USA – FDA proposes updates to device cybersecurity guidance

The US Food and Drug Administration (FDA) has released a draft guidance that proposes updating the agency’s final guidance on cybersecurity of medical devices. The update would add additional information to the final guidance about the types of devices that fall under section 524B(c) of the Food, Drug, and Cosmetic Act (FD&C Act) as well as who is required to comply with ensuring the cybersecurity of medical devices.

“This draft guidance, when finalized, will identify the information FDA generally considers to be necessary to support obligations under section 524B of the FD&C Act,” FDA wrote in a Federal Register notice.

The agency noted that it is required for a person to submit information that demonstrates a medical device meets cybersecurity requirements if it meets the definition of a cyber device if the person submits a 510(k), premarket approval application (PMA), product development protocol (PDP), De Novo, or humanitarian device exemption (HDE) for the device…