U.S. flag An official website of the United States government
  1. Home
  2. Medical Devices
  3. News & Events (Medical Devices)
  4. Workshops & Conferences (Medical Devices)
  5. Public Workshop - Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 - 01/29/2019 - 01/30/2019
  1. News & Events (Medical Devices)


Event Title
Public Workshop - Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019
January 29-30, 2019

Public Workshop - Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 - 01/29/2019 - 01/30/2019

January 29-30, 2019
January 29, 2019
Event Location
White Oak Campus: The Great Room
The Great Room

10903 New Hampshire Ave
Bldg 31 Conference Center, The Great Room (Rm 1503)
Silver Spring, MD 20993
United States

Digital Location
Organized By:
This workshop will proceed as scheduled even if the Government is in a partial shutdown.

The Food and Drug Administration (FDA) is announcing a public Workshop entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”. The purpose of the workshop is to discuss the newly released draft guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. FDA seeks to bring together diverse stakeholders to discuss, in-depth, the draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” and the sub-topic of the draft guidance regarding a Cybersecurity Bill of Materials (CBOM), which can be a critical element in identifying assets, threats, and vulnerabilities.

The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the US and globally. Such cyberattacks and exploits can delay diagnoses and/or treatment and may lead to patient harm.

Although FDA issued guidance addressing recommendations for device cybersecurity information in premarket submissions in 2014 , the rapidly evolving landscape, and the increased understanding of the threats and their potential mitigations necessitates an updated approach. This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.

Date, Time and Location

This meeting will be held January 29th and January 30th 2019, beginning at 9:00 a.m. – 4:30 p.m. at the following location:

FDA White Oak Campus
10903 New Hampshire Avenue
Bldg. 31, Room 1503 (the Great Room)
Silver Spring, MD, 20993

FDA Campus Information, (e.g., local airports, directions, local hotels, etc.)

The meeting will be webcasted.


Agenda Day 1: January 29, 2019

Time Event
8:30am–9:00am Registration (for pre-registered attendees)
9:00am–9:25am FDA Welcome/Medical Device Cybersecurity State of the Union: Trustworthiness, Transparency and Resilience – A Recipe for Advancing Device Cyber Safety
9:25am–9:30am Meeting Logistics
9:30am–9:40am FDA Leadership Remarks
9:40am–9:50am BREAK
9:50am–10:35am Session I Plenary Panel - Legacy Learnings: Drag of the Past Driving Increased Resilience in the Future
10:35am– 10:50am Medical Device Premarket Guidance Draft Overview
10:50am–11:35am Session II Plenary Panel - Threat Modeling & Systems Approaches
11:35am–12:20pm Session III Plenary Panel - Risk Assessment Approaches & Labeling
12:20pm–1:05pm LUNCH
1:05pm–1:25pm Keynote
1:25pm–2:05pm Session IV Plenary Panel - Transitioning from Implied Trust to Trustworthiness: Authentication, Authorization, and Encryption
2:05pm 2:10pm Move to Breakout
2:10pm–2:55pm Breakout Session: Premarket Guidance Topics Other than CBOM
2:55pm–3:00pm Return from Breakout
3:00pm–3:45pm Session V Plenary Panel - Increasing Transparency, Advancing Protection, and Enabling Timely Response: Cybersecurity Bill of Materials (CBOM)
3:45pm–3:55pm BREAK
3:55pm–4:45pm Breakout Session: CBOM
4:45pm Adjorn

Agenda Day 2: January 30, 2019

Time Event
8:30am–9:00am Registration (for pre-registered attendees)
9:00am–9:30am Welcome, Day 1 Breakout Report Outs,  Recap Day 1
9:30am–10:00am Session VI Plenary Panel - Patient Perspectives: The True Endpoint
10:00am–11am Session VII Plenary Panel: Leveraging Innovation and Collaboration in the Ecosystem to Advance Cyber Safety
11am–11:10am BREAK
11:10am–11:55am Session VIII Plenary Panel - Scoring Vulnerabilities: What’s the clinical context? 
11:55am–12pm CyberMed Safety (Expert) and Analysis Board (CYMSAB) Breakout Framing
12pm–12:05pm Move to Breakout
12:05pm–12:55pm Break Out Session: CYMSAB
12:55pm–1:40pm LUNCH
1:40pm–2:40pm Session IX Plenary Panel - Establishing Trust, Embracing Transparency, Increasing Resilience: Best Practices  & Tools
2:40pm–3:25pm Session X Plenary Panel - Information Sharing: An Evolving Journey
3:25pm–3:35pm BREAK
3:35pm–4:20pm Session XI Plenary Panel - Preparedness and Response: Wanna Cry Again?
4:20pm–4:40pm CYMSAB Breakout Report Out, Workshop Recap, and Closing Remarks



Webcast Archived Links

Day 1

Part 1: https://collaboration.fda.gov/pnpq29drgcss/

Part 2: https://collaboration.fda.gov/p0epitgrbu73/

Part 3: https://collaboration.fda.gov/p8b8jelpyj0d/

Day 2

Part 1: https://collaboration.fda.gov/pfkc5ol7lzno/

Part 2: https://collaboration.fda.gov/p9ox49hoewem/

Part 3: https://collaboration.fda.gov/p69je8amth7a/

Part 4: https://collaboration.fda.gov/p79jdyidctcj/


Contact Us

If you require special accommodations due to a disability, or need additional information regarding registration, please contact Susan Monahan, Office of Communications, Education, and Radiation Programs, Center for Devices and Radiological Health, Food and Drug Administration, 10903 New Hampshire Avenue, Bldg. 32, Silver Spring, MD 20993, 301-796-5661, susan.monahan@fda.hhs.gov.

For questions regarding workshop content please contact:

Aftin Ross
Center for Devices and Radiological Health
Office of the Center Director
Emergency Preparedness/Operations & Medical Countermeasures
White Oak 66, Room 5402 | 10903 New Hampshire Avenue | Silver Spring, MD 20993
Office: 301-796-5679 Cell: (202) 870-0517