Sterling Medical Devices & RBC Medical Innovations are combining to create Vantage MedTech! Meet RBC
Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169

US FDA Recognizes New Cybersecurity Standard UL 2900-2-1

Author: Keith Handler | Date: February 7, 2019

What Does it Mean for the Medical Device Industry?

The current ever-changing landscape of cybersecurity threats and hazards, amongst ransomware campaigns and remote vulnerability cracks, call for medical device manufacturers to better prepare their products for lifetime security. Regulations are pushing manufacturers to ensure that their products stay secure long after they are taken off the shelf, all while keeping in mind new cybersecurity risks might evolve.

This past June, the FDA subtly announced a change in pre-market certification 510(k), the adoption of UL 2900-2-1 to streamline product review. UL standard developments have been a collaborative effort within the industry, most notably in part with the American National Standards Institute (ANSI) guidelines and FDA pre-market and post-market cybersecurity. “UL”, or Underwriters Laboratories, is under the 2900 standards for cybersecurity in network-connectable products. UL 2900-2-1 is specific to the healthcare and medical devices industry. This new standard, though not a mandate, provides a new guideline that could ultimately be the deciding factor to getting medical devices on the shelves and staying there.

Improved Cybersecurity Expectations

The framework offered by UL 2900-2-1 calls for a specialized cybersecurity team to create a mature cybersecurity system with a fully organized holistic approach that complements other standards found within UL 2900. Recommendations for specific analysis and testing techniques note structured penetration testing, evaluation of product source code, and analysis of software bill of materials (SBOM).

These tests provide evidence for actions taken to mitigate cybersecurity vulnerabilities, malware, and software hazards. The expertise of cybersecurity specialists at Sterling, such as in cryptography and multi-platform environment development, ensure that they are well versed in the necessary skills to compose and conduct these systems. Well-developed experience is especially necessary with the addition of more complex methodologies, including static analysis, software composition analysis (SCA), dynamic application security testing (DAST), and interactive application security testing (IAST).

Along with providing this framework, UL 2900-2-1 creates a comprehensive standard of reporting data and records of risk mitigation. The documentation of security controls, lifecycle security processes, and intended use are used for submission to the FDA premarket reviews under the 510(k) Premarket Notification program.

Change Over Time: The New Cybersecurity Mentality

A need for improved cybersecurity standards has been long been put off, despite adverse consequences medical device companies have already faced due to not adequately approaching possible hazards and risks. Global competitors are all now on the move to integrate these guidelines into their development process. However, seeing a clear change in the industry as a whole may take a few more decades. After all, many devices currently used to serve patients today are meant to last a lifetime. Thus, even as new products improve, it will take some time for these products to be integrated into utilization.

Sterling’s intuitive quality system management and remediation services aid in assisting medical device companies into adopting these new standards into their product design and development to increase the efficacy in which this transition occurs. You can learn more about Sterling’s cybersecurity, quality systems, and remediation services here.

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.


Medical professional on the computer analyzing medical device software.

July 14, 2023

Insight on Updated FDA Device Software Guidance

The US Food and Drug Administration (FDA) recently issued a new guidance document: Content of Premarket Submission for Device Software Functions. The revamp of the FDA’s software guidance for...
Read More >
View More Blogs
5 Mistakes Medical Device Startups Make

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos
active drug delivery system

September 8, 2020

Implanted Drug Delivery System

Sterling Medical Devices designed and developed a Class III pain medication delivery system for patients with spinal injuries. The system is comprised of three devices: an implantable pump, a handheld Clinician Programmer, and a handheld Patient Therapy Controller. The pump is surgically implanted into the patient, and the two handheld devices each communicate with the pump when held within close proximity of it....
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis