FDA Updates Cybersecurity Requirements for Medical Devices
(Thursday, March 14, 2024) FDA’s previous guidance on cybersecurity aspects of internet connected medical devices provides a detailed description of all the issues that manufacturers must address prior to filing their market approval applications with the FDA. This week the FDA released an update to a few sections of that guidance which would likely require updates to the market approval applications in preparation for submission for such devices or currently under review at the FDA. All devices containing internet-connected software must identify potential cybersecurity concerns and ensure protection from the same. FDA released its final guidance on the topic just 6 months ago in September 2023. The new guidance is intended as an addendum to that guidance by clarifying the person responsible for ensuring compliance with the cybersecurity requirements (i.e., anyone who is filing the market approval application), the type of devices that are subject to the requirements (i.e., all devices connected to the internet in any way), and documentation requirements (i.e., all aspects of review of vulnerabilities and measures to address them before filing the market approval application and post-market approval must be written and reports provided to the FDA, if applicable). The new guidance does not contain any surprises, rather it refers to common sense measures that manufacturers should be doing on their own. AUTHOR
Dr. Mukesh Kumar Founder & CEO, FDAMap Email: [email protected] Linkedin: Mukesh Kumar, PhD, RAC Instagram: mukeshkumarrac Twitter: @FDA_MAP Youtube: MukeshKumarFDAMap |
|