U.S. flag An official website of the United States government
  1. Home
  2. Regulatory Information
  3. Search for FDA Guidance Documents
  4. Postmarket Management of Cybersecurity in Medical Devices
  1. Regulatory Information

GUIDANCE DOCUMENT

Postmarket Management of Cybersecurity in Medical Devices Guidance for Industry and Food and Drug Administration Staff December 2016

Final

Postmarket Management of Cybersecurity in Medical Devices

Docket Number:
FDA-2015-D-5105
Issued by:
Guidance Issuing Office
Center for Devices and Radiological Health

The Food and Drug Administration (FDA) is issuing this guidance to inform industry and FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices. In addition to the specific recommendations contained in this guidance, manufacturers are encouraged to address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device. A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats. The exploitation of vulnerabilities may represent a risk to health and typically requires continual maintenance throughout the product life cycle to assure an adequate degree of protection against such exploits. Proactively addressing cybersecurity risks in medical devices reduces the overall risk to health.


Submit Comments

You can submit online or written comments on any guidance at any time (see 21 CFR 10.115(g)(5))

If unable to submit comments online, please mail written comments to:

Division of Dockets Management (HFA- 305)
Food and Drug Administration
5630 Fishers Lane, Rm. 1061
Rockville, MD 20852

All written comments should be identified with this document's docket number: FDA-2015-D-5105.