'Sharing' Organizations Stay In Final Post-Market Cybersecurity Guidance
Despite pushback from industry groups on the use of information-sharing and analysis organizations (ISAOs), US FDA has kept the language the same in its final post-market cybersecurity guidance, but has removed the term "essential clinical performance."
You may also be interested in...
A draft IMDRF guidance released this month aims to set the trend for how regulators around the world oversee cybersecurity of medical devices. According to experts, the document also foreshadows what sponsors can expect from the US FDA in areas such as developing a software bill of materials, as the agency updates its own cybersecurity guidances.
The US agency issued a safety communication on 1 October warning manufacturers, providers and patients of 11 serious exploits on a wide range of connected medical devices that could allow malicious hackers to not just steal patient data, but harm patients by altering how the devices function.
Two longtime industry experts break down the US FDA’s rules around when an action becomes reportable as a recall to the agency. The bottom line: If you’re changing a device’s safety, then you should probably report it.