A couple of years ago, the FDA articulated its expectations for the ways device manufacturers should address cybersecurity premarket. More recently, FDA released a complementary draft guidance.  Last week, my colleagues Al Saikali, Madeleine McDonough, and Tim Moore analyzed that guidance.  Key takeaways from the guidance include:

  • Cybersecurity programs should be documented, systematic and comprehensive.
  • Cybersecurity should be considered throughout the medical device’s entire lifecycle.
  • Cybersecurity evaluations should consider a broad range of credible information and potential threats that could compromise a medical device’s essential functions.

You can read their entire analysis here.