FDA Releases Guidance on Medical Device Cybersecurity | Practical Law

FDA Releases Guidance on Medical Device Cybersecurity | Practical Law

The US Food and Drug Administration (FDA) has released final recommendations to manufacturers for managing cybersecurity risks associated with medical devices.

FDA Releases Guidance on Medical Device Cybersecurity

Practical Law Legal Update 5-583-4545 (Approx. 3 pages)

FDA Releases Guidance on Medical Device Cybersecurity

by Practical Law Intellectual Property & Technology
Published on 02 Oct 2014USA (National/Federal)
The US Food and Drug Administration (FDA) has released final recommendations to manufacturers for managing cybersecurity risks associated with medical devices.
On October 2, 2014, the US Food and Drug Administration (FDA) announced it had published the final draft of its guidance for industry and FDA staff, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (Guidance) (79 Fed. Reg. 59493-01 (Oct. 2, 2014)). The Guidance sets out best practices and recommendations for cybersecurity functions and documentation and addresses issues that manufacturers should consider when preparing premarket submissions for medical devices.
In particular, the Guidance applies to the following premarket submissions for devices that contain software or programmable logic, as well as software that is a medical device:
  • Premarket Notification (510(k)) including Traditional, Special, and Abbreviated.
  • De novo submissions.
  • Premarket Approval Applications (PMA).
  • Product Development Protocols (PDP).
  • Humanitarian Device Exemption (HDE) submissions.
While the Guidance represents the FDA's thoughts on how best to manage cybersecurity in medical devices, the recommendations are not binding.