FDA Security Guru Kevin Fu: Changes are coming......

Kevin Fu, acting FDA Director for Cybersecurity, one of Healthcare's thought leaders, recently posted a couple of articles, implying security changes are coming to the FDA,

Politico April 8, 2022

FDA FLOATS OVERHAUL OF DEVICE CYBERSECURITY RECOMMENDATIONS — FDA on Thursday published an overhauled draft guidance on medical device cybersecurity considerations when submitting a premarket submission.

The new draft guide, an update to 2018 draft guidance, more explicitly lays out the cybersecurity documents FDA will review when a device premarket submission is sent in for review, according to Kevin Fu, FDA acting director of medical device security. It also eliminates a manufacturer risk tier approach proposed in the former draft guidance in favor of scaling the amount of recommended cybersecurity documentation with a devices’ cybersecurity risk.

“Cybersecurity is a part of device safety and effectiveness,” Fu told POLITICO. “In my view, it'd be difficult to make any kind of security claim if you don't have a sound scientific threat model, followed by cybersecurity risk assessment, which cuts to the clinical risks, and then the software bill of materials, followed by the security architecture and testing.”

UNANNOUNCED INSPECTIONS STILL ON HOLD — FDA is continuing to announce when it will conduct domestic inspections due to the ongoing Covid-19 pandemic, Judith McMeekin, FDA associate commissioner for regulatory affairs, told the Alliance for a Stronger FDA on Wednesday.

“We do announce that for a reason, and it’s for safety issues,” McMeekin said. “We call in advance to make sure that there are no outbreaks at the facility and/or if there are any safety protocols. So that will continue to remain as we are in the pandemic.”

https://www.politico.com/newsletters/prescription-pulse/2022/04/08/cms-sticks-to-its-guns-on-aduhelm-coverage-00023983

Also from Kevin: LinkedIn: This Monday morning, I’ll be providing new updates from FDA on several medical device security matters at the Medical Device Security 101 Conference held jointly by UMN CMDC and U-M Archimedes. https://lnkd.in/dqrAmWZN and secure-medicine.org #fda #security #medicaldevice