Overview and General Principles -
On October 2, 2014, the Food and Drug Administration (“FDA”) finalized guidance describing the FDA’s position on cybersecurity standards for medical devices. The guidance discusses cybersecurity principles pertaining to the development of medical devices, documentation that should be submitted with premarket applications, and recognized standards for medical device technology. The FDA pointed to the increasing prevalence of devices connected to system networks and the internet, and the frequent electronic exchange of medical device-related health information, as necessitating effective cybersecurity standards to assure medical device functionality and safety.
The guidance, titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” (the “Cybersecurity Guidance”), is intended to supplement FDA’s “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.” The Cybersecurity Guidance describes the FDA’s position as a cybersecurity framework to guide the development of medical devices: Identify, Protect, Detect, Respond, and Recover.
Please see full publication below for more information.