The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: FDA

  • From Vol. 3 No.6 (Mar. 22, 2017)

    Assessing Regulatory Responsibility When Reporting Postmarket Cybersecurity “Corrections” to the FDA

    Whether you are a technology company venturing into FDA-regulated territory for the first time, or a longstanding member of the FDA-regulated medical device community, recent regulatory developments around cybersecurity may require a shift in your perspective in order to meet FDA expectations. In this guest article, DLA Piper attorneys analyze the FDA’s Postmarket Management of Cybersecurity in Medical Devices guidance, including important definitions, and advise on what postmarket cybersecurity-related product changes may or may not be reportable to the agency. See also “Securing Connected Medical Devices to Ensure Regulatory Compliance and Customer Safety (Part One of Two)” (Mar. 30, 2016); Part Two (Apr. 13, 2016).

    Read Full Article …
  • From Vol. 2 No.8 (Apr. 13, 2016)

    Securing Connected Medical Devices to Ensure Regulatory Compliance and Customer Safety (Part Two of Two)

    “The risks of cybersecurity are being felt more in healthcare-related companies,” Abhishek Agarwal, chief privacy officer for legal and compliance at a major global healthcare company, told The Cybersecurity Law Report, particularly in the area of connected medical devices. Government, industry and outside counsel experts agree that it is essential to evaluate and monitor cybersecurity vulnerabilities and the potential impacts on patient health and safety from the beginning and throughout a product’s lifecycle to mitigate those risks. This second article in our two-part series explores operational best practices and post-market considerations to address medical device cybersecurity, including the new proposed FDA post-market guidance and adding connectivity to existing devices. Part one examined the development and risks of connected devices and recommended pre-market steps companies should take. See also “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things” (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    Securing Connected Medical Devices to Ensure Regulatory Compliance and Customer Safety (Part One of Two)

    Along with many industries, healthcare companies are developing an increasing number of devices with internet and network connectivity. Bringing a medical device to market requires a greater level of scrutiny than other connected products, however, because a cybersecurity breach to one of these devices may be life-threatening. “When we look at the product lifecycle management process, privacy and cybersecurity have to be an essential step that is addressed as an integral product feature,” Abhishek Agarwal, chief privacy officer for legal and compliance at Baxter International, told The Cybersecurity Law Report. With input from outside counsel, in-house counsel and regulators, the first article in this series discusses the development and risks of connected devices and recommends pre-market steps companies should take, including questions to ask during a risk assessment and relevant laws and FDA guidance to consider. The second article will explore post-market considerations including breach response, adding connectivity to existing devices, the new proposed FDA post-market guidance and operational best practices. See also “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things” (May 20, 2015).
    Read Full Article …