Skip to main content
close search
site logo
Dive Brief

FDA floats changes to cybersecurity guidance to strengthen safeguards

Published Oct. 18, 2018
By
Contributor
Credit: Andrew Propp, FDA / Edited by BioPharma Dive

Dive Brief:

  • The FDA has released draft guidance on medical device cybersecurity for consultation.

  • Headline changes to the cybersecurity guidance include the recommended creation of lists of all hardware and software components used in a device that could be vulnerable to attack.

  • The FDA thinks the changes will make premarket review more efficient and thereby help new, secure versions of devices get to market sooner.  

Dive Insight:

Cybersecurity has raced up the FDA’s list of priorities in recent years. This month alone, the agency has issued a playbook to help healthcare providers prevent and manage attacks, tightened its cybersecurity ties to Homeland Security and posted an alert about a weakness in the defenses of Medtronic devices.

Now, four years after finalizing its guidance on medical device cybersecurity, the FDA has published a draft update to the text. The relatively short gap between the final and draft documents reflects the pace of change in cybersecurity.

“Because of the rapidly evolving nature of cyber threats, we’re updating our guidance to make sure it reflects the current threat landscape so that manufacturers can be in the best position to proactively address cybersecurity concerns,” FDA commissioner Scott Gottlieb said in a statement.

The FDA is using the update to introduce some new concepts. The agency is recommending that device manufacturers include a cybersecurity bill of materials (CBOM) in their product labeling. CBOMs are lists of components that the FDA sees as a “critical element in identifying assets, threats and liabilities.”

Other proposed changes include the creation of two tiers of medical devices defined by cybersecurity risk. The FDA plans to classify connected products that could directly harm patients if hacked as Tier 1 devices. All other devices will fall into Tier 2. By dividing devices by cybersecurity risk, the FDA thinks it will help companies design secure products and provide appropriate supporting documentation to its staff.

The FDA is accepting feedback on the draft for 150 days and will hold a public workshop in January to give parties a chance to discuss and ask questions about the proposed changes.

Recommended Reading

Filed Under: FDA, Cybersecurity

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Echosens Launches its Liver Health Management (LHM) Platform Globally, Streamlining Liver Care
From Echosens
November 04, 2024
New Published Study Shows MedLite ID as Faster and Simpler Solution to Primary Medication Infu…
From Orion Innovations
November 20, 2024
Editors' picks
Latest in FDA
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell