USA – Cybersecurity: CDRH to Update 2014 Premarket Policies

Ahead of a new US Food and Drug Administration (FDA) draft guidance set to be released in 2019, lead of cybersecurity initiatives at the Center for Devices and Radiological Health (CDRH) Suzanne Schwartz previewed policy changes at RAPS’ 2018 Convergence.

The US healthcare industry has become a target for cyberattacks over the past few years and this has been partly linked to inadequate device designs, which must undergo regulatory premarket reviews to mitigate cyber vulnerabilities with patches or other interventions.

In light of recent cyber-attacks and as connected devices play an increasing role in care delivery and become more sophisticated, FDA saw a need to update the policies set forth in the premarket guidance finalized in 2014. The “plan in place” was first discussed by Schwartz, who also serves as associate director for science and strategic partnerships, at an Association for the Advancement of Medical Instrumentation conference in March.

From integrated policies on threat modeling and cybersecurity-related design inputs for devices to new incentives around information sharing to foster a collaborative, coordinated approach on vulnerability disclosures, the new draft guidance will revamp a wide range of premarket policies…