Jodi K. Scott, Lina Kontos, Randy Prebula, and Alex Smith of Hogan Lovells write:
The U.S. Food and Drug Administration (FDA) has finalized its guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which advises medical device manufacturers on how to tighten cybersecurity measures in response to rapidly evolving online threats to both patients and hospitals. Notably, the finalized version of the guidance differs from the draft issued last year in its addition of PATCH Act language, information regarding interoperability considerations, and advice on how device cybersecurity design and documentation should be scaled with the cybersecurity risk of that device. We analyze these and other changes to the guidance below. As FDA will soon begin issuing “refuse to accept” decisions to applicants that fail to include proper cybersecurity information in premarket submissions to the agency, medical device manufacturers should analyze and understand their obligations under the guidance.
Read more at Engage.