Cybersecurity: Guidance Docs To Come, But Legacy Devices Still A Challenge
Increasing savvy around cybersecurity issues is driving regulators and trade groups to update their approach to the area, speakers from the US FDA and the American Medical Association said at this week’s FDA/CMS Summit.
You may also be interested in...
A draft IMDRF guidance released this month aims to set the trend for how regulators around the world oversee cybersecurity of medical devices. According to experts, the document also foreshadows what sponsors can expect from the US FDA in areas such as developing a software bill of materials, as the agency updates its own cybersecurity guidances.
Under changes announced on 9 October by the US Health and Human Services Office of Inspector General (HHS OIG) and the Centers for Medicare and Medicaid Services (CMS), new so-called "safe harbors" to the anti-kickback statute and planned changes to the physician self-referral statute (Stark Law) would shelter health-care providers – including device-makers – who enter into value-based care arrangements for services paid for by Medicare. Such changes have been promoted by medtech firms.
The FDA is convening a panel of experts in September to talk about how to craft cybersecurity communications that adequately alert patients about potential vulnerabilities while not creating a panic. The meeting comes as the agency has been putting out a growing number of cybersecurity alerts, including most recently a recall for certain vulnerable Medtronic insulin pumps.