Postmarket Management of Cybersecurity in Medical Devices
- Docket Number:
- Issued by:
Guidance Issuing OfficeCenter for Devices and Radiological Health
The Food and Drug Administration (FDA) is issuing this guidance to inform industry and FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices. In addition to the specific recommendations contained in this guidance, manufacturers are encouraged to address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device. A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats. The exploitation of vulnerabilities may represent a risk to health and typically requires continual maintenance throughout the product life cycle to assure an adequate degree of protection against such exploits. Proactively addressing cybersecurity risks in medical devices reduces the overall risk to health.
You can submit online or written comments on any guidance at any time (see 21 CFR 10.115(g)(5))
If unable to submit comments online, please mail written comments to:
Division of Dockets Management (HFA- 305)
Food and Drug Administration
5630 Fishers Lane, Rm. 1061
Rockville, MD 20852
All written comments should be identified with this document's docket number: FDA-2015-D-5105.