Companies can expect more aggressive cybersecurity reviews of their premarket submissions to FDA. Excerpted from Pathways' Picks November 18: Emergency MDR Meeting, Cyber Updates, and More
Companies who haven’t faced significant cybersecurity-related pushback from FDA during premarket reviews in recent years should expect a different experience next time around, Kevin Fu, who oversaw CDRH’s cybersecurity efforts until earlier this year, warned during his November 15 plenary talk at MedTech Strategist’s Innovation Summit in San Francisco. Submissions coming to the agency even as recently as a year ago may have gotten through with a more cursory cyber review, depending on the expertise of the reviewer, Fu, a University of Michigan device cybersecurity researcher and CDRH’s inaugural acting director of cybersecurity from January 2021 through May 2022, acknowledged. But, he said, “ Your experience is going to change radically this year. That is not how FDA works anymore.” Specifically, Fu told Summit attendees, the device center has made a big effort to train reviewers to perform more consistent cyber-design reviews, including routine requests for threat modeling. “You are not going to have smooth sailing if you choose to divert from the recommendations of the premarket cybersecurity guidance document from FDA,” referring to the 2014 guideline that is currently in the draft stage of a revision.
Trial MyStrategist.com and unlock 7-days of exclusive subscriber-only access to the medical device industry's most trusted strategic publications: MedTech Strategist & Market Pathways. For more information on our demographics and current readership click here.