Government Watchdog Recommends FDA Improve Cybersecurity Reviews
Executive Summary
HHS OIG is recommending US FDA hold more pre-submission meetings, amend their Refuse-to-Accept checklist and update their "Smart" template for agency reviewers to improve oversight of medical device cybersecurity.
You may also be interested in...
Gaps Remain In US FDA's Response Procedures For Cybersecurity Events, OIG Says
FDA's policies and procedures do not adequately address how to handle post-market device cybersecurity events and the agency had not adequately tested its ability to respond to emergencies arising from such events, US HHS' investigative arm says. But the top cybersecurity official at FDA's device center says OIG's report is "incomplete and inaccurate."
Device-Makers Need To Open Up More On Cybersecurity In Pre-Market, Draft Guidance Says
A new update to the pre-market cybersecurity guidance issued four years ago reflects how US FDA's thinking on the issue has evolved, as more cases of device vulnerabilities have surfaced. Among the key updates are recommendations for sponsors to submit a cybersecurity "bill of materials" in product labeling to better coordinate with end-users and to use a two-tiered risk management approach.
US FDA Pushes Further On Cybersecurity Efforts Despite Limited Resources
US FDA unveiled multiple cybersecurity-related initiatives, including two memoranda of understandings to launch information sharing organizations and playbook for health-care delivery organizations. The agency is continuing a multi-front attack in the area, despite limited resources.