The manufacturers should satisfy the QSR by establishing a Secure Product Development Framework (“SPDF”), which includes processes made up to reduce the number and severity of threats faced by the product throughout all aspects of the product life cycle. It should consider the third-party software components.

While the SPDF recommendation is not more specific than FDA’s 2014 guidance, FDA allows manufacturers to satisfy the QSR using other approaches too, provided they meet the requirements.

Labeled Safety for Medical Devices

Cybersecurity threats evolve and, as a result, the effectiveness of cybersecurity controls may degrade as new risks, threats and attack methods emerge, and so the device’s safety and effectiveness, should also consider the intended and actual use environment.

To make this decision more reliable, the guidance included labeling suggestions for devices with cybersecurity risks, including detailed diagrams and descriptions of backup-and-restore procedures.

The instructions to manage medical device cybersecurity threats or risks should be understandable to the intended audience, including patients or caregivers with limited technical knowledge (3^✔ ✔Trusted Source
Medical Devices in Harm’s Way: Medjacking

Go to source).

Currently, the FDA requests comments on the guidance to be submitted either in electronic or written form by July 7, 2022. This draft guidance is one of the new beginnings in the health IT and medical technology industry over the past few years.

Past, Present and Future of Medical Devices Cybersecurity

Before this guidance draft, the FDA had released “guiding principles” for developing devices relying on artificial intelligence and machine learning last October, followed by a draft guidance on software functions.

This time FDA has responded more effectively to the evolving needs of medical innovation when compared to its global counterparts by drafting guidance that is more reasonable to the users and the healthcare industry.

Meanwhile, laws were also introduced earlier this month that would establish a series of cybersecurity requirements for manufacturers applying for premarket approval through the FDA, among other provisions (4^✔ ✔Trusted Source
Third time’s a charm: US FDA reissues cybersecurity draft guidance

Go to source).

This is seen as a welcome move in the era where there is integrated wireless, internet- and network-connected capabilities, portable media along with the frequent electronic exchange of medical-device-related health information.

Never like before, the need for strong cybersecurity that ensures medical device safety and effectiveness has become more important.

In addition, cybersecurity threats have made the healthcare sector suffer severely and directly affect the clinical impact. Improved functioning of digital medical devices can improve health care quality and safety.

The health sector and medical devices should take care of both health and safety. Be aware of these regulations and make a difference in the technology world full of hackers.

References:

1. Cybersecurity – (https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity)
2. Medical Device Cybersecurity: What You Need to Know – (https://www.fda.gov/consumers/consumer-updates/medical-device-cybersecurity-what-you-need-know)
3. Medical Devices in Harm’s Way: Medjacking – (https://jamanetwork.com/journals/jama-health-forum/fullarticle/2759776)
4. Third time’s a charm: US FDA reissues cybersecurity draft guidance – (https://www.raps.org/news-and-articles/news-articles/2022/4/third-times-the-charm-us-fda-reissues-cybersecurit)

Source: Medindia