The U.S. Food and Drug Administration (FDA) has published a draft guidance to aid medical device manufacturers in postmarket management of device cybersecurity.
Specifically, the draft guidance shares the agency's recommendations for monitoring, identifying, and addressing cybersecurity vulnerabilities in medical devices once they have entered the market, according to the FDA. Consistent with the FDA's Quality System Regulation, companies need to proactively plan for and assess cybersecurity vulnerabilities, the agency said.
The guidance also highlights the importance of participating in an Information Sharing Analysis Organization, a collaborative group in which public and private-sector members share cybersecurity information. In addition, manufacturers should implement a structured and systematic comprehensive cybersecurity risk management program and respond in a timely fashion to vulnerabilities that have been identified, the FDA said.
The draft guidance can be found here. The FDA will accept public comments on the guidance for 90 days.