On Friday, January 15, 2016, the U.S. Food and Drug Administration published the “Postmarket Management of Cybersecurity in Medical Devices Draft Guidance,” which recommends that medical device manufacturers proactively monitor and minimize cybersecurity threats to their devices. The FDA’s recommendations include participation in an Information Sharing Analysis Organization, implementation of a robust cybersecurity risk management program, administering improvements during maintenance of devices, and reporting to the FDA any cybersecurity issues “that may compromise the essential clinical performance of a device and present a reasonable probability of serious health consequences or death.” Additionally, the FDA lays out different routes by which manufacturers should assess a product’s vulnerabilities. The FDA is accepting public comments on the draft guidance until April 21, 2016.

Read more about medical device cybersecurity here or read the draft guidance here (PDF).