The grace period for medical device cybersecurity is over. As we move into 2026, the FDA is shifting from "guidance" to "enforcement," and the rules of the game have changed. In this session, Naomi Schwartz breaks down the 2025 recap of FDA deficiencies and postmarket actions, and provides a "no-filter" look at what the 2026 transition from QMS to QMSR really means for your next inspection.

‍

We will go beyond the standard checklists to address the FDA’s new "Secure by Design" mandate. Naomi will explain why the FDA is now insisting on security design controls even when your internal risk assessments claim they aren't needed—and how failing to include them now will almost certainly lead to a deficiency response later. Additionally, FDA can evaluate how well your design history files demonstrate that you follow (or fail to follow) your cybersecurity procedures - this can lead to inspectional findings that will cost you time and money to remediate.