This draft guidance document is being distributed for comment purposes only.
Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the U.S. and globally. Such cyber attacks and exploits may lead to patient harm as a result of clinical hazards, such as delay in diagnoses and/or treatment.
This guidance document is applicable to devices that contain software (including firmware) or programmable logic, as well as software as a medical device (SaMD). The guidance is not limited to devices that are network-enabled or contain other connected capabilities.
This guidance describes recommendations regarding the cybersecurity information to be submitted for devices under the following premarket submission types:
Premarket Notification (510(k)) submissions
De Novo requests;
Premarket Approval Applications (PMAs) and PMA supplements;
Product Development Protocols (PDPs)
Investigational Device Exemption (IDE) submissions and
Humanitarian Device Exemption (HDE) submissions.
Click on this LINK for more detailed information on this guidance.