Medical Devices

Public Workshop - Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019

The Food and Drug Administration (FDA) is announcing a public Workshop entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”. The purpose of the workshop is to discuss the newly released draft guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. FDA seeks to bring together diverse stakeholders to discuss, in-depth, the draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” and the sub-topic of the draft guidance regarding a Cybersecurity Bill of Materials (CBOM), which can be a critical element in identifying assets, threats, and vulnerabilities.

The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the US and globally. Such cyberattacks and exploits can delay diagnoses and/or treatment and may lead to patient harm.

Although FDA issued guidance addressing recommendations for device cybersecurity information in premarket submissions in 2014 , the rapidly evolving landscape, and the increased understanding of the threats and their potential mitigations necessitates an updated approach. This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.

Date, Time and Location

This meeting will be held January 29th and January 30th 2019, beginning at 9:00 a.m. – 4:30 p.m. at the following location:

FDA White Oak Campus
10903 New Hampshire Avenue
Bldg. 31, Room 1503 (the Great Room)
Silver Spring, MD, 20993

FDA Campus Information, (e.g., local airports, directions, local hotels, etc.)

The meeting will be webcasted.


Agenda Day 1: January 29, 2019

8:30am–9:00amRegistration (for pre-registered attendees)
9:00am–9:25amFDA Welcome/Medical Device Cybersecurity State of the Union: Trustworthiness, Transparency and Resilience – A Recipe for Advancing Device Cyber Safety
9:25am–9:30amMeeting Logistics
9:30am–9:40amFDA Leadership Remarks
9:50am–10:35amSession I Plenary Panel - Legacy Learnings: Drag of the Past Driving Increased Resilience in the Future
10:35am– 10:50amMedical Device Premarket Guidance Draft Overview
10:50am–11:35amSession II Plenary Panel - Threat Modeling & Systems Approaches
11:35am–12:20pmSession III Plenary Panel - Risk Assessment Approaches & Labeling
1:25pm–2:05pmSession IV Plenary Panel - Transitioning from Implied Trust to Trustworthiness: Authentication, Authorization, and Encryption
2:05pm 2:10pmMove to Breakout
2:10pm–2:55pmBreakout Session: Premarket Guidance Topics Other than CBOM
2:55pm–3:00pmReturn from Breakout
3:00pm–3:45pmSession V Plenary Panel - Increasing Transparency, Advancing Protection, and Enabling Timely Response: Cybersecurity Bill of Materials (CBOM)
3:55pm–4:45pmBreakout Session: CBOM

Agenda Day 2: January 30, 2019

8:30am–9:00amRegistration (for pre-registered attendees)
9:00am–9:30amWelcome, Day 1 Breakout Report Outs,  Recap Day 1
9:30am–10:00amSession VI Plenary Panel - Patient Perspectives: The True Endpoint
10:00am–11amSession VII Plenary Panel: Leveraging Innovation and Collaboration in the Ecosystem to Advance Cyber Safety
11:10am–11:55amSession VIII Plenary Panel - Scoring Vulnerabilities: What’s the clinical context? 
11:55am–12pmCyberMed Safety (Expert) and Analysis Board (CYMSAB) Breakout Framing
12pm–12:05pmMove to Breakout
12:05pm–12:55pmBreak Out Session: CYMSAB
1:40pm–2:40pmSession IX Plenary Panel - Establishing Trust, Embracing Transparency, Increasing Resilience: Best Practices  & Tools
2:40pm–3:25pmSession X Plenary Panel - Information Sharing: An Evolving Journey
3:35pm–4:20pmSession XI Plenary Panel - Preparedness and Response: Wanna Cry Again?
4:20pm–4:40pmCYMSAB Breakout Report Out, Workshop Recap, and Closing Remarks



Webcast Archived Links

Day 1

Part 1:

Part 2:

Part 3:

Day 2

Part 1:

Part 2:

Part 3:

Part 4:


Contact Us

If you require special accommodations due to a disability, or need additional information regarding registration, please contact Susan Monahan, Office of Communications, Education, and Radiation Programs, Center for Devices and Radiological Health, Food and Drug Administration, 10903 New Hampshire Avenue, Bldg. 32, Silver Spring, MD 20993, 301-796-5661,

For questions regarding workshop content please contact:

Aftin Ross
Center for Devices and Radiological Health
Office of the Center Director
Emergency Preparedness/Operations & Medical Countermeasures
White Oak 66, Room 5402 | 10903 New Hampshire Avenue | Silver Spring, MD 20993
Office: 301-796-5679 Cell: (202) 870-0517

Page Last Updated: 02/28/2019
Note: If you need help accessing information in different file formats, see Instructions for Downloading Viewers and Players.
Language Assistance Available: Español | 繁體中文 | Tiếng Việt | 한국어 | Tagalog | Русский | العربية | Kreyòl Ayisyen | Français | Polski | Português | Italiano | Deutsch | 日本語 | فارسی | English