FDA Proposal For Cybersecurity Info In Pre-market Submissions Generates Debate
This article was originally published in The Gray Sheet
Medical device firms and internet security groups disagree over whether an FDA guidance should recommend that companies document their cybersecurity measures in pre-market submissions.
You may also be interested in...
FDA issued a draft guidance on how companies should monitor and respond to potential cybersecurity threats in the postmarket setting. Some cybersecurity problems will require a recall action, but in most cases urgent notification to FDA will not be necessary, the document suggests.
A final guidance issued by the agency on premarket submission content to support device cybersecurity is consistent with last year’s proposal. FDA was not swayed by calls to allow device firms to address cybersecurity risks and mitigation efforts within design history files rather than in premarket submissions.
Chinese hackers recently broke into Community Health Systems’ IT system and stole patient data. Although they did not take device data in this instance, the hackers might have been after that, experts suggest, highlighting vulnerabilities for industry.