The FDA and Medical Device Cybersecurity

May 20, 2022 | News

The FDA and Medical Device CybersecurityWith everything from cars to pacemakers now susceptible to cyberattack, questions about how safe our data is have come to the forefront. The Food and Drug Administration (FDA) is one of the organizations taking these concerns seriously, working to ensure that medical devices are secure against potential cyber threats.

Hospitals and other healthcare providers are a prime target for cyberattacks due to many interconnected medical devices and the sensitive patient data they house. To address this issue, the FDA has issued draft guidance on the remanufacturing of medical devices and a discussion paper on cybersecurity servicing of medical devices.

New Guidance from the FDA

The FDA's primer on medical device cybersecurity guides the industry on how to address large-scale, multi-patient impacts that may raise patient safety concerns. The agency encourages the adoption of coordinated vulnerability disclosure policies by medical device manufacturers to promote medical device cybersecurity and patient safety.

The guidance discusses the importance of coordinated vulnerability disclosure (CVD) policies for medical device manufacturers. CVD policies establish formalized processes for obtaining cybersecurity vulnerability information, assessing vulnerabilities, developing remediation strategies, and disclosing vulnerabilities and remediation approaches to various stakeholders—including peer companies, customers, government regulators, cybersecurity information sharing organizations, and the public.

The discussion paper seeks feedback on various aspects of cybersecurity servicing medical devices, including service providers' roles and responsibilities, device manufacturers' obligations, and training and certification requirements for service personnel. The FDA requests comment on both the draft guidance and discussion paper by July 17.

Keeping Medical Devices Safe

In response to these developments from the FDA, MEDIcept is committed to protecting your devices and data from cyberattacks with expertise and tools that help you proactively address potential vulnerabilities before they can be exploited. We understand the importance of keeping your devices and data safe and secure, and we will continue to work hard to ensure that our products meet or exceed the highest security standards.

MEDIcept is a trusted provider of solutions that you can rely on when it comes to cybersecurity. With decades of experience in the medical device industry, MEDIcept is uniquely qualified to help you navigate complex regulatory pathways and reduce your business risk. We offer a range of services, including:

  • Clinical research
  • Engineering support
  • Quality management
  • Regulatory compliance

No matter your specific needs, MEDIcept will work with you to develop a customized solution that fits your business. With a proven track record of success and a 90% retention rate among our clients, you can trust that partnering with MEDIcept will help you achieve your goals.

If you're concerned about your medical devices and data safety, be sure to get in touch with MEDIcept. We are cybersecurity and medical device experts and can help you protect your devices and data from cyberattacks. To learn more about MEDIcepts services, visit or contact us directly. We would be happy to discuss our services with you and answer any questions about how we can improve your cybersecurity.


MEDIcept … Trusted Solutions, Rapid Response …


About Us

MEDIcept is an international consulting firm offering a full portfolio of services to the medical device and IVD industry. For over 25 years, our unique consulting practice and multidisciplinary team of former FDA, Notified Body, and industry experts have assisted hundreds of companies of all sizes with innovative, compliant, trusted, and cost-effective Regulatory, Quality, Clinical, and Engineering solutions.

For additional information, please contact Susan Reilly at