Discover your next big idea for life sciences at PACK EXPO Las Vegas
Experience a breakthrough in life sciences packaging—explore solutions from 2,300 suppliers spanning all industries, all in one place this September

FDA Debunks Cybersecurity Myths

The FDA’s senior program manager for medical device cybersecurity weighs in on 4 common medical device regulatory myths.

FDA Debunks Med Device Cybersecurity Myths
FDA Debunks Med Device Cybersecurity Myths

A recent article from FierceHealthcare referenced a speech from Seth Carmody, senior program manager for medical device cybersecurity at the FDA, in which he addressed common misconceptions regarding medical device security. Here’s a summary:

Myth: The FDA is solely responsible for medical device cybersecurity.

Truth: Several agencies are responsible including the Department of Homeland Security and the Department of Health and Human Services.

 

Myth: Medical device manufacturers can’t issue updates or cybersecurity fixes without FDA approval.

Truth: Manufacturers can apply routine cybersecurity updates at any time for any reason without FDA approval. But, according to the FDA’s premarket guidance, security updates that could cause adverse health consequences are not considered “routine”.

 

Myth: The FDA tests medical devices for cybersecurity vulnerabilities.

Truth: The FDA doesn’t test devices at all. FDA’s guidance states, “postmarket cybersecurity information may originate from an array of sources including independent security researchers, in-house testing, suppliers of software or hardware technology, health care facilities, and information sharing and analysis organizations.”

 

Myth: Healthcare organizations can’t patch or update a device for cybersecurity reasons.

Truth: The FDA prefers a collaborative approach to device updates, but organizations can issue patches or updates on their own if they assume responsibility and understand the risks.

 

List: Digitalization Companies From PACK EXPO
Looking for CPG-focused digital transformation solutions? Download our editor-curated list from PACK EXPO featuring top companies offering warehouse management, ERP, digital twin, and MES software with supply chain visibility and analytics capabilities—all tailored specifically for CPG operations.
Download Now
List: Digitalization Companies From PACK EXPO
FDA warning letters surge - is your team prepared?
New guide reveals expert strategies to prevent regulatory issues and respond effectively to FDA enforcement actions in pharmaceutical and medical device manufacturing.
Read More
FDA warning letters surge - is your team prepared?