Cybersecurity in medical devices: quality system considerations and content of premarket submissions : guidance for industry and Food and Drug Administration staff
Cybersecurity in medical devices: quality system considerations and content of premarket submissions : guidance for industry and Food and Drug Administration staff
- Collection:
- Health Policy and Services Research
- Contributor(s):
- Center for Devices and Radiological Health (U.S.), issuing body.
Center for Biologics Evaluation and Research (U.S.), issuing body. - Publication:
- Silver Spring, MD : Center for Devices and Radiological Health, September 27, 2023
- Language(s):
- English
- Format:
- Text
- Subject(s):
- Computer Security
Device Approval
Equipment Safety
Government Regulation
Medical Device Legislation
United States - Genre(s):
- Guideline
Technical Report - Abstract:
- With the increasing integration of wireless, Internet- and network-connected capabilities, portable media (e.g., USB or CD), and the frequent electronic exchange of medical device-related health information and other information, the need for robust cybersecurity controls to ensure medical device safety and effectiveness has become more important. In addition, cybersecurity threats to the healthcare sector have become more frequent and more severe, carrying increased potential for clinical impact. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the U.S. and globally. Such cyber attacks and exploits may lead to patient harm as a result of clinical hazards, such as delay in diagnoses and/or treatment. Increased connectivity has resulted in individual devices operating as single elements of larger medical device systems. These systems can include healthcare facility networks, other devices, and software update servers, among other interconnected components. Consequently, without adequate cybersecurity considerations across all aspects of these systems, a cybersecurity threat can compromise the safety and/or effectiveness of a device by compromising the functionality of any asset in the system. As a result, ensuring device safety and effectiveness includes adequate device cybersecurity, as well as its security as part of the larger system. For the current edition of the FDA-recognized consensus standard(s) referenced in this document, see the FDA Recognized Consensus Standards Database. For more information regarding use of consensus standards in regulatory submissions, please refer to the FDA guidance titled “Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices” and “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research.” For applications currently pending with FDA at the time of initial publication of this guidance, as well as those submitted after initial publication of this guidance, FDA intends to work collaboratively with manufacturers of such premarket submissions as part of the FDA review process. In general, FDA’s guidance documents do not establish legally enforceable responsibilities. Instead, guidances describe the Agency’s current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required.
- Copyright:
- The National Library of Medicine believes this item to be in the public domain. (More information)
- Extent:
- 1 online resource (1 PDF file (53 pages))
- NLM Unique ID:
- 9918716786306676 (See catalog record)
- Permanent Link:
- http://resource.nlm.nih.gov/9918716786306676