Government Watchdog Recommends FDA Improve Cybersecurity Reviews
HHS OIG is recommending US FDA hold more pre-submission meetings, amend their Refuse-to-Accept checklist and update their "Smart" template for agency reviewers to improve oversight of medical device cybersecurity.
You may also be interested in...
FDA's policies and procedures do not adequately address how to handle post-market device cybersecurity events and the agency had not adequately tested its ability to respond to emergencies arising from such events, US HHS' investigative arm says. But the top cybersecurity official at FDA's device center says OIG's report is "incomplete and inaccurate."
A new update to the pre-market cybersecurity guidance issued four years ago reflects how US FDA's thinking on the issue has evolved, as more cases of device vulnerabilities have surfaced. Among the key updates are recommendations for sponsors to submit a cybersecurity "bill of materials" in product labeling to better coordinate with end-users and to use a two-tiered risk management approach.
US FDA unveiled multiple cybersecurity-related initiatives, including two memoranda of understandings to launch information sharing organizations and playbook for health-care delivery organizations. The agency is continuing a multi-front attack in the area, despite limited resources.