Sterling Medical Devices & RBC Medical Innovations are combining to create Vantage MedTech! Meet RBC
Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169

FDA’s New Guidance for Cybersecurity in Medical Devices: What it Means for You

Author: Ashish Salunkhe | Date: October 17, 2023

Medical professional on laptop and phone with cybersecurity graphic.

In September 2023, the FDA finalized its medical device cybersecurity guidance for premarket submissions. The updated document, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submission,” details the information that must be submitted to the Center for Devices and Radiological Health (CDRH) or the Center for Biologics Evaluation and Research (CBER) for the premarket evaluation of products that involve cybersecurity risks. The guidance is applicable to any device or piece of software that can connect to the internet and is susceptible to cybersecurity threats, including but not limited to devices containing software or programmable logic.

Designed to keep patients safe and improve public health protection, the FDA cybersecurity requirements document includes pre-market guidance, as well as guidance related to monitoring, identifying, and addressing cybersecurity vulnerabilities in medical devices once they are on the market.

Specifically, the updated FDA cybersecurity guidance addresses the following submission types:

  • 510(k) premarket notifications
  • De Novo requests
  • Premarket Approval (PMA) applications or PMA supplements
  • Product Development Protocols (PDP)
  • Investigational Device Exemptions (IDE)
  • Humanitarian Device Exemptions (HDE)
  • Biologics License Applications (BLA)
  • Investigational New Drug submissions (IND)

In the updated cybersecurity requirements, the FDA included recommendations related to comprehensive medical device cybersecurity risk management, continuous improvement throughout the total product life cycle, and incentivize changing marketed and distributed medical devices to reduce risk.

The FDA continues to make efforts to safeguard the safety and efficacy of medical devices at all points in their lifecycle in the face of possible cyber risks by collaborating with business and other federal government entities.

Cybersecurity is more important than ever in the medical device industry. As the FDA continues to make efforts to safeguard the safety and efficacy of medical devices to combat the growing attack surface, it is imperative that you maintain compliance across all points in your products’ lifecycle.

Here are some best practices to  guide this process:

  • Assess the impact [impact of what?] on the device’s functionality, the impact to the patients, the likelihood of the threat, and the device’s vulnerability to a breach
  • Determine the risk levels, and understand different mitigation strategies for medical device cybersecurity risks
  • Establish a medical device cybersecurity management approach that identifies assets and threats and examines corner cases.
  • Identify and eliminate any elements that could threaten the medical device’s cybersecurity, create vulnerabilities, or present other potential risks associated with each individual medical device

Though the above can seem daunting and overwhelming, it doesn’t have to be. With advanced expertise across the regulatory landscape, Sterling can help you complete the necessary steps to ensure your device meets all FDA cybersecurity requirements—all while keeping the design and development process moving forward without disruption.For more information about how to complete a medical device cybersecurity risk assessment, details about the FDA premarket submission cybersecurity guidelines, help ensuring your FDA premarket submission meets cybersecurity requirements, or guidance on how to protect your device from cyber threats, contact us here.

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.


selection agile development

November 12, 2021

Agile Development in a Medical Device Company Can Save Time and Money

“The Sterling Approach” to medical device design focuses on our customers’ experience -  a critical component is our Agile project management. Agile development in a medical device company is...
Read More >
View More Blogs
5 Mistakes Medical Device Startups Make

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos

April 5, 2023

Sterling Medical Devices Creates Controller to Groundbreaking New Multi-Pump Mechanical Circulatory Support Device

Controller to Power Groundbreaking New Multi-Pump Mechanical Circulatory Support Device Medical Device Need A controller for an implantable heart pump that...
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis