Data Law InsightsEvan D. WolffDavid BodenheimerJohn Fuson

The FDA recently passed down a set of guidelines governing the cybersecurity of medical devices. The guidelines, which are the first of its kind, were issued in response to the FDA’s recognition of the particular security concerns involved in the handling of sensitive medical information. The recommendations vary based on the specific vulnerabilities of each device, and the FDA puts the onus on manufacturers to identify such vulnerabilities and protect against them using increased security controls as necessary at the manufacturing stage. The FDA also incorporates the cybsecurity functions from the NIST Cybersecurity Framework to assist manufacturers in each stage of protection and recovery. Please read the full alert analyzing the guidelines here.