Partner Mark Melodia commented on the Food and Drug Administration's (FDA) new cybersecurity guidance with Legaltech News as the guidance does not establish any legal enforcement to add cybersecurity measures to medical devices. The guidance is essentially a nonlegally binding suggestion to develop cybersecurity measures for premarket medical devices being reviewed by the FDA to enter the consumer market. The FDA also advises companies in this guidance to ensure data confidentiality in all devices by deploying routine updates and emergency workarounds. Mr. Melodia noted that this guidance does not include much advice on how to update they cybersecurity through updates and patches in patients with invasive medical devices like pacemakers or brain stimulators.
“Some [medical devices] are implanted in people and is not as easy as updating your PC. We certainly don’t want to be rushing out with changes and patches with an eye on cybersecurity and in any way threatening patient care,” Mr. Melodia stated.
Please note that email communications to the firm through this website do not create an attorney-client relationship between you and the firm. Do not send any privileged or confidential information to the firm through this website. Click "accept" below to confirm that you have read and understand this notice.