Part 3/4 of our FDA Refuse to Accept (RTA)Guidance Series With the release of the new FDA “cyber device” RTA guidance, it is now a requirement, enforceable on October 1, 2023, that medical device manufacturers (MDMs) have documentation of all the software components used to build their device, also known…

Part 2/4 of our FDA Refuse to Accept (RTA) Guidance Series The recent FDA “cyber device” Refuse to Accept (RTA) guidance will be enforced starting October 1, 2023. This guidance indicates that manufacturers need to address cybersecurity throughout the product lifecycle, encompassing design and development, production, distribution, and postmarket cybersecurity…

Part 1/4 of our FDA Refuse to Accept (RTA)Guidance Series Starting October 1st 2023, the FDA will begin to reject submissions that don’t detail cybersecurity measures including, for example, plans for how to to address postmarket vulnerabilities, a strategy for disclosure of vulnerabilities, and a software bill of materials (SBOM)…

By Axel Wirth, MedCrypt Chief Security Strategist, and Naomi Schwartz, MedCrypt Senior Director of Cybersecurity Quality and Safety The ‘‘Consolidated Appropriations Act, 2023’’ (H.R. 2617) was passed by the U.S. Senate and signed into law by President Biden on December 29, 2022. The $1.7 trillion omnibus spending bill accomplishes a…

Medical device cybersecurity is a complicated problem that can have an effect on clinical operability, business/finance risk, and patient safety. …

Mike has over 15 years of experience in healthcare, including extensive experience designing and developing medical devices. MedCrypt, Inc. Originally published at https://www.forbes.com on November 22,2022. Connectivity has become ubiquitous in healthcare-and nearly every other industry. Yet healthcare remains consistently the most frequently breached industry. Perhaps this can be attributed…

We need sound, rigorous, scalable methods to estimate cybersecurity risks of the products currently on the market, delivering patient care, today. By Shannon Lantzy, MedCrypt Vice President of Consulting The current standard practice for postmarket/continuous risk management is based on inconsistent estimation of qualitative risks (e.g., “low, medium, or high…

By Mike Kijewski. Originally published at https://www.forbes.com on August 16, 2022 Changes In New Guidance Summary The recently updated FDA premarket cybersecurity guidance outlines technical considerations as it relates to the design and operation of a medical device. …

By Om Mahida, Director of Product at MedCrypt SBOMs (Software Bill of Materials) have come into the spotlight in recent years, especially after the White House released the Cybersecurity Executive Order. This has also been a topic of interest for the FDA, the regulatory body for medical device cybersecurity. …