FDA’s Cybersecurity Authority in 2023

Topics:
No items found.
Mike Kijewski
Mike Kijewski

March 29, 2022

FDA’s Cybersecurity Authority in 2023

Today the FDA has issued a new final guidance on the Refuse to Accept (RTA) policy relating to cybersecurity in medical devices, specifically for “Cyber Devices” as defined in the newly-amended FD&C Act (Section 524B). In mapping its guidance to the new statutory authority, the FDA specifies what is expected when a submission is provided to the agency for review.

What does this mean for you? If you’re a company building a medical “cyber device”, it is now a requirement that you build your device to be secure by design, develop strategies to monitor and maintain the security of that device postmarket and for the life of the device, generate and maintain a software bill of materials, and generate the requisite documentation proving you’ve done so as part of your FDA regulatory submission.

When we started MedCrypt in 2016, we heard many healthcare stakeholders say that cybersecurity wouldn’t be an important topic in medical devices until the FDA made it so. The FDA’s announcement makes it clear that this day has come. If you have questions about what you can do to satisfy these new FDA requirements, please reach out to us at info@medcrypt.com. Keep an eye out for a more comprehensive analysis of this new guidance document, coming soon.

MedCrypt exists to help healthcare technology companies build products that are secure by design. We’re excited to help our industry bring innovative clinical technologies to patients today, while anticipating the cybersecurity challenges of tomorrow.

Follow MedCrypt on LinkedIn and Twitter and subscribe to our newsletter to stay up to date on the latest news in medical device cybersecurity.

Related articles

Are SBOMs moving the needle for improving medical device cybersecurity?
This is some text inside of a div block.

Are SBOMs moving the needle for improving medical device cybersecurity?

Tools & processes
This is some text inside of a div block.
Vulnerability management
This is some text inside of a div block.
Om Mahida
Om Mahida

March 28, 2024

Directors, VPs, and C-Suite Executives’ Approach to FDA Stock Deficiency Letters (Part 4/4)
This is some text inside of a div block.

Directors, VPs, and C-Suite Executives’ Approach to FDA Stock Deficiency Letters (Part 4/4)

FDA readiness
This is some text inside of a div block.
Regulatory
This is some text inside of a div block.
Naomi Schwartz
Naomi Schwartz

March 19, 2024

Regulatory Affairs’ Approach to FDA Stock Deficiency Letters (Part 3/4)
This is some text inside of a div block.

Regulatory Affairs’ Approach to FDA Stock Deficiency Letters (Part 3/4)

FDA readiness
This is some text inside of a div block.
Regulatory
This is some text inside of a div block.
Thought leadership
This is some text inside of a div block.

March 18, 2024

Subscribe to Medcrypt news

Get the latest healthcare cybersecurity news right in your inbox.

We'll never spam you or sell your information

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.