Device Makers Get Details on Design, Labeling, and Submission Requirements
The Food and Drug Administration has published new final guidance on the cybersecurity controls for new medical devices. The new document, which replaces previous guidance issued in September 2023, provides FDA’s latest recommendations for cybersecurity device design, labeling and the information most device makers must now include in their premarket submissions to the agency.
Some experts say the new guidance merges into one document the agency’s current thinking and expectations when it comes to addressing device cybersecurity, including complying with premarket submission cyber requirements.
“The latest FDA guidance is a unification of the 2023 premarket guidance and the select updates, which clarified the FDA’s application of the elements included in 524B, which granted FDA statutory authority for cybersecurity of medical devices,” said Phil Englert, vice president of medical device cybersecurity at the Health Information Sharing and Analysis Center (Health-ISAC).
“This newly released guidance combines those two documents into a single cohesive guidance document,” he said.
