The U.S. Food and Drug Administration's (FDA's) Center for Devices and Radiological Health (CDRH) has developed a discussion paper, Strengthening Cybersecurity Practices Associated with Servicing of Medical Devices: Challenges and Opportunities, to seek input from groups and individuals outside the FDA on this shared responsibility.

About the Discussion Paper

The FDA is releasing this discussion paper to consider cybersecurity issues that are unique to the servicing of medical medical devices. The concepts presented in this discussion paper are intended to guide discussions among stakeholders about potential challenges and opportunities in cybersecurity and servicing.

The four areas identified in this paper are:

• Privileged access
• Identification of cybersecurity vulnerabilities and incidents
• Prevention and mitigation of cybersecurity vulnerabilities
• Product lifecycle challenges and opportunities.

The FDA is seeking input on each of these topics and on these questions posed at the end of this discussion paper.

1. What are the cybersecurity challenges and opportunities associated with the servicing of medical devices?
2. Are the four areas identified in this white paper the correct cybersecurity priority issues to address in the servicing of medical devices? If not, which areas should be the focus?
3. How can entities that service medical devices contribute to strengthening the cybersecurity of medical devices?

Submitting Comments on the Discussion Paper

As part of its commitment to strong cybersecurity practices, the FDA is sharing Discussion Paper: Strengthening Cybersecurity Practices Associated with Servicing of Medical Devices: Challenges and Opportunities for review and comment.

The FDA encourages stakeholders to provide comments in the Federal Register under docket number FDA-2021-N-0561. The last day to submit comments is September 22, 2021.

Submit Comments