FDA Publishes Draft Medical Device Cybersecurity Guidance Amidst Continued Cybersecurity Concerns

| Printer friendly version

On April 08, 2022, the Food and Drug Administration (FDA) published a draft cybersecurity guidance document for medical devices, titled Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. The draft guidance covers a wide range of issues, including cybersecurity device design, labeling, and documentation. The guidance is intended to provide medical device makers a road map on how to satisfy the FDA’s quality system and patient safety regulations and how to address cybersecurity considerations within their premarket submissions.

The FDA’s draft guidance was released shortly before a report underlining the cybersecurity security practice deficiencies of various medical device makers. On April 20, 2022, Cybellum – a company specializing in assessing product security – reported the results of its 2022 medical device cybersecurity survey in an article titled Medical Device Cybersecurity: Trends and Predictions. The survey found that, although 83% of the medical device companies surveyed saw device security as a competitive edge, 75% of respondents noted that they do not have a dedicated senior management who takes responsibility for device cybersecurity.

The Cybellum survey also revealed that only about a quarter of the medical device companies surveyed (27%) generate and maintain a Software Bill-of-Materials (SBoM) for their products. An SBoM is a formal record containing the details and supply chain relationships of various components used in building software. President Joe Biden previously highlighted the importance of an SBoM in his Executive Order on Improving the Nation’s Cybersecurity from May 2021. Moreover, the National Telecommunications and Information Administration published The Minimum Elements for an SBoM on July 21, 2021, in an effort to bring “transparency to the components and connections within and across supply chains.”

The FDA’s draft cybersecurity guidance document is available here and is available for stakeholder comments until July 7, 2022.

Nima Zargari
Nima uses his degrees, training, and experience to give clients thorough and diligent legal and professional advice, providing structured solutions to their intellectual property needs. Nima received his J.D. from Loyola Law School, Los Angeles, where he worked in the Ninth Circuit Appellate Clinic, and successfully briefed a withholding of removal immigration case to the U.S. Court of Appeals for the Ninth Circuit. He also served as the editor-in-chief of Volume 40 of the Loyola of Los Angeles Entertainment Law Review. Before attending law school, Nima earned his Ph.D. in chemistry from the University of Southern California. His graduate work focused on small molecule synthesis via palladium(II) catalysis. Nima worked as a summer associate with the firm in 2019 and joined the firm in 2021.
View all posts published by Nima Zargari »

Leave a Reply

By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.