The need for effective cyber-security to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. FDA recognizes that medical device security is a shared responsibility between stakeholders, including health care facilities, patients, providers, and manufacturers of medical devices. Failure to maintain cybersecurity can result in compromised device functionality, loss of data (medical or personal) availability or integrity, or exposure of other connected devices or networks to security threats. This in turn may have the potential to result in patient illness, injury, or death.
Manufacturers should address cyber-security during the design and development of the medical device, as this can result in more robust and efficient mitigation of patient risks. FDA recommends that medical device manufacturers provide justification in the premarket submission for the security functions chosen for their medical devices.
Below are some of the areas for cyber-security of medical device that FDA wants you to address:
- A document for your cybersecurity risk management that includes the assets, vulnerabilities, threats and controls (also known as a threat model) to support the cybersecurity of your device since this information is critical to fully assess the technological characteristics of your device and the potential risks posed
- The company should have a summary plan which outlines the controls that are in place regarding protection of device from malware during the production and distribution of your software
- A document demonstrating the traceability between cybersecurity risk and control
- Adequate labeling to describe the cyber-security needs and requirements of your device and the expected actions and controls to be implemented by the end user.
For more information regarding requirement for Management of Cyber-security in Medical Devices for Premarket submission please visit the FDA guidance? For any questions or comments or your regulatory requirement please email to firstname.lastname@example.org or use our contact form.