Health Law Highlights

FDA Proposes Updated Guidance Concerning Cybersecurity of Medical Devices

Summary of article from Jones Day, by Maureen Bennett, Ryan Blaney, Alexis Gilroy, Colleen Heisey, Michael McFerran, Lauren Murtagh:

The U.S. Food and Drug Administration (FDA) has proposed an updated draft Premarket Cybersecurity Guidance on March 13, 2024, to aid in meeting cybersecurity requirements for FDA medical device submissions. This guidance, under Section 524B of the Federal Food, Drug, and Cosmetic Act, applies to any submission for a “Cyber Device”, which is defined as any device containing software, with potential internet connectivity, and susceptibility to cybersecurity threats. Manufacturers are required to provide documentation that includes plans for dealing with cybersecurity vulnerabilities, assurance of device and system security, and a detailed software bill of materials. The guidance also addresses the impact of device modifications on cybersecurity and the need for a “reasonable assurance of cybersecurity” in the device’s safety and effectiveness evaluation. The FDA will finalize the draft guidance after considering comments and suggestions submitted by May 13, 2024.