Returned late last week after attending the FDA Center for Devices & Radiological Health (CDRH), National Information Sharing Analysis Center (NH-ISAC), The Department of Health and Human Services (HHS), and The Department of Homeland Security (DHS) Workshop “Moving Forward Collaborative Approaches to Medical Device Cybersecurity, January 20-21 at the FDA White Oak Campus, Silver Spring, MD. A packed audience and a great group of speakers and panel members. Will provide output discussions on a follow up blog.
Download Post_market_cybersecurity_draft_guidance
This is the just released Draft Guidance for Industry and Food Administration Staff for comments. Issued January 2016. The Introduction from the “DRAFT” Guidance. Lines 13-26 13 I. Introduction 15 FDA is issuing this guidance to inform industry and FDA staff of the Agency’s recommendations 16 for managing postmarket cybersecurity vulnerabilities for marketed medical devices. In addition 17 to the specific recommendations contained in this guidance, manufacturers are encouraged to 18 address cybersecurity throughout the product lifecycle, including during the design, development, 19 production, distribution, deployment and maintenance of the device. A growing number of 20 medical devices are designed to be networked to facilitate patient care. Networked medical 21 devices, like other networked computer systems, incorporate software that may be vulnerable to 22 cybersecurity threats. The exploitation of vulnerabilities may represent a risk to the safety and 23 effectiveness of medical devices and typically requires continual maintenance throughout the 24 product life cycle to assure an adequate degree of protection against such exploits. Proactively 25 addressing cybersecurity risks in medical devices reduces the patient safety impact and the overall 26 risk to public health.
