Cybersecurity, Privacy, & AI

Trending Now

Daybreak Is OpenAI’s Answer to the AI Arms Race in Cybersecurity • Cyber Operations Aren’t Slow — Our Thinking Is • ‘No Time to Waste’ in Prepping Governments for AI Cyber Threats, Top Dem Lawmaker Says • ‘Insatiable Appetite’ for AI: Maven Usage Surged for Strikes on Iran, Pentagon AI Chief Says • Navigating Automation, Robotics, AI, and Data in a QMSR-Driven Manufacturing World

Published on September 18, 2018 • Cyber

FDA Should Further Integrate Its Review of Cybersecurity Into the Premarket Review Process for Medical Devices

The Department of Health and Human Services Office of Inspector General says the Food and Drug Administration should further integrate cybersecurity considerations into the pre-market review process for medical devices. FDA reviewers consider known cybersecurity risks and threats when reviewing submissions and apply that knowledge to devices that display similar risk profiles. FDA reviewers also look for cybersecurity documentation in the submissions, and often request additional information from manufacturers when submissions lack sufficient cybersecurity documentation or when clarification is needed.

However, OIG found that FDA could further integrate cybersecurity into its overall review process. For example, FDA’s “Refuse-To-Accept” checklists, which the agency uses to screen submissions for completeness, do not include checks for cybersecurity information. Also, FDA’s “Smart” template, which FDA uses to guide its reviews of submissions, does not prompt FDA reviewers with specific cybersecurity questions to consider and also lacked a dedicated section for recording the results of the cybersecurity review.

HHS-OIG-FDACybersecurityMedicalDevices

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.