FDA's New Cybersecurity Guidance for Medical Devices Receives Wary Welcome

Partner Mark Melodia commented on the Food and Drug Administration's (FDA) new cybersecurity guidance with Legaltech News as the guidance does not establish any legal enforcement to add cybersecurity measures to medical devices. The guidance is essentially a nonlegally binding suggestion to develop cybersecurity measures for premarket medical devices being reviewed by the FDA to enter the consumer market. The FDA also advises companies in this guidance to ensure data confidentiality in all devices by deploying routine updates and emergency workarounds. Mr. Melodia noted that this guidance does not include much advice on how to update they cybersecurity through updates and patches in patients with invasive medical devices like pacemakers or brain stimulators.

“Some [medical devices] are implanted in people and is not as easy as updating your PC. We certainly don’t want to be rushing out with changes and patches with an eye on cybersecurity and in any way threatening patient care,” Mr. Melodia stated.

READ: FDA's New Cybersecurity Guidance for Medical Devices Receives Wary Welcome