FDA Recommends Medical Device Manufacturers Implement a Comprehensive Cybersecurity Risk Management Program in Accordance with NIST Standards

American Health Lawyers Association

Kim Tyrrell-Knott, a Member of the Firm, and Shilpa Prem, an Associate, in the Health Care and Life Sciences practice, authored an American Health Lawyers Association Email Alert titled “FDA Recommends Medical Device Manufacturers Implement a Comprehensive Cybersecurity Risk Management Program in Accordance with NIST Standards.”

Following is an excerpt:

Given the evolving nature of potential cybersecurity threats, FDA’s Postmarket Cybersecurity Guidance emphasizes the need to continue to monitor, identify, and address potential cybersecurity risks after a device has been released to the market. To effectively monitor cybersecurity threats, it is important to recognize that information regarding cybersecurity vulnerabilities or attacks may come from non-traditional sources. While patient safety risk are traditionally identified through customer complaints, manufacturer investigations, or postmarket surveillance, intelligence about cybersecurity threats may originate from other industry sectors (e.g., finance or defense) or cybersecurity resources outside the medical device arena. These differences need to be taken into account when the manufacturer develops the postmarket elements of its cybersecurity risk management program.

This article was originally published as an Epstein Becker Green Health Care and Life Sciences Client Alert.