Home Health Care How FDA’s New Policy Aims to Improve Medical Device Security

How FDA’s New Policy Aims to Improve Medical Device Security

by Universalwellnesssystems

Endpoint Security , Healthcare , Industry Specific

Dr. Suzanne Schwartz explains what device makers need to know to get FDA approval

Marian Koluvasc McGee (Health InfoSec) •
April 14, 2023



Dr. Suzanne Schwartz, Director, Office of Strategic Partnerships and Technology Innovation, FDA Center for Medical Devices and Radiation Health


FDA’s Dr. Suzanne Schwartz said the new Food and Drug Administration policy of “refusing to accept” premarket submissions for new medical devices where cybersecurity details are lacking will help prevent future legacy devices. said to help significantly improve the condition of

Related item: Webinar | Evolving Network Architectures: What You Don’t Know Can Lose You

“Ultimately, we want to be able to remove the long, long tail of legacy equipment currently in use,” said director of the Office of Strategic Partnerships and Innovation at the FDA’s Center for Equipment and Radiation Health. said Schwartz.

Beginning October 1, the FDA will require commercial devices that do not detail cybersecurity measures, including plans to address post-market vulnerabilities, methods of coordinated exploit disclosure, and software bills of materials. Reject previous submission (see: FDA will soon begin refusing medical devices on the cyber).

In the meantime, between now and October 1, the FDA also expects such cybersecurity details to be included in new device submissions, but the agency is working with manufacturers to ensure that devices Address security flaws in documentation provided by manufacturers to FDA. Schwartz told his Information Security Media Group.

The FDA was given expanded powers over medical device cybersecurity by Congress as part of the omnibus funding bill signed into law by President Joe Biden in December (see: Exclusive: FDA Leader on Impact of New Medical Device Act).

The FDA’s “do not accept” policy has existed for years, but it did not apply to medical device cybersecurity. “It’s a kind of stage gating or screening for acceptance criteria for submissions that goes into effect Oct. 1,” she said. Are all appropriate administrative elements included? If any element is missing, the submission will be immediately rejected or returned.”

“There will always be legacy devices, and those legacy devices must be cybersecured and maintained in a safe and effective manner,” she said. Current legacy devices pose significant challenges for healthcare delivery organizations in that they cannot be patched or updated and present huge exposure and attack surfaces to healthcare organizations, she says.

As the FDA’s new policy takes hold, new products enter the market and eventually become legacy devices, so it’s important to patch identified vulnerabilities and update devices without impacting performance. I can”.

In this video interview with the Information Security Media Group, Schwartz also explains:

  • Why most products reviewed by the FDA are considered “cyber devices” under the new regulations.
  • Details of the documents FDA currently expects as part of premarket device submissions and how their cybersecurity review is being performed.
  • What’s next in FDA’s plan for medical device cybersecurity.

Schwartz supports the FDA’s Medical Device Cybersecurity Program. This includes raising awareness within the medical and public health sector, educating and conducting outreach, building partnerships and coalitions, and facilitating cooperation with other government agencies and the private sector. She also chairs her CDRH’s Cybersecurity Working Group, which is tasked with developing the FDA’s Medical Device Cybersecurity Policy, and co-chairs the Government Coordinating Council for the Healthcare and Public Health Critical Infrastructure Sector. I have served.

You may also like

Leave a Comment

The US Global Health Company is a United States based holistic wellness & lifestyle company, specializing in Financial, Emotional, & Physical Health.  

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Copyright ©️ All rights reserved. | US Global Health