Regulatory Update on Medical Device Cybersecurity

Cybersecurity of medical devices is a rapidly evolving area of concern. Here is an update on recent FDA activities.

Cybersecurity of medical devices is on FDA’s radar! Just last week, the FDA issued a safety communication about the recently identified SweynTooth family of cybersecurity vulnerabilities which may affect medical devices. As medical devices become increasingly inter-connected, cybersecurity is fast becoming the next frontier of risk management for medical devices.

In this blog, we provide an update on recent FDA activities to understand the agency’s evolving regulatory approach. Please click on the video link below.

This video is based on an FDA presentation at the Archimedes Medical Device Cybersecurity conference held in New Orleans, Jan 27-28, 2020. It covers the following key points:

1. FDA premarket guidance – undergoing “fair amount of restructuring”.

2. IMDRF draft cybersecurity guidance – under final review

3. Threat modeling and CVSS – emerging tools for cybersecurity

4. Legislative efforts – FDA pursuing legislation for vulnerability disclosure and SBOM

5. Patient communication – emerging considerations for patient communication about cybersecurity
   

In Conclusion – there is a lot going on in the regulatory world on medical device cybersecurity. Our video provides a quick 11-minute update and offers insights on what you should expect in the near future.

Share your comments and questions below. Contact us and let us know how we can help.

References

SweynTooth Cybersecurity Vulnerabilities, March 2020

Cybersecurity is the Next Frontier of Risk Management