” provides updated recommendations on cybersecurity considerations for device design, labeling and documentation that the FDA recommends be included in premarket submissions for medical devices with cybersecurity risk. The FDA believes the new guidance will facilitate an efficient premarket review process, helping ensure that medical devices are designed to sufficiently address cybersecurity threats prior to launch on the market.

Comments and suggestions regarding the draft document can be made within 150 days of publication via www.regulations.gov. When final, the guidance will supersede “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices – Final Guidance, October 2, 2014”.

Manufacturers who wish to market networked medical devices are encouraged to seek FDA’s advice in a pre-submission meeting for either type of filing – a 510(k) submission for premarket notification or a PMA submission for a premarket approval. The filing type varies depending upon whether the medical device is moderate risk or high risk, as do the resources required for each filing to meet the devices’ safety and effectiveness requirements. A pre-submission meeting will help save both time and money, ensuring that the submission type is correctly filed.

If you have any questions about 510(k) submissions, please send an email to [email protected].