Vertical markets, Content

Medical Device Cybersecurity: FDA Seeks Industry Feedback

EKG monitor in intra aortic balloon pump machine. Medical equipment

The Food and Drug Administration (“FDA”) in April 2022 issued a draft document containing cybersecurity guidance for industry and FDA staff.

Industry stakeholders have until July 7, 2022 to comment on the FDA document, titled Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.

The FDA developed the draft guidance in response to increasing cybersecurity threats to the healthcare sector and growing use of wireless, Internet- and network-connected medical devices. The draft guidance provides recommendations regarding cybersecurity device design, labeling and documentation with the goal of facilitating an efficient premarket review process and ensuring that marketed medical devices are “sufficiently resilient to cybersecurity threats.”

The FDA previously issued guidance addressing premarket expectations in 2014 and proposed to update this guidance in 2018.

The 2022 draft guidance, however, replaces the 2018 version and incorporates input from stakeholders at various public meetings, comments received on the 2018 version and recommendations from the Health Care Industry Cybersecurity Task Force Report.

According to the FDA, the guidance “is intended to further emphasize the importance of ensuring that devices are designed securely, are designed to be capable of mitigating emerging cybersecurity risks throughout the Total Product Life Cycle, and to clearly outline FDA’s recommendations for premarket submission content to address cybersecurity concerns.”


Blog courtesy of Hunton Andrews Kurth, a U.S.-based law firm with a Global Privacy and Cybersecurity practice that’s known throughout the world for its deep experience, breadth of knowledge and outstanding client service. Read the company’s privacy blog here.